Edit tour

Windows Analysis Report
SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Overview

General Information

Sample name:	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe
Analysis ID:	1538211
MD5:	b6e0db27c2b3e62db616b0918a5d8ed8
SHA1:	66c5afcaad55cedfd8fb6d056c1a34802f52969e
SHA256:	1d177ff8ed3a7f17c5e5e4ecebcee3f26f360658bca2e8ad808bd270d1f492de
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Yara detected Ncat Network tool

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Potential time zone aware malware

Program does not show much activity (idle)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.TROJ_FR.26501A77.11990.exe (PID: 6240 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe" MD5: B6E0DB27C2B3E62DB616B0918A5D8ED8)

conhost.exe (PID: 6216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1687490416.00000000006D6000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security
00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security
Process Memory Space: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe PID: 6240	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.SecuriteInfo.com.TROJ_FR.26501A77.11990.exe.580000.0.unpack	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security
0.2.SecuriteInfo.com.TROJ_FR.26501A77.11990.exe.580000.0.unpack	JoeSecurity_Ncat	Yara detected Ncat Network tool	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 93.9% probability

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005B4E20 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,

0_2_005B4E20

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068E1C3 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__sopen_s,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,		0_2_0068E1C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0067E23D _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,		0_2_0067E23D

Networking

Yara detected Ncat Network tool

Source: Yara match	File source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe, type: SAMPLE
Source: Yara match	File source: 0.0.SecuriteInfo.com.TROJ_FR.26501A77.11990.exe.580000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.TROJ_FR.26501A77.11990.exe.580000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1687490416.00000000006D6000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe PID: 6240, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005A68F0 _memset,__WSAFDIsSet,send,_free,__WSAFDIsSet,recv,WSAGetLastError,closesocket,

0_2_005A68F0

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: http://nmap.org/ncat
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: http://nmap.org/ncat/.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: http://nmap.org/ncat/.nsComment%02Xp
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: http://nmap.org/ncat5.59BETA1Version
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: http://www.openssl.org/support/faq.html

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005F0280 GetVersion,CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,

0_2_005F0280

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0066B46A	0_2_0066B46A
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00590120	0_2_00590120
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058A1E0	0_2_0058A1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D81A0	0_2_005D81A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00584257	0_2_00584257
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00584247	0_2_00584247
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068C252	0_2_0068C252
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005922DF	0_2_005922DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00586290	0_2_00586290
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006742AD	0_2_006742AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0069232A	0_2_0069232A
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058A3E0	0_2_0058A3E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005C2390	0_2_005C2390
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00590550	0_2_00590550
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058851C	0_2_0058851C
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005925C0	0_2_005925C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D8650	0_2_005D8650
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005866C0	0_2_005866C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006827A8	0_2_006827A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005908DD	0_2_005908DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00660960	0_2_00660960
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005C2950	0_2_005C2950
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00588900	0_2_00588900
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005C2927	0_2_005C2927
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058C986	0_2_0058C986
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005B2A70	0_2_005B2A70
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0067EB60	0_2_0067EB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058EB55	0_2_0058EB55
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D4C30	0_2_005D4C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00592CD0	0_2_00592CD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D8C80	0_2_005D8C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00590D78	0_2_00590D78
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00588D20	0_2_00588D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00586DE0	0_2_00586DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00592DBB	0_2_00592DBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00592E71	0_2_00592E71
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00690E2E	0_2_00690E2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058EEB8	0_2_0058EEB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068CF6E	0_2_0068CF6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058EF63	0_2_0058EF63
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058CFF9	0_2_0058CFF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00592F9B	0_2_00592F9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058D0FA	0_2_0058D0FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068F262	0_2_0068F262
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058D276	0_2_0058D276
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F2A4	0_2_0058F2A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00589340	0_2_00589340
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058B330	0_2_0058B330
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F3DE	0_2_0058F3DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D3400	0_2_005D3400
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006754DD	0_2_006754DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F492	0_2_0058F492
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005B3550	0_2_005B3550
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00581540	0_2_00581540
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058756C	0_2_0058756C
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00587500	0_2_00587500
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00595580	0_2_00595580
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005B5650	0_2_005B5650
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00587640	0_2_00587640
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005956C0	0_2_005956C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005A96F0	0_2_005A96F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00685694	0_2_00685694
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F756	0_2_0058F756
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068B775	0_2_0068B775
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00587770	0_2_00587770
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F7D1	0_2_0058F7D1
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058B7C0	0_2_0058B7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005897F0	0_2_005897F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F79B	0_2_0058F79B
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00595833	0_2_00595833
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005EF8C0	0_2_005EF8C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006678D0	0_2_006678D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0059389D	0_2_0059389D
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058F961	0_2_0058F961
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005959F2	0_2_005959F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0059398D	0_2_0059398D
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005D19B0	0_2_005D19B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058FA52	0_2_0058FA52
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00593A69	0_2_00593A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058FA33	0_2_0058FA33
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058BA80	0_2_0058BA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068BCE0	0_2_0068BCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00585D00	0_2_00585D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00583E57	0_2_00583E57
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00587EFB	0_2_00587EFB
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_00589E80	0_2_00589E80

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005D7220 appears 45 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005C3D00 appears 115 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005C3640 appears 177 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 00677790 appears 52 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 00581258 appears 84 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005F5550 appears 47 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005D6CF0 appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 0058115E appears 265 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005810EB appears 57 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005E5820 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 00667226 appears 167 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 00668E50 appears 254 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005AE230 appears 47 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: String function: 005C5630 appears 45 times

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.spre.evad.winEXE@2/1@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6216:120:WilError_03

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

ReversingLabs: Detection: 36%

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: -h, --help Display this help screen
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: -h, --help Display this help screen
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.Unrecognised option.socks4Invalid proxy type "%s".Proxy type (--proxy-type) specified without proxy address (--proxy).-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.Could not resolve source address %s.You must specify a host to connect to.Could not resolve hostname %s.Got more than one port specification: %d. QUITTING.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: Try `--help' or man(1) ncat for more information, usage options and help.Unrecognised option.socks4Invalid proxy type "%s".Proxy type (--proxy-type) specified without proxy address (--proxy).-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.Could not resolve source address %s.You must specify a host to connect to.Could not resolve hostname %s.Got more than one port specification: %d. QUITTING.
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: set-addPolicy
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: :%d[HEX DUMP]:-00BAD INTEGERBAD ENUMERATED(unknown).\crypto\asn1\a_mbstr.c%ldminsize=maxsize='()+,-./:=?setAttr-CertsetAttr-PGWYcappayment gateway capabilitiessetAttr-TokenTypesetAttr-IssCapissuer capabilitiesset-rootKeyThumbset-addPolicysetAttr-Token-EMVsetAttr-Token-B0PrimesetAttr-IssCap-CVMsetAttr-IssCap-T2setAttr-IssCap-SigsetAttr-GenCryptgrmgenerate cryptogramsetAttr-T2Encencrypted track 2setAttr-T2cleartxtcleartext track 2setAttr-TokICCsigICC or token signaturesetAttr-SecDevSigsecure device signatureset-brand-IATA-ATAset-brand-Dinersset-brand-AmericanExpressset-brand-JCBset-brand-Visaset-brand-MasterCardset-brand-NovusDES-CDMFdes-cdmfrsaOAEPEncryptionSETITU-Titu-tJOINT-ISO-ITU-Tjoint-iso-itu-tinternational-organizationsInternational OrganizationsmsSmartcardLoginMicrosoft SmartcardloginmsUPNMicrosoft Universal Principal NameAES-128-CFB1aes-128-cfb1AES-192-CFB1aes-192-cfb1AES-256-CFB1aes-256-cfb1AES-128-CFB8aes-128-cfb8AES-192-CFB8aes-192-cfb8AES-256-CFB8aes-256-cfb8DES-CFB1des-cfb1DES-CFB8des-cfb8DES-EDE3-CFB1des-ede3-cfb1DES-EDE3-CFB8des-ede3-cfb8streetstreetAddresspostalCodeid-pplproxyCertInfoProxy Certificate Informationid-ppl-anyLanguageAny languageid-ppl-inheritAllInherit allnameConstraintsX509v3 Name Constraintsid-ppl-independentIndependentRSA-SHA256sha256WithRSAEncryptionRSA-SHA384sha384WithRSAEncryptionRSA-SHA512sha512WithRSAEncryptionRSA-SHA224sha224WithRSAEncryptionSHA256sha256SHA384sha384SHA512sha512SHA224sha224identified-organizationcerticom-arcwapwap-wsgid-characteristic-two-basisonBasistpBasisppBasisc2pnb163v1c2pnb163v2c2pnb163v3c2pnb176v1c2tnb191v1c2tnb191v2c2tnb191v3c2onb191v4c2onb191v5c2pnb208w1c2tnb239v1c2tnb239v2c2tnb239v3c2onb239v4c2onb239v5c2pnb272w1c2pnb304w1c2tnb359v1c2pnb368w1c2tnb431r1secp112r1secp112r2secp128r1secp128r2secp160k1secp160r1secp160r2secp192k1*
Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	String found in binary or memory: id-cmc-addExtensions

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe "C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Section loaded: apphelp.dll

Jump to behavior

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static file information: File size 1837568 > 1048576

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x154400

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005A4DA0 GetSystemDirectoryA,LoadLibraryA,FreeLibrary,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,

0_2_005A4DA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058D5D7 push eax; retf	0_2_0058D5D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0058D5BE push eax; retf	0_2_0058D5D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006777D5 push ecx; ret	0_2_006777E8

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005EF8C0 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,

0_2_005EF8C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_00581D74 rdtsc

0_2_00581D74

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-63571

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_0-63236

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

API coverage: 3.4 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	System information queried: CurrentTimeZoneInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	System information queried: CurrentTimeZoneInformation			Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0068E1C3 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__sopen_s,__fstat32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,		0_2_0068E1C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_0067E23D _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,		0_2_0067E23D

Source: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe, 00000000.00000002.1689366580.0000000000C7E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

API call chain: ExitProcess graph end node

graph_0-63237

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_00581D74 rdtsc

0_2_00581D74

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0066C4AC IsDebuggerPresent,

0_2_0066C4AC

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0067174E EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_0067174E

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005A4DA0 GetSystemDirectoryA,LoadLibraryA,FreeLibrary,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,

0_2_005A4DA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0068AF57 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_0068AF57

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006771E1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_006771E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_006771B0 SetUnhandledExceptionFilter,		0_2_006771B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0066C168 cpuid

0_2_0066C168

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,	0_2_00688C8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: EnumSystemLocalesW,	0_2_00688EFE
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_00688F5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_00688FD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,	0_2_0068905A
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,	0_2_0068924F
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00689379
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	0_2_00689426
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	0_2_006894FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: EnumSystemLocalesW,	0_2_0068989F
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: GetLocaleInfoW,	0_2_00689925
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_00689C60

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_005A57B0 CreatePipe,GetLastError,CreateNamedPipeA,GetLastError,CloseHandle,CloseHandle,CloseHandle,CreateFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,SetHandleInformation,SetHandleInformation,SetHandleInformation,_memset,GetStdHandle,CreateProcessA,GetLastError,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,

0_2_005A57B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0066D83D GetSystemTimeAsFileTime,__aulldiv,GetTimeZoneInformation,__aulldiv,__aullrem,__aulldiv,__invoke_watson,

0_2_0066D83D

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Code function: 0_2_0067F33F __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_0067F33F

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

0_2_005F0280

Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005B0520 _perror,setsockopt,setsockopt,bind,setsockopt,setsockopt,	0_2_005B0520
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005AC4E0 _fprintf,__vfwprintf_p,_fprintf,_perror,bind,connect,WSAGetLastError,WSAGetLastError,WSAGetLastError,bind,WSAGetLastError,	0_2_005AC4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	Code function: 0_2_005ABEC0 listen,	0_2_005ABEC0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	2 Process Injection	OS Credential Dumping	12 System Time Discovery	Remote Services	1 Screen Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	3 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	41 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	37%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label	Link
http://www.openssl.org/support/faq.html	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://nmap.org/ncat5.59BETA1Version	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	false		unknown
http://nmap.org/ncat	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	false		unknown
http://nmap.org/ncat/.	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	false		unknown
http://www.openssl.org/support/faq.html	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538211
Start date and time:	2024-10-20 20:30:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe
Detection:	MAL
Classification:	mal56.spre.evad.winEXE@2/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 84% Number of executed functions: 7 Number of non-executed functions: 289
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Process:	C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	56
Entropy (8bit):	4.300147279309247
Encrypted:	false
SSDEEP:	3:3dDGMDcFsYWryLhQSQoy:MC0sYSyVA
MD5:	5814D1D7097AC72F7F04C947EDBD9D30
SHA1:	BECCC464E0800548E244B3E27BDDB55681121C37
SHA-256:	F9F83D02905C137560C5B3F508CBACB9BED0D7A43316FCA9A2F522215F7DAA60
SHA-512:	955177008AF25CF4140A612EFBB204394CF34D8B40FD23CD0CB21F464FA8F3BD9FB9E4A07C73374D6673E38E84A93FC082FF88722DA1A2C22286B7BF18175DB6
Malicious:	false
Reputation:	low
Preview:	Ncat: You must specify a host to connect to. QUITTING...

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	5.994294616120263
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.TROJ_FR.26501A77.11990.exe
File size:	1'837'568 bytes
MD5:	b6e0db27c2b3e62db616b0918a5d8ed8
SHA1:	66c5afcaad55cedfd8fb6d056c1a34802f52969e
SHA256:	1d177ff8ed3a7f17c5e5e4ecebcee3f26f360658bca2e8ad808bd270d1f492de
SHA512:	e99600633a28f9812f0a1e631326310429ec6f11ea773c7255544164a135a76910f8325f5eac86551cc97d5f6701640b5f889e3056cc5aa60d00eaf4bdf258db
SSDEEP:	49152:XB10saFtVM9UHfj96y/Y0ZRPzQOBzY7Sj:Xb0s59UHfJ6uvZQ
TLSH:	E5859D03FBC196B2E8E3427952BB577E4E3AB9209329D4C3C791286689316D0673F3D5
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ha.............)........[.......[.......[.......q......j.......j................q..b....q.......[.......q......Rich...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4ec4a2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x55A6900A [Wed Jul 15 16:53:30 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ac615fb1d93576fa3c26077a619c9144

Entrypoint Preview

Instruction
call 00007FE0D48FFE02h
jmp 00007FE0D48EE32Ah
push ebp
mov ebp, esp
call dword ptr [005B8228h]
push 00000001h
mov dword ptr [005B56A4h], eax
call 00007FE0D48FFF11h
push dword ptr [ebp+08h]
call 00007FE0D48F920Dh
cmp dword ptr [005B56A4h], 00000000h
pop ecx
pop ecx
jne 00007FE0D48EE4FAh
push 00000001h
call 00007FE0D48FFEF7h
pop ecx
push C0000409h
call 00007FE0D48F91DBh
pop ecx
pop ebp
ret
push ebp
mov ebp, esp
sub esp, 00000324h
push 00000017h
call 00007FE0D4914CCCh
test eax, eax
je 00007FE0D48EE4F7h
push 00000002h
pop ecx
int 29h
mov dword ptr [005B5488h], eax
mov dword ptr [005B5484h], ecx
mov dword ptr [005B5480h], edx
mov dword ptr [005B547Ch], ebx
mov dword ptr [005B5478h], esi
mov dword ptr [005B5474h], edi
mov word ptr [005B54A0h], ss
mov word ptr [005B5494h], cs
mov word ptr [005B5470h], ds
mov word ptr [005B546Ch], es
mov word ptr [005B5468h], fs
mov word ptr [005B5464h], gs
pushfd
pop dword ptr [005B5498h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [005B548Ch], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [005B5490h], eax
lea eax, dword ptr [ebp+08h]

Rich Headers

Programming Language:

[C++] VS2013 build 21005
[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[ASM] VS2013 UPD3 build 30723
[ C ] VS2013 UPD3 build 30723
[C++] VS2013 UPD3 build 30723
[RES] VS2013 build 21005
[LNK] VS2013 UPD3 build 30723

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1b842c	0x78	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1ba000	0x43c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1bb000	0xc6a4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1985f8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1b8000	0x42c	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1543f6	0x154400	8a11183daa3331cc6ce654749a2d039d	False	0.39863266899338723	data	5.846162128662314	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x156000	0x4fe44	0x50000	2c9fde00ff9ba890cc16df1247680b46	False	0.3447845458984375	DIY-Thermocam raw data (Lepton 3.x), scale -769--1, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 40564819207303340847894502572032.000000	4.985946627875366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a6000	0x11ae4	0xc200	d467208be763259858fecc16bc19d1e0	False	0.3944909793814433	data	4.47508519977061	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x1b8000	0x15fb	0x1600	1f8588effbbd4ed22728575360fda257	False	0.34375	data	4.758473549871633	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1ba000	0x43c	0x600	f2c6932e6f1eeab3ad48532457f3b41c	False	0.18294270833333334	data	2.1429708819311997	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1bb000	0xe21b	0xe400	3b757d50aef64c8e43cbf1da4516ef42	False	0.5560067160087719	GLS_BINARY_LSB_FIRST	6.232107414513081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x1ba170	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
WS2_32.dll	WSASocketA, ioctlsocket, getsockname, sendto, getsockopt, WSAStartup, gethostname, ntohl, bind, socket, setsockopt, recvfrom, listen, connect, WSAEventSelect, WSACreateEvent, WSACloseEvent, shutdown, WSAGetLastError, WSASetLastError, getservbyname, getservbyport, gethostbyname, gethostbyaddr, select, recv, ntohs, inet_ntoa, inet_addr, htons, htonl, send, getpeername, closesocket, accept, __WSAFDIsSet
ADVAPI32.dll	CryptAcquireContextA, CryptGenRandom, ReportEventA, RegisterEventSourceA, DeregisterEventSource, CryptReleaseContext
USER32.dll	GetDesktopWindow, MessageBoxA, GetUserObjectInformationW, GetProcessWindowStation
GDI32.dll	DeleteObject, GetBitmapBits, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, BitBlt, GetDeviceCaps, SelectObject, DeleteDC, GetObjectA
KERNEL32.dll	EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, GetStringTypeW, ReadConsoleW, RaiseException, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetDriveTypeW, GetDateFormatW, FindClose, GetFileAttributesExW, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, CreateFileW, SetFilePointerEx, RtlUnwind, GetTimeFormatW, CompareStringW, LCMapStringW, SetEnvironmentVariableA, HeapSize, CreateSemaphoreW, GetModuleHandleW, GetStartupInfoW, TlsFree, SetEndOfFile, FileTimeToLocalFileTime, GetFileInformationByHandle, GetFullPathNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameA, FindFirstFileA, FindFirstFileExW, GetVersion, GetSystemDirectoryA, FreeLibrary, GetProcAddress, LoadLibraryA, GetStdHandle, CreateFileA, ReadFile, WriteFile, CloseHandle, SetHandleInformation, GetLastError, CreatePipe, GetOverlappedResult, ResetEvent, ReleaseMutex, WaitForSingleObject, CreateMutexA, ExitProcess, TerminateProcess, GetExitCodeProcess, CreateThread, CreateProcessA, WaitForMultipleObjects, CreateNamedPipeA, GetModuleFileNameA, GetModuleHandleA, DuplicateHandle, GetCurrentProcess, FormatMessageA, Sleep, SetStdHandle, PeekNamedPipe, GetFileType, GetCurrentThreadId, FindNextFileA, MultiByteToWideChar, QueryPerformanceCounter, GetCurrentProcessId, GetTickCount, GetVersionExA, GlobalMemoryStatus, FlushConsoleInputBuffer, SetLastError, GetModuleFileNameW, GetModuleHandleExW, WriteConsoleW, HeapFree, EnterCriticalSection, LeaveCriticalSection, EncodePointer, DecodePointer, AreFileApisANSI, WideCharToMultiByte, SetConsoleCtrlHandler, HeapAlloc, GetConsoleCP, GetConsoleMode, IsProcessorFeaturePresent, GetCommandLineA, IsDebuggerPresent, HeapReAlloc, GetSystemTimeAsFileTime, GetTimeZoneInformation, GetNumberOfConsoleInputEvents, PeekConsoleInputA, ReadConsoleInputA, SetConsoleMode, OutputDebugStringW, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCurrentThread, GetProcessHeap, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	14:30:58
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.TROJ_FR.26501A77.11990.exe"
Imagebase:	0x580000
File size:	1'837'568 bytes
MD5 hash:	B6E0DB27C2B3E62DB616B0918A5D8ED8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ncat, Description: Yara detected Ncat Network tool, Source: 00000000.00000000.1687490416.00000000006D6000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Ncat, Description: Yara detected Ncat Network tool, Source: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:30:58
Start date:	20/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	24%
Total number of Nodes:	537
Total number of Limit Nodes:	20

Executed Functions

Function 005AC4E0 Relevance: 30.3, APIs: 11, Strings: 6, Instructions: 525
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fprintf.LIBCMT ref: 005AC596
__vfwprintf_p.LIBCMT ref: 005AC5AE
_perror.LIBCMT ref: 005AC5F6

Part of subcall function 005B2A50: WSASocketA.WS2_32(00000000,?,?,00000000,00000000,00000000), ref: 005B2A62

bind.WS2_32(00000000,007323D8,?), ref: 005AC651
connect.WS2_32(00000000,00732460,?), ref: 005AC66C
WSAGetLastError.WS2_32(?,00000002,00000002), ref: 005AC677
WSAGetLastError.WS2_32(?,00000002,00000002), ref: 005AC683
WSAGetLastError.WS2_32(?,00000002,00000002), ref: 005AC69A
_fprintf.LIBCMT ref: 005AC5C4

Part of subcall function 005B2120: _malloc.LIBCMT ref: 005B212B

Strings

bind to %s:%hu: %s., xrefs: 005AC6C8, 005AC7D8
Ncat, xrefs: 005AC583
%s: , xrefs: 005AC588
QUITTING., xrefs: 005AC5B6
Listening on %s:%hu, xrefs: 005AC79C
Bad number of routes passed to buildsrcrte()., xrefs: 005AC549

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$_fprintf$Socket__vfwprintf_p_malloc_perrorbindconnect
String ID: QUITTING.$%s: $Bad number of routes passed to buildsrcrte().$Listening on %s:%hu$Ncat$bind to %s:%hu: %s.
API String ID: 1806532919-3297021631
Opcode ID: 175b60f10709e586c05a9fff0691586d56b19f45eb5a6e4fc1bad1c6bcea9cb6
Instruction ID: b233277057494e0e83de2aefe493f1d6d784cefabd0e6105be9c4c10b82437e5
Opcode Fuzzy Hash: 175b60f10709e586c05a9fff0691586d56b19f45eb5a6e4fc1bad1c6bcea9cb6
Instruction Fuzzy Hash: E1918EB29002066BEB10ABB89C46ABE7F5DFF46324F144065FC44D7382E675ED4183A6

Function 0066D83D Relevance: 10.6, APIs: 7, Instructions: 120
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,?), ref: 0066D8B9
__aulldiv.LIBCMT ref: 0066D8D3
__aulldiv.LIBCMT ref: 0066D964
__aullrem.LIBCMT ref: 0066D972
__aulldiv.LIBCMT ref: 0066D990

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __aulldiv$Time$FileSystem__aullrem__getptd_noexit
String ID:
API String ID: 2101487081-0
Opcode ID: a9826a1b779c80d45889fd60de2f4e6243f23c85a3f9128aaebe8b4896dbd53b
Instruction ID: bfaa588d0eab40974987c0005a2d753a965361de8faed1e35a0c5894f60c2f5b
Opcode Fuzzy Hash: a9826a1b779c80d45889fd60de2f4e6243f23c85a3f9128aaebe8b4896dbd53b
Instruction Fuzzy Hash: 2D417F71E10314ABEB64EF649C85BAA73BAEB48700F1085ADE509D7281D774A940CB69

Function 005A7A60 Relevance: 167.3, APIs: 12, Strings: 83, Instructions: 1041networkCOMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A7FD5
_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58
htons.WS2_32(?), ref: 005A8B5F
htons.WS2_32(?), ref: 005A8B7C
_strspn.LIBCMT ref: 005A8BF4
__wcstoi64.LIBCMT ref: 005A8CAC
htons.WS2_32(00000002), ref: 005A8CFB

Strings

`$s, xrefs: 005A8D29
deny, xrefs: 005A7D8C, 005A868D
w, xrefs: 005A7EC6
Invalid proxy type "%s"., xrefs: 005A8A2A, 005A8AAF
Got more than one port specification:, xrefs: 005A8E20
%s %s ( %s ), xrefs: 005A8E9C
v, xrefs: 005A7EA2
ssl-verify, xrefs: 005A7F89, 005A87C8
`$s, xrefs: 005A8927
proxy, xrefs: 005A7EF0, 005A8404
`$s, xrefs: 005A8D4C
http, xrefs: 005A8970, 005A8985, 005A8A7E
allowfile, xrefs: 005A7DEC, 005A8635
$s, xrefs: 005A8D30
http://nmap.org/ncat, xrefs: 005A8E8D
G, xrefs: 005A7B42
The --ssl-trustfile option may be given only once., xrefs: 005A8852
UDP mode does not support SSL., xrefs: 005A8D8B
i, xrefs: 005A7C7E
`$s, xrefs: 005A894C
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
h, xrefs: 005A7BCE
socks4, xrefs: 005A89C8
Invalid port number "%s"., xrefs: 005A8CDA
l, xrefs: 005A7C12
You can't specify more than one --proxy-type., xrefs: 005A84A1
$s, xrefs: 005A8D24
Ncat, xrefs: 005A8E97
Unrecognised option., xrefs: 005A889E
ssl-cert, xrefs: 005A7F53, 005A8723
proxy-type, xrefs: 005A7F10, 005A8462
udp, xrefs: 005A7E2C
listen, xrefs: 005A7BFC
broker, xrefs: 005A7D38, 005A8523
You must specify a host to connect to., xrefs: 005A8C56
m, xrefs: 005A7BAE
s, xrefs: 005A7D0A
`%s, xrefs: 005A8940
k, xrefs: 005A7C9E
g, xrefs: 005A7B1E
t, xrefs: 005A7E22
denyfile, xrefs: 005A7DAC, 005A86D7
ssl-trustfile, xrefs: 005A7F99, 005A8812
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A7FCB, 005A88B9
4, xrefs: 005A7ABA
e, xrefs: 005A7B66
u, xrefs: 005A7E42
ssl-key, xrefs: 005A7F75, 005A8778
Vh<&s, xrefs: 005A8BAF
d, xrefs: 005A7BF2
`%s, xrefs: 005A8D58
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8D5D
proxy-auth, xrefs: 005A7F27, 005A84C3
0123456789, xrefs: 005A8BEC
You can't specify more than one --proxy., xrefs: 005A843D
sctp, xrefs: 005A7E4C
n, xrefs: 005A7EE6
allow, xrefs: 005A7DCC, 005A85E1
talk, xrefs: 005A7D70, 005A85AD
%d, xrefs: 005A8E42
Proxy type (--proxy-type) specified without proxy address (--proxy)., xrefs: 005A8A6B
5.59BETA1, xrefs: 005A8E92
Could not resolve hostname %s., xrefs: 005A8C38
6, xrefs: 005A7ADA
c, xrefs: 005A7B8A
x, xrefs: 005A7C5A
`$s, xrefs: 005A893B
chat, xrefs: 005A7D54, 005A8572
$s, xrefs: 005A8951
o, xrefs: 005A7C36
Usage: ncat [options] [hostname] [port]Options taking a time assume seconds. Append 'ms' for milliseconds,'s' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms). -4 Use IPv4 only -6 Use IPv6 only, xrefs: 005A8EA6
`$s, xrefs: 005A8D18
p, xrefs: 005A7CE6
`%s, xrefs: 005A8D64
SCTP mode does not support connection brokering., xrefs: 005A8DDF
%s, xrefs: 005A8E63
You can't specify more than one --proxy-auth., xrefs: 005A8501
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
. QUITTING., xrefs: 005A8EBA
Could not resolve source address %s., xrefs: 005A8B07
C, xrefs: 005A7AFA
version, xrefs: 005A7E70, 005A83C7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: htons$_free_mbstowcs_s$__wcstoi64_memset_strspn
String ID: %d$ %s$%s %s ( %s )$-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$. QUITTING.$0123456789$4$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$5.59BETA1$6$C$Could not resolve hostname %s.$Could not resolve source address %s.$G$Got more than one port specification:$Invalid port number "%s".$Invalid proxy type "%s".$Ncat$Proxy type (--proxy-type) specified without proxy address (--proxy).$SCTP mode does not support connection brokering.$The --ssl-trustfile option may be given only once.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Unrecognised option.$Usage: ncat [options] [hostname] [port]Options taking a time assume seconds. Append 'ms' for milliseconds,'s' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms). -4 Use IPv4 only -6 Use IPv6 only$Vh<&s$You can't specify more than one --proxy-auth.$You can't specify more than one --proxy-type.$You can't specify more than one --proxy.$You must specify a host to connect to.$`$s$`$s$`$s$`$s$`$s$`$s$`$s$`%s$`%s$`%s$allow$allowfile$broker$c$chat$d$deny$denyfile$e$g$h$http$http://nmap.org/ncat$i$k$l$listen$m$n$o$p$proxy$proxy-auth$proxy-type$s$sctp$socks4$ssl-cert$ssl-key$ssl-trustfile$ssl-verify$t$talk$u$udp$v$version$w$x$$s$$s$$s
API String ID: 11326219-921235532
Opcode ID: dc2f5fd2f30237cd7034da721f36f1cb8789e92fc90086b64fddf13fade3c49d
Instruction ID: 686b5fa15417ca5b3608d511707209c3ff4c1a0235bc1dad64e2d9dea1a88554
Opcode Fuzzy Hash: dc2f5fd2f30237cd7034da721f36f1cb8789e92fc90086b64fddf13fade3c49d
Instruction Fuzzy Hash: 2492E1B0D042558FDB209F209C897BD7FB2BB16308F5444EAC849AB352EB764E89CF54

Function 005AD030 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 005AD04F
_memset.LIBCMT ref: 005AD09B

Strings

Failed to start WinSock., xrefs: 005AD067

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Startup_memset
String ID: Failed to start WinSock.
API String ID: 3974092505-423153701
Opcode ID: 185ee14aa7e6fa76c7ec272b685404316d97e51ff4e4f2f36682ea7207c25f68
Instruction ID: 5dab435afc48b4a7bde88ad1c9418ad1c7fd0c3a4894a9572a1aef5d775fdc93
Opcode Fuzzy Hash: 185ee14aa7e6fa76c7ec272b685404316d97e51ff4e4f2f36682ea7207c25f68
Instruction Fuzzy Hash: 73F0A730A0020CABDB10ABA4DC0AE99776EEB44B04F004069FD0D4A591EA725915D655

Function 0067F05C Relevance: 3.0, APIs: 2, Instructions: 17
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0067F073

Part of subcall function 006769D2: __mtinitlocknum.LIBCMT ref: 006769E4
Part of subcall function 006769D2: EnterCriticalSection.KERNEL32(?,?,00668F43,?,?,?,0066C8B0,?,007253A0,0000000C,005B20E1,-00000020,?,005B2143,Tried to malloc negative amount of memory!!!), ref: 006769FD

__tzset_nolock.LIBCMT ref: 0067F086

Part of subcall function 0067F33F: __lock.LIBCMT ref: 0067F364
Part of subcall function 0067F33F: ____lc_codepage_func.LIBCMT ref: 0067F3AB
Part of subcall function 0067F33F: __getenv_helper_nolock.LIBCMT ref: 0067F3CC
Part of subcall function 0067F33F: _free.LIBCMT ref: 0067F3FF
Part of subcall function 0067F33F: _strlen.LIBCMT ref: 0067F406
Part of subcall function 0067F33F: __malloc_crt.LIBCMT ref: 0067F40D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __lock$CriticalEnterSection____lc_codepage_func__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
String ID:
API String ID: 360932542-0
Opcode ID: 10851515febe1ce50281a08537c12d03936a502fe51886188b65392fc25bd76a
Instruction ID: dfabe0512006731a4b161bd600b877b342effd9156f65f6f9dc18ad3ba2dc0b9
Opcode Fuzzy Hash: 10851515febe1ce50281a08537c12d03936a502fe51886188b65392fc25bd76a
Instruction Fuzzy Hash: 1DE08C30141200EEEEA8A7B4D807F4C7122AB10337F60C02EE058002C2CBBA0480CA3E

Function 00669253 Relevance: 3.0, APIs: 2, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 00669259

Part of subcall function 0066921F: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,0066925E,?,?,0066ADD3,000000FF,0000001E,00000000,00000000,00000000,?,00676835), ref: 0066922E
Part of subcall function 0066921F: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00669240

ExitProcess.KERNEL32 ref: 00669262

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 5c62dc56fd1147651f64917ba5bf6fbba3f1e3a75e177c31618dbc00160db2c3
Instruction ID: cb324e334ad442ddca62ad42c447a641d64a336a86c660e7d4091682e5d110b1
Opcode Fuzzy Hash: 5c62dc56fd1147651f64917ba5bf6fbba3f1e3a75e177c31618dbc00160db2c3
Instruction Fuzzy Hash: EBB0923000020CBBDB412F11DC0A8893F2EEB01791B008028FA0409031DF72AAA2AA9A

Function 00669685 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 0066968F

Part of subcall function 00669556: __lock.LIBCMT ref: 00669564
Part of subcall function 00669556: DecodePointer.KERNEL32(00725160,0000001C,00669443,?,00000001,00000000,?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?), ref: 006695A3
Part of subcall function 00669556: DecodePointer.KERNEL32(?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0,0000000C), ref: 006695B4
Part of subcall function 00669556: EncodePointer.KERNEL32(00000000,?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0), ref: 006695CD
Part of subcall function 00669556: DecodePointer.KERNEL32(-00000004,?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0), ref: 006695DD
Part of subcall function 00669556: EncodePointer.KERNEL32(00000000,?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0), ref: 006695E3
Part of subcall function 00669556: DecodePointer.KERNEL32(?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0,0000000C), ref: 006695F9
Part of subcall function 00669556: DecodePointer.KERNEL32(?,00669391,000000FF,?,006769F5,00000011,?,?,00668F43,?,?,?,0066C8B0,?,007253A0,0000000C), ref: 00669604
Part of subcall function 00669556: __initterm.LIBCMT ref: 0066962C
Part of subcall function 00669556: __initterm.LIBCMT ref: 0066963D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$Encode__initterm$__lock_doexit
String ID:
API String ID: 3712619029-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: 6f30a54c97ba8151527eccefd391d6527f3c1e9a80696775f13a3c56db90e22a
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: 15B0123258030C33DA112556EC03F053B0D4740B60F100020FE0C1C1E2A5A3756040DE

Non-executed Functions

Function 005EF8C0 Relevance: 121.3, APIs: 41, Strings: 28, Instructions: 587libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(00000094), ref: 005EF923
LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 005EF934
LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 005EF941
LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 005EF94E
GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 005EF988
GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 005EF99B
FreeLibrary.KERNEL32(?), ref: 005EFA65
GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 005EFA7B
GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 005EFA8E
GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 005EFAA1
FreeLibrary.KERNEL32(?), ref: 005EFBB5
LoadLibraryA.KERNEL32(USER32.DLL), ref: 005EFBD6
GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 005EFBF0
GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 005EFC03
GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 005EFC16
FreeLibrary.KERNEL32(?), ref: 005EFCE5
GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 005EFD13
GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 005EFD26
GetProcAddress.KERNEL32(?,Heap32First), ref: 005EFD39
GetProcAddress.KERNEL32(?,Heap32Next), ref: 005EFD4C
GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 005EFD5F
GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 005EFD72
GetProcAddress.KERNEL32(?,Process32First), ref: 005EFD85
GetProcAddress.KERNEL32(?,Process32Next), ref: 005EFD98
GetProcAddress.KERNEL32(?,Thread32First), ref: 005EFDAB
GetProcAddress.KERNEL32(?,Thread32Next), ref: 005EFDBE
GetProcAddress.KERNEL32(?,Module32First), ref: 005EFDD1
GetProcAddress.KERNEL32(?,Module32Next), ref: 005EFDE4
GetTickCount.KERNEL32 ref: 005EFEA3
GetTickCount.KERNEL32 ref: 005EFF91
GetTickCount.KERNEL32 ref: 005F0006
GetTickCount.KERNEL32 ref: 005F0035
GetTickCount.KERNEL32 ref: 005F009B
GetTickCount.KERNEL32 ref: 005F00B8
GetTickCount.KERNEL32 ref: 005F0127
GetTickCount.KERNEL32 ref: 005F0144

Strings

CryptReleaseContext, xrefs: 005EFA96
CryptGenRandom, xrefs: 005EFA83
Heap32ListFirst, xrefs: 005EFD54
CreateToolhelp32Snapshot, xrefs: 005EFD07
LanmanWorkstation, xrefs: 005EF9C6
GetForegroundWindow, xrefs: 005EFBEA
Process32Next, xrefs: 005EFD8D
Intel Hardware Cryptographic Service Provider, xrefs: 005EFB3C
Thread32First, xrefs: 005EFDA0
Module32Next, xrefs: 005EFDD9
Heap32ListNext, xrefs: 005EFD67
Heap32First, xrefs: 005EFD2E
LanmanServer, xrefs: 005EFA14
NetApiBufferFree, xrefs: 005EF990
NetStatisticsGet, xrefs: 005EF982
ADVAPI32.DLL, xrefs: 005EF929
Heap32Next, xrefs: 005EFD41
$, xrefs: 005EFF1E
KERNEL32.DLL, xrefs: 005EF93C
Thread32Next, xrefs: 005EFDB3
NETAPI32.DLL, xrefs: 005EF949
CryptAcquireContextW, xrefs: 005EFA75
USER32.DLL, xrefs: 005EFBD1
CloseToolhelp32Snapshot, xrefs: 005EFD1B
GetQueueStatus, xrefs: 005EFC0B
Module32First, xrefs: 005EFDC6
GetCursorInfo, xrefs: 005EFBF8
Process32First, xrefs: 005EFD7A

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AddressProc$CountTick$Library$Load$Free$Version
String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
API String ID: 842291066-1723836103
Opcode ID: 6c2475488d6563886c7596f239f173397519c9a46aabbb1491fa348637ac08a5
Instruction ID: a8604dbf8e3c1f8d4eb3fc43c0ed3aac9b425f486284c6d8103226afb81dec19
Opcode Fuzzy Hash: 6c2475488d6563886c7596f239f173397519c9a46aabbb1491fa348637ac08a5
Instruction Fuzzy Hash: 663291B0D0062D9EEB609F64CD45BAEBBB9BF44700F0441E9A60CA2191EF758E85CF59

Function 005A57B0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 204pipeprocessfileCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,?,?,00000000,?,?,?), ref: 005A57F2
GetLastError.KERNEL32 ref: 005A5804
CreateNamedPipeA.KERNEL32(?,40000001,00000000,00000001,00001000,00001000,000003E8,0000000C), ref: 005A587F
GetLastError.KERNEL32 ref: 005A5894
CloseHandle.KERNEL32(?), ref: 005A58B0
CloseHandle.KERNEL32(?), ref: 005A58B4
CreateFileA.KERNEL32(?,40000000,00000000,0000000C,00000003,40000080,00000000), ref: 005A58E2
CloseHandle.KERNEL32(?), ref: 005A58F7
CloseHandle.KERNEL32(?), ref: 005A58FB
CloseHandle.KERNEL32(?), ref: 005A5900
SetHandleInformation.KERNEL32(?,00000001,00000000), ref: 005A5928
SetHandleInformation.KERNEL32(?,00000001,00000000), ref: 005A5931
_memset.LIBCMT ref: 005A593E
GetStdHandle.KERNEL32(000000F4), ref: 005A595E
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 005A5992
GetLastError.KERNEL32 ref: 005A59A4
CloseHandle.KERNEL32(?), ref: 005A59C1
CloseHandle.KERNEL32(?), ref: 005A59C5
CloseHandle.KERNEL32(?), ref: 005A59CA
CloseHandle.KERNEL32(?), ref: 005A59CF

Strings

Creating named pipe "%s", xrefs: 005A5852
D, xrefs: 005A594F
Error in CreatePipe: %d, xrefs: 005A580B
Error in CreateNamedPipe: %d, xrefs: 005A589B
\\.\pipe\ncat-%d, xrefs: 005A5835
Error in CreateProcess: %d, xrefs: 005A59AB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Handle$Close$Create$ErrorLast$InformationPipe$FileNamedProcess_memset
String ID: Creating named pipe "%s"$D$Error in CreateNamedPipe: %d$Error in CreatePipe: %d$Error in CreateProcess: %d$\\.\pipe\ncat-%d
API String ID: 2262026874-576480396
Opcode ID: abb005a368de0138850fda243adae05c804ffb428cdc28004a8600b4d5833bea
Instruction ID: c3d7d8a36ab300f551fe9bc904c24c035f23d8fb4dd97c9d479e74133e08b402
Opcode Fuzzy Hash: abb005a368de0138850fda243adae05c804ffb428cdc28004a8600b4d5833bea
Instruction Fuzzy Hash: 9361C271E00209AFEB10DFA4EC46F9DBBB5FF04312F10426AFA09A62D0DB716915CB95

Function 005B3550 Relevance: 37.1, APIs: 12, Strings: 9, Instructions: 340COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005B359A
_memset.LIBCMT ref: 005B3620
_free.LIBCMT ref: 005B364E
_free.LIBCMT ref: 005B3654

Strings

Add IPv4 range %s/%ld to addrset., xrefs: 005B3682
Illegal netmask in "%s". Must be between 0 and 128., xrefs: 005B3961
Add IPv4 %s/%ld to addrset., xrefs: 005B3875
Illegal netmask in "%s". Must be between 0 and 32., xrefs: 005B3642, 005B394D
Error resolving name "%s": %s, xrefs: 005B36EA
ignoring address %s for %s. Family %d socktype %d protocol %d., xrefs: 005B38F0
Add IPv6 %s/%ld to addrset., xrefs: 005B38BC
Warning: no addresses found for %s., xrefs: 005B371B
Error parsing netmask in "%s"., xrefs: 005B3970

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr_memset
String ID: Add IPv4 %s/%ld to addrset.$Add IPv4 range %s/%ld to addrset.$Add IPv6 %s/%ld to addrset.$Error parsing netmask in "%s".$Error resolving name "%s": %s$Illegal netmask in "%s". Must be between 0 and 128.$Illegal netmask in "%s". Must be between 0 and 32.$Warning: no addresses found for %s.$ignoring address %s for %s. Family %d socktype %d protocol %d.
API String ID: 2821006549-386558060
Opcode ID: 847b6f67e75a0e7b036c508dc06dd8586326570fe57b845b7b0d6a94cdf95d8e
Instruction ID: 915ec327fbd01c9a5c1e0cc64969c39c5ad8a74d86fc519f376daf92ee54b6c5
Opcode Fuzzy Hash: 847b6f67e75a0e7b036c508dc06dd8586326570fe57b845b7b0d6a94cdf95d8e
Instruction Fuzzy Hash: B6B1E871A002199FDB60EF68CC82BE97BB5FF44310F0041A9F949E7242DB75AE45CBA5

Function 005A96F0 Relevance: 35.4, APIs: 6, Strings: 14, Instructions: 389networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,00000000,?,00000000), ref: 005A985E
_free.LIBCMT ref: 005A9867
send.WS2_32(?,?,00000000,00000000), ref: 005A98C8
_free.LIBCMT ref: 005A9984

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

Strings

Host, xrefs: 005A981E
Status-Line: %s, xrefs: 005A992C
close, xrefs: 005A982B, 005A9AAD
Error parsing response header., xrefs: 005A9A45
Error reading Status-Line., xrefs: 005A994A
POST request with no Content-Length., xrefs: 005A9757
Error reading header., xrefs: 005A99DA
Connection, xrefs: 005A9830, 005A9AB2
%s:%hu, xrefs: 005A97D3
Response header:%s, xrefs: 005A9A09
Error parsing Status-Line., xrefs: 005A999D
POST, xrefs: 005A9706
Received only %lu request body bytes (Content-Length was %lu)., xrefs: 005A98F8
Error removing hop-by-hop headers., xrefs: 005A979C, 005A9A8D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _freesend$ErrorFreeHeapLast
String ID: %s:%hu$Connection$Error parsing Status-Line.$Error parsing response header.$Error reading Status-Line.$Error reading header.$Error removing hop-by-hop headers.$Host$POST$POST request with no Content-Length.$Received only %lu request body bytes (Content-Length was %lu).$Response header:%s$Status-Line: %s$close
API String ID: 3872156787-404726547
Opcode ID: f60741eb9d1a824aefe724242af2a8f0c6ba181d5aa7015914a19a7a10a925a0
Instruction ID: aca8003eaab02be3cd7901df6e21214a9afab0332cb341b40793be1a1b5bfd72
Opcode Fuzzy Hash: f60741eb9d1a824aefe724242af2a8f0c6ba181d5aa7015914a19a7a10a925a0
Instruction Fuzzy Hash: 7CC10C71E002199BDF10EF64DC8ABEE7BA9FF55300F0401AAEC0AE7252EA359D55CB51

Function 005F0280 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 130windowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 005F029E
CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 005F02C3
CreateCompatibleDC.GDI32(00000000), ref: 005F02D0
GetDeviceCaps.GDI32(00000000,00000008), ref: 005F02E5
GetDeviceCaps.GDI32(00000000,0000000A), ref: 005F02EE
CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 005F02FB
SelectObject.GDI32(00000000,00000000), ref: 005F0309
GetObjectA.GDI32(00000000,00000018,?), ref: 005F031B
BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 005F037A
GetBitmapBits.GDI32(?,?,00000000), ref: 005F0386
SelectObject.GDI32(?,?), ref: 005F03E6
DeleteObject.GDI32(00000000), ref: 005F03ED

Part of subcall function 005C3840: GetModuleHandleA.KERNEL32(?,?,005B5BAF,?,005C3A1F), ref: 005C3867
Part of subcall function 005C3840: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 005C3877
Part of subcall function 005C3840: GetDesktopWindow.USER32 ref: 005C389B
Part of subcall function 005C3840: GetProcessWindowStation.USER32(?,005C3A1F), ref: 005C38A1
Part of subcall function 005C3840: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,005C3A1F), ref: 005C38BC
Part of subcall function 005C3840: GetLastError.KERNEL32(?,005C3A1F), ref: 005C38CA
Part of subcall function 005C3840: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,005C3A1F), ref: 005C3905
Part of subcall function 005C3840: _wcsstr.LIBCMT ref: 005C392A

DeleteDC.GDI32(?), ref: 005F03FA
DeleteDC.GDI32(?), ref: 005F0400

Strings

DISPLAY, xrefs: 005F02BE
.\crypto\rand\rand_win.c, xrefs: 005F0330

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStationVersion_wcsstr
String ID: .\crypto\rand\rand_win.c$DISPLAY
API String ID: 1912626553-1805842116
Opcode ID: f5b7fa328b979b85a11e2db535668ed90ab5af7331b919be7bd55f20b4e200d1
Instruction ID: 42f1c1e6bda19e517a4701524f17d37d470fc1ae069893343f7432b6a504ce61
Opcode Fuzzy Hash: f5b7fa328b979b85a11e2db535668ed90ab5af7331b919be7bd55f20b4e200d1
Instruction Fuzzy Hash: 1841D271A44304AFE3506B648C8AF6FBFA8FF85711F004919FA44962E1DBB998048B67

Function 00660960 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 555COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00660BFE
_memmove.LIBCMT ref: 00660C37

Part of subcall function 005C3AB0: _raise.LIBCMT ref: 005C3AC8

Part of subcall function 005B5770: _memset.LIBCMT ref: 005B577A

_memset.LIBCMT ref: 00660C7B
_memmove.LIBCMT ref: 00660CEE
_memmove.LIBCMT ref: 00660D06
_memmove.LIBCMT ref: 00660D8D
_memset.LIBCMT ref: 00660DE5

Strings

mac_secret_length <= sizeof(hmac_pad), xrefs: 00660C10
(, xrefs: 006609B7
j, xrefs: 00661090
data_plus_mac_plus_padding_size < 1024*1024, xrefs: 006609CF
.\ssl\s3_cbc.c, xrefs: 006609D9, 00660AA8, 00660C1A

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove_memset$_raise
String ID: ($.\ssl\s3_cbc.c$data_plus_mac_plus_padding_size < 1024*1024$j$mac_secret_length <= sizeof(hmac_pad)
API String ID: 1352525303-1031610448
Opcode ID: b8874e87b59bdeb7382746b4ff8efb6ad2b4c8a4138ff488af78042163b6b57a
Instruction ID: fa5ddc1840607a3d403a2a8e338313e5cbc745996bb3cf54b6d96c3374dca863
Opcode Fuzzy Hash: b8874e87b59bdeb7382746b4ff8efb6ad2b4c8a4138ff488af78042163b6b57a
Instruction Fuzzy Hash: C2226B715083859FD720DF68C885A9FBBE9BFC9308F044A2EF589D7201EA31D5458B92

Function 005A4DA0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 005A4E08
LoadLibraryA.KERNEL32(?), ref: 005A4E51
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 005A4E6F
FreeLibrary.KERNEL32(00000000), ref: 005A4E76
LoadLibraryA.KERNEL32(?), ref: 005A4EB0
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 005A4EC2
FreeLibrary.KERNEL32(00000000), ref: 005A4EC9
GetProcAddress.KERNEL32(00000000,006D7D08), ref: 005A4ED8
FreeLibrary.KERNEL32(00000000), ref: 005A4F0F

Strings

\wship6, xrefs: 005A4E90
getaddrinfo, xrefs: 005A4DBA, 005A4E69, 005A4EBC
\ws2_32, xrefs: 005A4E31
(}m, xrefs: 005A4DE2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeProc$Load$DirectorySystem
String ID: (}m$\ws2_32$\wship6$getaddrinfo
API String ID: 2490988753-3266259673
Opcode ID: a6587be737bc26dd1f7b4770fd19275edde8c55d3b47df2e0b55d8dacc991075
Instruction ID: 02a053906e607036eaba47f2ac6528a8bf8299cb3b610cb50f760d750a68aaa3
Opcode Fuzzy Hash: a6587be737bc26dd1f7b4770fd19275edde8c55d3b47df2e0b55d8dacc991075
Instruction Fuzzy Hash: E541DA71D0021CABCB60EFA4DC89AEE7BFDBF49701F104499E904E3240E7B49A858F55

Function 005A68F0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 249networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005A691F

Part of subcall function 005A6360: __wassert.LIBCMT ref: 005A6398

__WSAFDIsSet.WS2_32(00000000,?), ref: 005A6B1B
send.WS2_32(00000000,?,00000000,00000000), ref: 005A6BA4
_free.LIBCMT ref: 005A6BB5
__WSAFDIsSet.WS2_32(00000000,?), ref: 005A6BCF
recv.WS2_32(00000000,?,00020000,00000000), ref: 005A6BE7
WSAGetLastError.WS2_32(?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 005A6C5A

Part of subcall function 005B2D20: FormatMessageA.KERNEL32(000012FF,00000000,00000000,00000000,00732C68,00000080,00000000,?,005A21A8,00000000,?), ref: 005B2D3B

closesocket.WS2_32(00000000), ref: 005A6C74

Strings

New connection denied: connection limit reached (%d), xrefs: 005A69C4
udp select'ing, xrefs: 005A6AEC
%s., xrefs: 005A6C4B, 005A6C66
New connection denied: not allowed, xrefs: 005A69EE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorFormatLastMessage__wassert_free_memsetclosesocketrecvsend
String ID: %s.$New connection denied: connection limit reached (%d)$New connection denied: not allowed$udp select'ing
API String ID: 2419493864-3169963184
Opcode ID: 1cecf0cff54cc68f2d40246095ede8ed81c70b9776a7748ad3ff63c9861bcadc
Instruction ID: 1e5902ce4f29010fa51614a6ef57fef98a3bee567fefce331e6dddda8be1336a
Opcode Fuzzy Hash: 1cecf0cff54cc68f2d40246095ede8ed81c70b9776a7748ad3ff63c9861bcadc
Instruction Fuzzy Hash: FA9198B1944319EFEB20EB50DC8AF9E777DBB01301F1440A6F909E2183EB749689CB65

Function 005B0520 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 107networkCOMMON

Download Yara Rule

APIs

Part of subcall function 005B2A50: WSASocketA.WS2_32(00000000,?,?,00000000,00000000,00000000), ref: 005B2A62

_perror.LIBCMT ref: 005B054D

Part of subcall function 0066BF17: ___lock_fhandle.LIBCMT ref: 0066BF2A
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF41
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF49
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF55
Part of subcall function 0066BF17: __get_sys_err_msg.LIBCMT ref: 0066BF64
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF6C
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF74
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF81

setsockopt.WS2_32(?,0000FFFF,00000004,00000004), ref: 005B0594
bind.WS2_32(?,?,00000000), ref: 005B05A5
setsockopt.WS2_32(?,00000000,00000001,?,?), ref: 005B0600
setsockopt.WS2_32(?,0000FFFF,00000020,000006F0,00000004), ref: 005B063F

Strings

Bind to %s failed (IOD #%li), xrefs: 005B05D5
Setting of SO_BROADCAST failed (IOD #%li), xrefs: 005B0655
Socket troubles, xrefs: 005B0548
Setting of IP options failed (IOD #%li), xrefs: 005B0616

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __write_nolock$setsockopt$_strlen$Socket___lock_fhandle__get_sys_err_msg_perrorbind
String ID: Bind to %s failed (IOD #%li)$Setting of IP options failed (IOD #%li)$Setting of SO_BROADCAST failed (IOD #%li)$Socket troubles
API String ID: 1157152578-3899641259
Opcode ID: c3a7f4c4c370b282b6b17e3b33febb17598e7f05f3480b324094fb79a5b919a3
Instruction ID: 66ec1778ec18e48106d6cccb379a574e2d773d8852229bda742667b05833946b
Opcode Fuzzy Hash: c3a7f4c4c370b282b6b17e3b33febb17598e7f05f3480b324094fb79a5b919a3
Instruction Fuzzy Hash: 4E31E371500605AFEB305E34DC46FEB7BA9FF85324F100A29F5A8921D1C772B964CBA1

Function 00689379 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcscmp.LIBCMT ref: 00689390
_wcscmp.LIBCMT ref: 006893A1
GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0068963F,?,00000000), ref: 006893BD
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0068963F,?,00000000), ref: 006893E7

Strings

OCP, xrefs: 0068939B
ACP, xrefs: 0068938A

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InfoLocale_wcscmp
String ID: ACP$OCP
API String ID: 1351282208-711371036
Opcode ID: 6791c99c862fd6e59c014b0f9586e6adcda1bdc0e707332bc1700b804e82563b
Instruction ID: cdf6aa76f2c0bcc8dccf9a4a88e1dde19feb1576a49150bfa724b98db2be94e5
Opcode Fuzzy Hash: 6791c99c862fd6e59c014b0f9586e6adcda1bdc0e707332bc1700b804e82563b
Instruction Fuzzy Hash: D901F531204615ABEB61BF59EC41FFA379AAF04769B088115F904DA2D1EB70DA8087A5

Function 005D81A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D81C5
_memset.LIBCMT ref: 005D81E6
_memset.LIBCMT ref: 005D8238

Strings

USVW, xrefs: 005D81D0, 005D8227

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID: USVW
API String ID: 2102423945-4079060124
Opcode ID: 7c7898ad8d1d1400cdbe31f1320f8b9109874d814944f33bcd5429fe6510be16
Instruction ID: 4c87e5159d432fc506c6d9b07eb60236bc4132ba03d11ec42ebbbaea2c734113
Opcode Fuzzy Hash: 7c7898ad8d1d1400cdbe31f1320f8b9109874d814944f33bcd5429fe6510be16
Instruction Fuzzy Hash: 494150612193C29FC31E8E6D48806A6FF646F66200B4886DEECC4EF387C514D6A9C7F5

Function 005C2950 Relevance: 5.3, Strings: 4, Instructions: 288COMMON

Download Yara Rule

Strings

.\crypto\rand\md_rand.c, xrefs: 005C29EC, 005C2C43, 005C2C7B, 005C2CAE
...................., xrefs: 005C2971
4, xrefs: 005C2951
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html, xrefs: 005C2CBE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: ....................$.\crypto\rand\md_rand.c$4$You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
API String ID: 0-1255178596
Opcode ID: 140dfbff5a5c23ac2ca8bb8086cc2a1b255e8165969618aeeb5850dbe65ae049
Instruction ID: e5b55a8eabf0bb415ae1fa3453d5fa7f243f39c4e88ce9c8cb5dd75a046547e6
Opcode Fuzzy Hash: 140dfbff5a5c23ac2ca8bb8086cc2a1b255e8165969618aeeb5850dbe65ae049
Instruction Fuzzy Hash: ABA12731A083855EE310ABB88C85F9ABFE4AF99704F044D2EF6D2D7243E165E445C766

Function 005D8650 Relevance: 4.8, APIs: 3, Instructions: 271COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D8675
_memset.LIBCMT ref: 005D8696
_memset.LIBCMT ref: 005D86E8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 03cc49d2b7c800e0627c98317d8de29028474fc34a3153a2ac0667ceb99d5a51
Instruction ID: a151b5d5d88e5690ddb36a0b672c24d00bb8c5faeefbabc7a62a69c462f17e2b
Opcode Fuzzy Hash: 03cc49d2b7c800e0627c98317d8de29028474fc34a3153a2ac0667ceb99d5a51
Instruction Fuzzy Hash: 9CA1FF2171A6C79FC31DCE6C48805A9FF617B7610074887DEE885EB783C514EAA9C7E2

Function 005B4E20 Relevance: 4.6, APIs: 3, Instructions: 131encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,00000000), ref: 005B4E55
CryptGenRandom.ADVAPI32(00000000,00000100,?), ref: 005B4E6D
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 005B4E7B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Crypt$Context$AcquireRandomRelease
String ID:
API String ID: 1815803762-0
Opcode ID: e1c73103eac39d1e1b17f6a863641f7243c0b12f6b601d0deba4f2e4568db430
Instruction ID: 512c97154dfcf783e2ec44814d1eb0da7c9bfbdad5ea47a549290abbf6e861d5
Opcode Fuzzy Hash: e1c73103eac39d1e1b17f6a863641f7243c0b12f6b601d0deba4f2e4568db430
Instruction Fuzzy Hash: CD51052418C7E14AE3368B2588227FA7FF25F26205F58C4DEE5EA47683D42DD2C59B20

Function 005B5650 Relevance: 4.6, APIs: 3, Instructions: 102COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005B5675
_memset.LIBCMT ref: 005B5696
_memset.LIBCMT ref: 005B56E8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 3bad38a4300c7daba9790a48422eb562f81a2bbc61f81debc6894bafce9e4544
Instruction ID: 730127a15f7d81ed0b66f2479b233dc262dcc5c5fd9cb9694876019b52108499
Opcode Fuzzy Hash: 3bad38a4300c7daba9790a48422eb562f81a2bbc61f81debc6894bafce9e4544
Instruction Fuzzy Hash: E03184612093C29EC70A9E6D48806A6FF64BF66200F4C87CEEC899F787C114D5A5C7F5

Function 005C2927 Relevance: 4.1, Strings: 3, Instructions: 311COMMON

Download Yara Rule

Strings

.\crypto\rand\md_rand.c, xrefs: 005C29EC, 005C2C43, 005C2C7B, 005C2CAE
...................., xrefs: 005C2971
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html, xrefs: 005C2CBE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: ....................$.\crypto\rand\md_rand.c$You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
API String ID: 0-2083530453
Opcode ID: 08344e04c97a6b18b09b29b429a725654320b2653fbfa8567c9c958862425ccd
Instruction ID: 4e8ae3f105b7d2e44f6391b56824df9c1e1136d64e6d704b29f2e366d70e9420
Opcode Fuzzy Hash: 08344e04c97a6b18b09b29b429a725654320b2653fbfa8567c9c958862425ccd
Instruction Fuzzy Hash: D3B12831A083855EE310ABB88C85F9BBFE4BF99700F044A2EF5D6D7243E265A445C766

Function 005ABEC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

listen.WS2_32(?,?), ref: 005ABEC9

Strings

listen, xrefs: 005ABED3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: listen
String ID: listen
API String ID: 3257165821-3257165821
Opcode ID: c9c8ce1c0e8472755e31aa665299ed38c093a31f7c4e045e08483a02467a4a1f
Instruction ID: 80f0899f5761b3e3da8fe1310547ed4da05a5c860fb4069ccfb76da60cce6c5a
Opcode Fuzzy Hash: c9c8ce1c0e8472755e31aa665299ed38c093a31f7c4e045e08483a02467a4a1f
Instruction Fuzzy Hash: B8C0123260020C7BAB412AA1EC0B55E3E5DAB01751B004020FD0DD5111EA32E1205686

Function 005D8C80 Relevance: 3.5, APIs: 2, Instructions: 499COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D8CA8
_memset.LIBCMT ref: 005D8CC9

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 89c8aaef3bc1e3da861fd794e5d38cdcac6c3cce8118c7258b0772517157a1de
Instruction ID: edc055f8a913e443bb7cddb956aae1c8a740c8566dd2b077c04b5d6e84f6edf4
Opcode Fuzzy Hash: 89c8aaef3bc1e3da861fd794e5d38cdcac6c3cce8118c7258b0772517157a1de
Instruction Fuzzy Hash: 4C121411315FC58FD315CA7DC99025AFEA2ABA6200B8C8A7DE4C6DBB83C514F919C7E1

Function 006771E1 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00670BBF,?,?,?,00000000), ref: 006771E6
UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 006771EF

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2c9771f0149a5e0e76e159ddf593a2ba69a7dba6c1d10c53dd2c682fdcaff571
Instruction ID: 6e44f4dca2795630546097489f86510740d1566d8fb8142fd98772ae5709359f
Opcode Fuzzy Hash: 2c9771f0149a5e0e76e159ddf593a2ba69a7dba6c1d10c53dd2c682fdcaff571
Instruction Fuzzy Hash: B8B09231044B08ABEF802BA2EC0DB4A3F28FB04753F008010F60D44062CF7795118A9A

Function 005D3400 Relevance: 2.8, Strings: 2, Instructions: 290COMMON

Download Yara Rule

Strings

.%lu, xrefs: 005D3660
ooo, xrefs: 005D3665, 005D366B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .%lu$ooo
API String ID: 0-166504061
Opcode ID: a408accbe2ad808da714df50d8638c08c5715ecc8e06f70ec99572ee9d0c0ec2
Instruction ID: 04ba6d6da4a81465ad0d6e709a98325bf2cbbb4ce286758022da19d04595a5a4
Opcode Fuzzy Hash: a408accbe2ad808da714df50d8638c08c5715ecc8e06f70ec99572ee9d0c0ec2
Instruction Fuzzy Hash: 5991DF72A083065BD731AF6CA84572BBFE4BF94740F04092FF88597341EB65DA08C693

Function 005C2390 Relevance: 2.7, Strings: 2, Instructions: 246COMMON

Download Yara Rule

Strings

.\crypto\rand\md_rand.c, xrefs: 005C23C6, 005C23EC, 005C2415, 005C24E4, 005C262C, 005C269E
gfff, xrefs: 005C24B1

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\rand\md_rand.c$gfff
API String ID: 0-1559015272
Opcode ID: a406dbcaf7538a22afa875fe950bac63301482a7af4d920d7923a888af0c0279
Instruction ID: ec0af22250698ffbcbf990742be7d3b86af49f07f822bef9a72af72d99f891e5
Opcode Fuzzy Hash: a406dbcaf7538a22afa875fe950bac63301482a7af4d920d7923a888af0c0279
Instruction Fuzzy Hash: 8981F671A4430A5FD708EFA8DC46F5ABBE8FB84744F00892DF646DB282F675E5008796

Function 005D4C30 Relevance: 1.6, Strings: 1, Instructions: 305COMMON

Download Yara Rule

Strings

.\crypto\asn1\a_object.c, xrefs: 005D4CB5, 005D4E43, 005D4EEF, 005D4F00, 005D4F11, 005D4F22, 005D4FA5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\asn1\a_object.c
API String ID: 0-1678179117
Opcode ID: 55e2010fa132b14d559588635c9ade4e040ce0e20c4fe64f0cc731eee4514e2c
Instruction ID: 284ff0a18225aac0793b9a6df8dc003f9b56e28b9f7f3de823677e25d41bde57
Opcode Fuzzy Hash: 55e2010fa132b14d559588635c9ade4e040ce0e20c4fe64f0cc731eee4514e2c
Instruction Fuzzy Hash: 41A1C175A093465BD730DF2C8882A2BBBE9BBD4704F05092FF98597392E631D9058F93

Function 0068989F Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(0068988B,00000001,?,00688793,00688831,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 006898CD

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: cd3bc6056b5083c3f967b9045e6eade395a2589828657a4f28c0e01f87330761
Instruction ID: 296b84cc43b37a717d33de9ba731a3f468165134340baa443aa9e4663304e3b6
Opcode Fuzzy Hash: cd3bc6056b5083c3f967b9045e6eade395a2589828657a4f28c0e01f87330761
Instruction Fuzzy Hash: E3E0463614030CFFEB119F90EC46BA93BA6AB4A712F04C414FA085E1A0C2BAA5608F58

Function 00689925 Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,20001004,?,00672F40,?,00672F40,?,20001004,?,00000002,?,00000004,?,00000000), ref: 0068994C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: fb7dfbdfbca7e108e72a66a69c96467eb3e0b570ee27f5a7773480c3c72f407a
Instruction ID: 570897bdcd4eb308a9fb68aa2d43fa18f63c0b560cded7bf401fc70cdf4ac3dc
Opcode Fuzzy Hash: fb7dfbdfbca7e108e72a66a69c96467eb3e0b570ee27f5a7773480c3c72f407a
Instruction Fuzzy Hash: 09D01732000109BF9F12AFD0EC09CAA3B6AFB08324B088408FA1849120DA36E8209B26

Function 006771B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 006771B6

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 36d584f5337936942d987430e6a3271ac36fb01f6df9dab7a648818dfafadac1
Instruction ID: 4e4196380e748fcca031f574a090d9697d3cfd79f6e63e9f401c04d634cb7fa9
Opcode Fuzzy Hash: 36d584f5337936942d987430e6a3271ac36fb01f6df9dab7a648818dfafadac1
Instruction Fuzzy Hash: 8CA0123000060CA78E401B52EC084453F1CE6001517004010F40C00021CB3355104585

Function 005908DD Relevance: .8, Instructions: 779COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e65db780a61c69a6c098c324e4dd248821378fe66ba40949a7b7b96ac220832
Instruction ID: 0c381bd0e355ca365c2b12cac2ac37e2a16800561a230c9ce21b2ebf3e15ea66
Opcode Fuzzy Hash: 8e65db780a61c69a6c098c324e4dd248821378fe66ba40949a7b7b96ac220832
Instruction Fuzzy Hash: EA525B72D007369BD358DF5A8884059F7E1BB88710B82877EDE99AB781D770A831DBC4

Function 00587EFB Relevance: .8, Instructions: 754COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25bfcebb44a51763aa234c8f296b5c24e96b44d803267e60dee7baf997973bfd
Instruction ID: eb27ba22b641a040a53b6397ceacc74686aaba5cd397c50004f881d9af7c993d
Opcode Fuzzy Hash: 25bfcebb44a51763aa234c8f296b5c24e96b44d803267e60dee7baf997973bfd
Instruction Fuzzy Hash: E26258A144E7D15FD3038B788864690BFB2AE63218B5E82DBC0C5CF1B3D26D595AC762

Function 00584257 Relevance: .7, Instructions: 723COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c1d5c1c5ea3c8a3e317558958f7385a1cf56dfc4d8330323dc74327f7f6c147
Instruction ID: 90382cd4e6c1179a12a440b2f69c2e9171e64d24f40b6f6d272a62c255ccc54d
Opcode Fuzzy Hash: 7c1d5c1c5ea3c8a3e317558958f7385a1cf56dfc4d8330323dc74327f7f6c147
Instruction Fuzzy Hash: 3042AF71629F159BC3DAEF24C88055BF3E1FFC8218F048A1DD99997A50DB38F819CA91

Function 00581540 Relevance: .6, Instructions: 598COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0095be3acd773ce338a414c8546106946020451b279719513ddabb83c46e193e
Instruction ID: af09e5a94e9967fd0ab41f693b94e727bba9bbd772f8455e48475a546a093fe6
Opcode Fuzzy Hash: 0095be3acd773ce338a414c8546106946020451b279719513ddabb83c46e193e
Instruction Fuzzy Hash: 712273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6174648

Function 00592F9B Relevance: .6, Instructions: 586COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 855b5bb208aa5e984fd941a0212bc37300dbebaf966b7f71c4fcf60e3b61a85f
Instruction ID: 239d22405deb851f63917d653cf6eb1acd1ed4fdede8128cbd3227e70bb73a01
Opcode Fuzzy Hash: 855b5bb208aa5e984fd941a0212bc37300dbebaf966b7f71c4fcf60e3b61a85f
Instruction Fuzzy Hash: 7F428F70069F968ADB83FB34D0802DFF3A0FFC5359F240D9ACA954A545DB3EA859D221

Function 005959F2 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ee7fcdd7428b60b92b80e0927b294a424c2d52daedc0d3532a7778974603f7
Instruction ID: 9a6f56a52c7b68080236296976b359836d497a4c32f6f13baad3816ca722b28f
Opcode Fuzzy Hash: 31ee7fcdd7428b60b92b80e0927b294a424c2d52daedc0d3532a7778974603f7
Instruction Fuzzy Hash: C8524835005A2BDACF62DF64D4500CAB371FF6635CF92991EC9882B212DB76E64BD780

Function 0058C986 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178c240864e3755ea7e18fd370249cdf2d9e017aa10109943ed088d83f31a14d
Instruction ID: 31fdcbf945260d0c8f4659a2b00b94e63ed8aaa068470a2453d7152c83a0835e
Opcode Fuzzy Hash: 178c240864e3755ea7e18fd370249cdf2d9e017aa10109943ed088d83f31a14d
Instruction Fuzzy Hash: 4B22D0B6504B068FC714CF19D08055AFBE1FF88324F558A6EE9A9A7B10C730BA55CF91

Function 005866C0 Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0176f1739d8285affdcd7baed099683ba600e8a42c8a2ff8b9992e6e1937434
Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
Opcode Fuzzy Hash: d0176f1739d8285affdcd7baed099683ba600e8a42c8a2ff8b9992e6e1937434
Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80

Function 00586DE0 Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e50d22201f3ae740535489fddda58b98a7d3b86197d8f8173375632cb0be2a
Instruction ID: b94c871d5500408a8bd7b4fddcdd9fbb5236efcf0507b93f5a7b89808546a1af
Opcode Fuzzy Hash: 12e50d22201f3ae740535489fddda58b98a7d3b86197d8f8173375632cb0be2a
Instruction Fuzzy Hash: A1121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80

Function 00585D00 Relevance: .4, Instructions: 443COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80

Function 005925C0 Relevance: .4, Instructions: 427COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ff58ef2e92e09d8b401febdcbd283a780ca1f0658688870de92daac5db8139
Instruction ID: c3f2d0e9248e3bdc9a76bb3bfdf8395a25782f8e1233669c7f6e8fbe92d64dd4
Opcode Fuzzy Hash: 78ff58ef2e92e09d8b401febdcbd283a780ca1f0658688870de92daac5db8139
Instruction Fuzzy Hash: 8C026B721187058FC756EE0CD49036AF7E1FFC8305F198A2DD68987B64E739A9198F82

Function 00590D78 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43dd5c506e21ff96bb404a7c9cc42d0f14c4a155308d501424dfdc970c282aff
Instruction ID: 05cee873a6d387c4a649acb9d90a1f1877c7a6fe9d3e142042eb30c53324060e
Opcode Fuzzy Hash: 43dd5c506e21ff96bb404a7c9cc42d0f14c4a155308d501424dfdc970c282aff
Instruction Fuzzy Hash: 42D15C72D007368BD318DF5A8484059FBE0BB88750B86877EDE59AB781D770A831DBC4

Function 0058B330 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
Instruction ID: 64a1869241cf348ac7871b9c8e8390a17cde714fd81aada7a38166e80c0279e6
Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
Instruction Fuzzy Hash: 55C12833E2477906D764DEAE8C500AAB6E3AFC4220F9B477DDDD4A7242C9306D4A86C0

Function 0058F3DE Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf176f1e1a17f7b33f98a2125034267e0e284a0222493621ffc6d86c36a11102
Instruction ID: 5f86cacc3643da9b3b036a4702d365d8bcfec65a2c654e245ab4259585cc87f2
Opcode Fuzzy Hash: cf176f1e1a17f7b33f98a2125034267e0e284a0222493621ffc6d86c36a11102
Instruction Fuzzy Hash: 77F17221C1DF9A87D7129B3A8542166F7A0BFFA284F15EB1AFDD431422EB71B2D58340

Function 00589340 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6b6b60c0e7865d1be638c0447b30e2cc07c38b8b38f842484b385e69ca8f6e
Instruction ID: d74a9e5784a753d0dae2757cf207ecbd6737fc019c486465786f8824ea8c6c48
Opcode Fuzzy Hash: 8c6b6b60c0e7865d1be638c0447b30e2cc07c38b8b38f842484b385e69ca8f6e
Instruction Fuzzy Hash: F2D138327102218BDB18DF2DF8F066A73A3AB8D300F49D2399706C375ACE747825CA58

Function 005897F0 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8935aa6827ad4b00138dac20e42c1d28602f33a6efbc136d4f27857ac4cf71e
Instruction ID: b2b2fb6757607b9bf39fa24f970362522bbe0044b6f3e798b416b6a6e0c20890
Opcode Fuzzy Hash: b8935aa6827ad4b00138dac20e42c1d28602f33a6efbc136d4f27857ac4cf71e
Instruction Fuzzy Hash: E5D138727102218BDB58DF2DF8F066A73A3AB8D300F49D6399706C375ACE747825CA59

Function 00586290 Relevance: .3, Instructions: 336COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
Opcode Fuzzy Hash: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680

Function 0058EEB8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5970caa24a5b7e83917582662489d7c9eaf6877c7caab33755e958bc4bdf9b
Instruction ID: 6abe995d9bc89464685de626a35568446d8e0cb0473b0fb7151c02b103ec5b22
Opcode Fuzzy Hash: cc5970caa24a5b7e83917582662489d7c9eaf6877c7caab33755e958bc4bdf9b
Instruction Fuzzy Hash: A0E19121C1DF8A87D6129B3A85421A6F7A0BFFB384F14DB1AFDD431422EB61B2D59340

Function 00588900 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c2393d1d9735499076d93a0b72f29966404e5afa41d951a02dc35dfd89d012
Instruction ID: bb018c30655cc38f6be07770f3e8f9433913fff035848ddf1d5c19becd977d4a
Opcode Fuzzy Hash: f8c2393d1d9735499076d93a0b72f29966404e5afa41d951a02dc35dfd89d012
Instruction Fuzzy Hash: D2C1EA7575060A8FD750CEADE8C079A63E3AF8C30CF6A85349F18CB346D975A8619B90

Function 00588D20 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8d73f5765f8a9ce50b8fd4d49e34fa637d2a72b4d3ab4e618b4578db6171323
Instruction ID: d8777bd841593ae2677a03b619aeda16eaf0e585bb5dc75019e838d018e3b9af
Opcode Fuzzy Hash: b8d73f5765f8a9ce50b8fd4d49e34fa637d2a72b4d3ab4e618b4578db6171323
Instruction Fuzzy Hash: 2AC1EA7575060A8FD750CEADE8C079A63E3AF8C30CF6A85349F18CB346D975A8619B90

Function 00584247 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9925bdacea37bc8ede6184d250125114495a573346a140b6f447e30ff5eb345a
Instruction ID: b26484c1802d310ccd79d6034b3b528f20be0a7b70f7ee18c93929b873c6972a
Opcode Fuzzy Hash: 9925bdacea37bc8ede6184d250125114495a573346a140b6f447e30ff5eb345a
Instruction Fuzzy Hash: 0FB195A0039FA686CBD3FF30911024BF7E0BFC525DF44094AD99996864EF3EE94E9215

Function 00589E80 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
Instruction ID: 0b4295d3a6041936d4033587156edab30a0567e053ebaa9c26d1ac79160d2b01
Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
Instruction Fuzzy Hash: 089115739187BA06D7609EAE8C441B9B6E3AFC4210F9B0776DD9467242C9309E0697D0

Function 005922DF Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f929828236653f1828f30bf0d4099f0864e1ef194b50a13e827a59bf57be3452
Instruction ID: eedc12cdcd3adbe038c42a3d4df62c101012daf02b0c78e369ae0db32fd0d878
Opcode Fuzzy Hash: f929828236653f1828f30bf0d4099f0864e1ef194b50a13e827a59bf57be3452
Instruction Fuzzy Hash: 73A1CCB69057069FCB18CF19C08445AFBE1BB9C324B218A1DE9ADA3B40C770F956CF81

Function 0058D276 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
Instruction ID: 9b1bd3fb63f486143eec4108d7095985c3ddc8770e07f52c4496779252f9888f
Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
Instruction Fuzzy Hash: E271D473A20B254B8714DEB98D94192F2F1EF88610B57C27CCE85E7B41EB31B95A96C0

Function 0058F492 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0abbea0e511f08baf7963c7e8cb779c121e705ea52432a4679a238104e56176e
Instruction ID: f07b4d05b1cc87907b4b0ca5fddbd5939c91bd3ac687119dddc9b42aaf01ae33
Opcode Fuzzy Hash: 0abbea0e511f08baf7963c7e8cb779c121e705ea52432a4679a238104e56176e
Instruction Fuzzy Hash: 29A18025C19FDA96D6139B3E85022A6F360BFFB284F54EB1AFDD031412EB61E2D59340

Function 00590120 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c5b62dee8c6177043bf3aaab07e918d27d824f722759a4aa2295981d68c2910
Instruction ID: 192b73d3da6eccd75f0e4878a47f147125c9099f8cd2fae9b413286af87171aa
Opcode Fuzzy Hash: 4c5b62dee8c6177043bf3aaab07e918d27d824f722759a4aa2295981d68c2910
Instruction Fuzzy Hash: B2A1FD72505225AFC784EF6AD8905ABB3E1FB88311F93C92EED8697640C730E914DBD4

Function 00590550 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1790e5bf4566b694e261011dfe538a102141e6b28456fa6a93af57a222a1df
Instruction ID: dfd199aea7319d839e0793e5d02c94cb8054164e2e7c3a083f4736c2119811b7
Opcode Fuzzy Hash: 7f1790e5bf4566b694e261011dfe538a102141e6b28456fa6a93af57a222a1df
Instruction Fuzzy Hash: 6AA1FF725152259FCB84EF6AD4905ABB3E1FF88311F93C92EED8697280C730E914DB94

Function 00583E57 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
Instruction ID: fab9d947a018da5313453731759326a3921f407c05b9c353c9f30a9dbda4ca2a
Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
Instruction Fuzzy Hash: ED8157B2A047019FC328CF19D88166AF7E1FFD8210F15892DE99E93B40D770F8558B92

Function 0058F961 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b9e161bee0238da00625fdbb45e2b72f657fe03ff0bfa1d25d411f0b586fee
Instruction ID: 0dffb9caca6d51d139ebfb6e3f5bc3234a0f1d3ecb8c8ced74a6d6a4f5fe9a11
Opcode Fuzzy Hash: c1b9e161bee0238da00625fdbb45e2b72f657fe03ff0bfa1d25d411f0b586fee
Instruction Fuzzy Hash: 6C918610D0CB9A87E625AF3D85411A6B7A1BFBE308F15EF19DDD936412DB20B6D58380

Function 0058EB55 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b0e0b0a43065487db4da26bd341151ff66cd39a899ac359fc13760d0de3fe5d
Instruction ID: 28f2e2f17749de6dbe0abd7275d681f48759d0ab35edf057100c97c8dca66385
Opcode Fuzzy Hash: 3b0e0b0a43065487db4da26bd341151ff66cd39a899ac359fc13760d0de3fe5d
Instruction Fuzzy Hash: C6919424C0DF9A97E3129B398546162F761BFBB248F15EB0EFDD931812EB2072D49380

Function 0058B7C0 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
Instruction ID: 05336d6e2fd32722dce28c044dddb56144905b5d8669be67b6e530bb58305eb8
Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
Instruction Fuzzy Hash: 57710622535B7A0AEBC3DA3D885046BF7D0BE4910AB850956DCD0F3181D72EDE4E77A4

Function 0058EF63 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1dbbdf133c40a4e37532ca14b6450d651f9a755ea31898b26f86515e63ca59d
Instruction ID: 7e8bda57fdcc66dd23a9cf8cc31e2e1f9f3b942c960f5d8ea6887a9bad6eaf54
Opcode Fuzzy Hash: f1dbbdf133c40a4e37532ca14b6450d651f9a755ea31898b26f86515e63ca59d
Instruction Fuzzy Hash: DD916E65C2DFCA86D6139B3D84022A6F360BFFB284F50DB1AFDD431422EB61A2D59340

Function 0058CFF9 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
Instruction ID: 28b2ec265d7b14d206b1a56b82502e5b0b32857a160426d9c4d9d7a3c904c5e2
Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
Instruction Fuzzy Hash: 3D816875A10B669BD754DF2AD8C045AFBF1FB08310B518A2ADCA583B80D334F961CFA0

Function 00593A69 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08b0d0e2480776f53b50e753cb4f52c7d8d55d0211c098861f99600a95c21a4c
Instruction ID: 9b977c6bd2acbf4886c0320c344757cff7c7a83abc2fa0c84a59e7dc3fcee7d6
Opcode Fuzzy Hash: 08b0d0e2480776f53b50e753cb4f52c7d8d55d0211c098861f99600a95c21a4c
Instruction Fuzzy Hash: 0D514BDAC29FAA45E723633A5982293EA109EF7589561D307FCF835E25F701B5C53220

Function 0058BA80 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
Instruction ID: 2b7693445752c5af8787983b5013725252b410c8945c6923681b97f307dcd0fb
Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
Instruction Fuzzy Hash: 8861A37390467B5BDB649E6DD8401A9B7A2BFC4310F5B8A75DC9823642C234EA11DBD0

Function 0058A3E0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
Instruction ID: 0923eba39986f0d78f19add751ba3943f4ec53b9094ed9608e0747aebe72f8e5
Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
Instruction Fuzzy Hash: E5617C3791262B9BDB61DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119BC4

Function 0058A1E0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
Instruction ID: faf3f6ebc092212fab1acb74e53fb4977d5744b6e46e486ebdf4621db9359101
Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
Instruction Fuzzy Hash: A0510D229257B946EBC3DA3D88504BEBBE0BE49206B460557DCD0B3181C72EDE4DB7E4

Function 005D19B0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91da4bc188a11ec5597461e4dd5dbeadd1112cf4aa891ec709a6e44e97ef8b21
Instruction ID: 8272b6019a90eb54a0ed216b0890be2582a63f24694663f6d946db5b3c415d8d
Opcode Fuzzy Hash: 91da4bc188a11ec5597461e4dd5dbeadd1112cf4aa891ec709a6e44e97ef8b21
Instruction Fuzzy Hash: C1410662267B811EEB29416C04523D92F12ABBB358F5CC6AFD445CF3C7D012CA0BE385

Function 0058851C Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef154315e46f76f3aeff10ff63ab106d0b37e174f4e0c5315cb11c17a56b475
Instruction ID: 05e74165cf8494cd5b7d9ffcc80e3db5e6bb21536b6de2761a4fed3bdaa0e233
Opcode Fuzzy Hash: 7ef154315e46f76f3aeff10ff63ab106d0b37e174f4e0c5315cb11c17a56b475
Instruction Fuzzy Hash: 88512874554A53ABC757DF0CD4801F5FBA2FF8730A798862A958083318C73A757ACB90

Function 005956C0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1

Function 00592CD0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e4fab74b48548a372432318b0e05aa6649e2d4d09345299b611156cd148044b
Instruction ID: fd372e732c87eedcbd83df8b9699284ff7e24ae36f25638bf6e0fa4afbfc553b
Opcode Fuzzy Hash: 6e4fab74b48548a372432318b0e05aa6649e2d4d09345299b611156cd148044b
Instruction Fuzzy Hash: 544100B0518B058FC324DF15D09476BFBE1FB88314FA5892CEAAA0B645C731E815DF92

Function 00595580 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82

Function 00587640 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23902a981fecbbd91ba0d628fb66871011203f0958944686a2ec8f0446cf3c16
Instruction ID: 928068cb00e204885dc718d6773fa0c673928f89638c2e2e5cb05e7f2eea2130
Opcode Fuzzy Hash: 23902a981fecbbd91ba0d628fb66871011203f0958944686a2ec8f0446cf3c16
Instruction Fuzzy Hash: 25314F73A156248BD350CE779D40147BAD3A7C4770F1FC569EC98EB206DA34D8068BC2

Function 00587770 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c26ce0aed3a1e369ccfd95065a7658e18b3f24f00091d85cb86fc9268edafa7
Instruction ID: d83b182e3b50a92276562db81691b9a40bf635ea5fe25ea3483d8b18fd0eff71
Opcode Fuzzy Hash: 4c26ce0aed3a1e369ccfd95065a7658e18b3f24f00091d85cb86fc9268edafa7
Instruction Fuzzy Hash: 52314C73A156248BD350CE779D40147BAD3A7C8770F1FC5A9EC98EB20ADA34D8068BC2

Function 00595833 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0372b57037405b7a27b5f421927041ff594b868890edcb050f6a9df4c9e3829
Instruction ID: db9bdc3e266ba7a929c10373c02fe96ebb37249bf735d3edff918962b7a33ad5
Opcode Fuzzy Hash: e0372b57037405b7a27b5f421927041ff594b868890edcb050f6a9df4c9e3829
Instruction Fuzzy Hash: 2C3128715187419FD741EF29C480A4BFBE1FFC8354F41C919F98897221E734E9848B62

Function 0058FA33 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c419e8f3a89adb8134680be18b92dc67ef08d0b4ffde525f3711df2bef199410
Instruction ID: 81dd644100d72d8fc9f375322dc926e046b18de0162fc42fc9e4d325e417e671
Opcode Fuzzy Hash: c419e8f3a89adb8134680be18b92dc67ef08d0b4ffde525f3711df2bef199410
Instruction Fuzzy Hash: 8D411011C18F9982E7229F3D85411F6B7A0BFBD308F55EB19DED935812EB21B6D58340

Function 0058FA52 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93bbfbdf56513c38dd606b671caef5ade2577eec20e0dfbc0c65cace92e3ec5
Instruction ID: 8704a0887ae26cef14f8a524297dffa098bbb9b43b62f43d9bdb44ac120871d2
Opcode Fuzzy Hash: f93bbfbdf56513c38dd606b671caef5ade2577eec20e0dfbc0c65cace92e3ec5
Instruction Fuzzy Hash: FC411111C18F9982E6229F3D85411F6B7B0BFBD308F56EB19DED935812EB21B6E58340

Function 0058F7D1 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd81f02d9a0bdb6cfad8ca66f5a5a55555ab1e1da49a3cb88f8aed1b1aadf4d0
Instruction ID: 1047f4117e1f2bec656cc9bc5f21b81b578e8a34615545275b11e33c6a55f83d
Opcode Fuzzy Hash: cd81f02d9a0bdb6cfad8ca66f5a5a55555ab1e1da49a3cb88f8aed1b1aadf4d0
Instruction Fuzzy Hash: 7731B521C1DF9A87DB139F3A81411A2F761BFBA244B18DB0AED9436463EB31B1D98740

Function 0058F756 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cbcf6dbc31088135c15f3372da03e0e03ab113f1286747fc6dcff65e16c519d
Instruction ID: ee55902c2e86718fa1d12860f85236336373afc3b5b1319b04b0cedece4831c7
Opcode Fuzzy Hash: 7cbcf6dbc31088135c15f3372da03e0e03ab113f1286747fc6dcff65e16c519d
Instruction Fuzzy Hash: 74319221C1DB8B97DA179F3A8141052F361FFBA284B18DF4AED9436067EB31B1D98740

Function 00592E71 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 940c8de820863e70a7dec418e9ece79821342879a088f989d5511d11c356e3b7
Instruction ID: 6d55008308ee00fa80e3011a77ed263068fd634473940c2e93713afff117da50
Opcode Fuzzy Hash: 940c8de820863e70a7dec418e9ece79821342879a088f989d5511d11c356e3b7
Instruction Fuzzy Hash: D621E562C24F2A41D7D3AB34D4A0323E3A0FF4170DF4846EDC56D5A85AC77DE189A300

Function 0058F79B Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70ffe91bc39bfd3a75532b9b2560a63d067d3f39901df476ce44e9832c9be35
Instruction ID: 16bef26de61cda63cd4f89eca69b6a3485b8e90191609f0b7904cc257f643cd5
Opcode Fuzzy Hash: e70ffe91bc39bfd3a75532b9b2560a63d067d3f39901df476ce44e9832c9be35
Instruction Fuzzy Hash: 3031C721D1DF9A87DB039F3A8141062F761BEFA284715DF4AED9436463EB21B1D94740

Function 006678D0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 68f585c0252dea2c82ece4dc1787ddfb412ed3cc69ae246cf89d1e68f45e7363
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: ED11087724918283E614862ED4B45F6E7D7EBC6328F2C437AD1914B758E222EA45D540

Function 0058F2A4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a02df68352199c006bc45eac3393df60425f4d4fe186cc21bf9f9dad26472e2
Instruction ID: 7e2424e9059017613b7d88fee37acef00762a0c7befcf056ad2d746be590dddc
Opcode Fuzzy Hash: 3a02df68352199c006bc45eac3393df60425f4d4fe186cc21bf9f9dad26472e2
Instruction Fuzzy Hash: CC219721D1DB9A87D7129F3A8141066F7B1BFBE344B14DF1AEDA432422EB31B1D58780

Function 005B2A70 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18742fe80317eaa9b8b84293f21bfe72604604c3aed6b8d5963896df9af05541
Instruction ID: 5393f1083e7597b3ccb024e6ea8cb9831ddec4e7c5cc22ebc030bf0666df98a4
Opcode Fuzzy Hash: 18742fe80317eaa9b8b84293f21bfe72604604c3aed6b8d5963896df9af05541
Instruction Fuzzy Hash: 4701C93B174E0E46C639451C2438AF929407B12756FD80A19A6C7D83E2EFCAF857D06B

Function 0059389D Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5e200cac0d082b625a05f0c94986a5d540c810d4a50f93876bef93dc1a694a
Instruction ID: 5e535bc5cf85c6e479c3dee255b910d83354548603211ff1ef19e20df466097f
Opcode Fuzzy Hash: bc5e200cac0d082b625a05f0c94986a5d540c810d4a50f93876bef93dc1a694a
Instruction Fuzzy Hash: E21130E9C2AFA906E713673B5942282DA109EF7588520D347FCB439E65F702B5C57210

Function 0058756C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43e268551122d0b3d599b4c393359efe7d2333c6dc3ada99dec1aa2a65af3ca
Instruction ID: 11484c06690811b27a8a51f7f56aacb7c1acd69e94e59ab48b5ed97a11a55ed8
Opcode Fuzzy Hash: b43e268551122d0b3d599b4c393359efe7d2333c6dc3ada99dec1aa2a65af3ca
Instruction Fuzzy Hash: 30F0C273B656290B9360DDB66D00197A6C3B3C4370F1F8565EC84E7542E934DC4A87C6

Function 0059398D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 002c43a64ae2d2deed26ad982955fb1d997ad2a62482e9aacd5e7a6629156d6e
Instruction ID: 26ae77c670b97ae590aeee9fa85b5e1d5aeef6ba5edfd10da3b160ee0bb312f3
Opcode Fuzzy Hash: 002c43a64ae2d2deed26ad982955fb1d997ad2a62482e9aacd5e7a6629156d6e
Instruction Fuzzy Hash: 08014FDAC29FAA45E323633A5983282DA109FF7588620D347FCF839E61F70175C57220

Function 00587500 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb00d9a225ae3a7a27e889d89d2e24336acd1b24d6a7bc19dd565965e846bd1
Instruction ID: 3837407fcb3672658f6ab05d38941ee7500e822266da77aaee6f9fb5185c2654
Opcode Fuzzy Hash: 0eb00d9a225ae3a7a27e889d89d2e24336acd1b24d6a7bc19dd565965e846bd1
Instruction Fuzzy Hash: 35F08C33A20A340B6360CC7A8D05097A2C7A7C86B0B1FC969ECA0E7206E930EC0656D5

Function 0058D0FA Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
Instruction ID: a1543fd30c6f8130636a1f4533e694e2fc821599b16858809b69729dcff7e6fe
Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
Instruction Fuzzy Hash: 29012C768106629BD700DF3ED8C0456FBF1BB082117528B26DC9083A41D334E662DBE4

Function 00592DBB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab3b469c97883d1bbafc22afeb8bb67288a514de802057fc47a1196c1ba7f489
Instruction ID: d10a2c95291133fe7bc9be199ebbcb8b6add8ef5b8a320bd5f0d7c8f04562ba4
Opcode Fuzzy Hash: ab3b469c97883d1bbafc22afeb8bb67288a514de802057fc47a1196c1ba7f489
Instruction Fuzzy Hash: 6BF081F0520B084DD326EF60D0587BBF7E5EB88300FA98C2CCB9706549DA34B006EA10

Function 00581D74 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36533635b89c62fd37afc15c2e7536996d8621b3c607fd60cb49a1d9502242d3
Instruction ID: 381340a5482e9f5618e4d55c6217b69f49f35ac01ef3f562fcbd7b2fd6e3b328
Opcode Fuzzy Hash: 36533635b89c62fd37afc15c2e7536996d8621b3c607fd60cb49a1d9502242d3
Instruction Fuzzy Hash: 44C04C31505500CAD765DB2499633A276B5F791340F15C895D40756051D635A0128709

Function 005A8043 Relevance: 56.3, APIs: 9, Strings: 23, Instructions: 302COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 005A804E
_strtok.LIBCMT ref: 005A80BB
_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
Sorry, could not resolve source route hop %s., xrefs: 005A8080
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
Sorry, you gave too many source route hops., xrefs: 005A80D8
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strtok$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$Sorry, could not resolve source route hop %s.$Sorry, you gave too many source route hops.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 3739413864-402126068
Opcode ID: 09d781cad71fc63a8e39e6fd6827784895d3005a4ea3c89f293a3fc10ea70703
Instruction ID: 56d76f04a7e50612e72f8c5ffc4130a32b2f8294894d0b7c5f7dbd2490c6b450
Opcode Fuzzy Hash: 09d781cad71fc63a8e39e6fd6827784895d3005a4ea3c89f293a3fc10ea70703
Instruction Fuzzy Hash: 35B17AB1E00205DBEB21AB10EC0AB7E3B65BB52711F050065ED05673D3EF395E42CBAA

Function 005A814C Relevance: 52.8, APIs: 7, Strings: 23, Instructions: 291COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
Invalid -d delay (must be greater than 0)., xrefs: 005A8168
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
`$s, xrefs: 005A8927
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
Since April 2010, the default unit for -d is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds., xrefs: 005A81CE
`%s, xrefs: 005A8940
Could not resolve source address %s., xrefs: 005A8B07
0123456789, xrefs: 005A8BEC
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
`$s, xrefs: 005A894C
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid -d delay (must be greater than 0).$Invalid port number "%s".$SCTP mode does not support connection brokering.$Since April 2010, the default unit for -d is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 4228090047-1195149219
Opcode ID: bf0c147c971727d1158084e9e969f36ebcb5855f3913aa35d4193dc7d52a0158
Instruction ID: c8e0b4f331a4ae817d96f4d56e0dd21caf76e3dd2fb6d8c928796421d18c94a8
Opcode Fuzzy Hash: bf0c147c971727d1158084e9e969f36ebcb5855f3913aa35d4193dc7d52a0158
Instruction Fuzzy Hash: 5EA18B71E00201DBEB21AB24EC0AB7E3B65BB52315F054165E90567393EF395E42CBAA

Function 005A8244 Relevance: 52.8, APIs: 7, Strings: 23, Instructions: 289COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Invalid -i timeout (must be greater than 0)., xrefs: 005A825A
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
`$s, xrefs: 005A8927
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
SCTP mode does not support connection brokering., xrefs: 005A8DDF
Since April 2010, the default unit for -i is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds., xrefs: 005A82C0
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
Could not resolve source address %s., xrefs: 005A8B07
0123456789, xrefs: 005A8BEC
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
`$s, xrefs: 005A894C
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid -i timeout (must be greater than 0).$Invalid port number "%s".$SCTP mode does not support connection brokering.$Since April 2010, the default unit for -i is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 4228090047-504186864
Opcode ID: 554b3ce1a1286790aecee4713fd23ac2c830537142cab5f61ad6c7bd0d5fcc32
Instruction ID: 7f1f4a1764a411ae232bc88aac2a0d6fc648332ffdf7aea35bbd17b70174123b
Opcode Fuzzy Hash: 554b3ce1a1286790aecee4713fd23ac2c830537142cab5f61ad6c7bd0d5fcc32
Instruction Fuzzy Hash: 69A17B71E01205DBEB21AB20EC0AB7E3B65BF52315F054175E90527393EF395E82CB6A

Function 005A8324 Relevance: 52.8, APIs: 7, Strings: 23, Instructions: 289COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
Invalid -w timeout (must be greater than 0)., xrefs: 005A833A
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
`$s, xrefs: 005A8927
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
Could not resolve source address %s., xrefs: 005A8B07
0123456789, xrefs: 005A8BEC
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
`$s, xrefs: 005A894C
Since April 2010, the default unit for -w is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds., xrefs: 005A83A0
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid -w timeout (must be greater than 0).$Invalid port number "%s".$SCTP mode does not support connection brokering.$Since April 2010, the default unit for -w is seconds, so your time of "%s" is %.1f minutes. Use "%sms" for %g milliseconds.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 4228090047-2470049500
Opcode ID: ceeb161feaa50bfdc6795a1e5fe5dd19f26d5ce805076303c67b0060986f207d
Instruction ID: a264db9e585ae55ab3b1051546bb050a6e764427702a05f67d25cbc57c96a868
Opcode Fuzzy Hash: ceeb161feaa50bfdc6795a1e5fe5dd19f26d5ce805076303c67b0060986f207d
Instruction Fuzzy Hash: 4FA18BB1E00205DBEB21AB20EC0AB7E3B65BB52305F054175E90527393EF395E42CB6A

Function 005A8891 Relevance: 52.8, APIs: 7, Strings: 23, Instructions: 264COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
Unrecognised option., xrefs: 005A889E
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
Try `--help' or man(1) ncat for more information, usage options and help., xrefs: 005A8891
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$Try `--help' or man(1) ncat for more information, usage options and help.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Unrecognised option.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-3508226643
Opcode ID: e80aacc2916a0c1f95dde563546a59eb1dca1623ffe6ff7c92a4f8a7c5f6c4ed
Instruction ID: 0ff0a078dbd8bc51288180d0fea205e18a46aa2d848385f6e68ab4dfda6a4ba0
Opcode Fuzzy Hash: e80aacc2916a0c1f95dde563546a59eb1dca1623ffe6ff7c92a4f8a7c5f6c4ed
Instruction Fuzzy Hash: D6918AB1E01205DBEB21AB10EC0AB7E3B65BB52315F050075E945273D3DF395E42CBAA

Function 005A5D10 Relevance: 52.7, APIs: 22, Strings: 8, Instructions: 223networkfilesynchronizationCOMMON

Download Yara Rule

APIs

WSACreateEvent.WS2_32 ref: 005A5D48
WSAEventSelect.WS2_32(?,00000000,00000021), ref: 005A5D5D
ReadFile.KERNEL32(005A554A,?,00000200,00000000,00000000,?,00000000), ref: 005A5D8A
WaitForMultipleObjects.KERNEL32(00000003,?,00000000,000000FF,?,00000000), ref: 005A5DA3
ResetEvent.KERNEL32(?,?,?,00000000), ref: 005A5DB3
WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,00000000), ref: 005A5DFE
GetOverlappedResult.KERNEL32(005A554A,00000000,?,00000000,?,00000000), ref: 005A5E4A
WSAEventSelect.WS2_32(?,?,00000000), ref: 005A5EA6
_free.LIBCMT ref: 005A5ED4
WSAEventSelect.WS2_32(?,?,00000021), ref: 005A5EF4
GetLastError.KERNEL32(?,00000000), ref: 005A5F17
WSACloseEvent.WS2_32(?), ref: 005A5F2E
__wassert.LIBCMT ref: 005A5F52

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

GetExitCodeProcess.KERNEL32(JUZ,?), ref: 005A5F69
TerminateProcess.KERNEL32(JUZ,00000000), ref: 005A5F91
GetExitCodeProcess.KERNEL32(JUZ,00000103), ref: 005A5FBB
shutdown.WS2_32(?,00000002), ref: 005A5FDD
_free.LIBCMT ref: 005A5FEA
WaitForSingleObject.KERNEL32(000000FF), ref: 005A5FFA
__wassert.LIBCMT ref: 005A6016
ReleaseMutex.KERNEL32 ref: 005A602F
__wassert.LIBCMT ref: 005A6048

Strings

ReleaseMutex(pseudo_sigchld_mutex) != 0, xrefs: 005A6043
Subprocess ended with exit code %d., xrefs: 005A5FCC
WaitForSingleObject(pseudo_sigchld_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A6011
ncat_exec_win.c, xrefs: 005A5F48, 005A600C, 005A603E
unregister_subprocess(info->proc) != -1, xrefs: 005A5F4D
TerminateProcess failed with code %d., xrefs: 005A5FA5
JUZ, xrefs: 005A5D25, 005A5F34, 005A5F67, 005A5F8F, 005A5FB9, 005A5FE3, 005A5FE9
Subprocess still running, terminating it., xrefs: 005A5F80

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Event$FileProcessSelect__wassert$CodeExitModuleWait_free$CloseCreateErrorHandleLastMultipleMutexNameObjectObjectsOverlappedReadReleaseResetResultSingleTerminateWriteshutdown
String ID: JUZ$ReleaseMutex(pseudo_sigchld_mutex) != 0$Subprocess ended with exit code %d.$Subprocess still running, terminating it.$TerminateProcess failed with code %d.$WaitForSingleObject(pseudo_sigchld_mutex, INFINITE) == WAIT_OBJECT_0$ncat_exec_win.c$unregister_subprocess(info->proc) != -1
API String ID: 2923702176-1467258775
Opcode ID: 1c9a21a045770cb203e96267f9fece3e548581736681ce03d7d4f2630c1d274d
Instruction ID: c9d0d5c0a3d23f39aaba929f0074296e966ce3522f7f81d8db1b2e15cf03f183
Opcode Fuzzy Hash: 1c9a21a045770cb203e96267f9fece3e548581736681ce03d7d4f2630c1d274d
Instruction Fuzzy Hash: BA9182F1900218AFEB609B10DC49FED7BB9FF45305F0041A9F609A2191EB719E95CF6A

Function 005A80E3 Relevance: 51.0, APIs: 7, Strings: 22, Instructions: 278COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
Invalid source-route hop pointer %d., xrefs: 005A8115
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$Invalid source-route hop pointer %d.$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-3615041484
Opcode ID: 8f6629cd8a8556dd1bdea269b755942c9642d62f055915f5f8e9e4191890f7fb
Instruction ID: b9c8ad483ba9bd6fa7bacc14af2cc1444c372ac533c0dbe56a0136d47a6b018e
Opcode Fuzzy Hash: 8f6629cd8a8556dd1bdea269b755942c9642d62f055915f5f8e9e4191890f7fb
Instruction Fuzzy Hash: 91A19B71E002019BEB20AB20EC1AB7E3B61BB52315F050175E945673D3DF395E43CB6A

Function 005A820B Relevance: 51.0, APIs: 7, Strings: 22, Instructions: 272COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
Invalid source port %d., xrefs: 005A8231
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$Invalid source port %d.$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-716718326
Opcode ID: 04b651ea60a0dfe7da9ac377ada367d2dd729b12034b04c4492d90f48fdd5234
Instruction ID: aff706257a336e5f9977435285415ce5847da0536f7f23318c08b6188e567769
Opcode Fuzzy Hash: 04b651ea60a0dfe7da9ac377ada367d2dd729b12034b04c4492d90f48fdd5234
Instruction Fuzzy Hash: 68A16B71E012059BEB21AB10EC0AB7E3B65BB52715F050175E945273D3DF394E42CBAA

Function 005A2400 Relevance: 49.3, APIs: 18, Strings: 10, Instructions: 285networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 005A2425

Part of subcall function 005B2D20: FormatMessageA.KERNEL32(000012FF,00000000,00000000,00000000,00732C68,00000080,00000000,?,005A21A8,00000000,?), ref: 005B2D3B

send.WS2_32(00000000,00000000,?,00000000), ref: 005A2484
WSAGetLastError.WS2_32 ref: 005A248E
_free.LIBCMT ref: 005A24A5

Strings

Proxy returned status code %d., xrefs: 005A2505, 005A26F0, 005A2797
Error reading proxy response Status-Line., xrefs: 005A24ED, 005A26DB
Error getting Proxy-Authenticate challenge., xrefs: 005A25BA
Error sending proxy request: %s., xrefs: 005A249A, 005A267E
Error parsing proxy response header., xrefs: 005A257A
Reconnection header:%s, xrefs: 005A2651
Error reading proxy response header., xrefs: 005A2729
Error building Proxy-Authorization header., xrefs: 005A2632
Proxy connection failed: %s., xrefs: 005A2431
Proxy reconnection failed: %s., xrefs: 005A25FF

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$FormatMessage_freesend
String ID: Error building Proxy-Authorization header.$Error getting Proxy-Authenticate challenge.$Error parsing proxy response header.$Error reading proxy response Status-Line.$Error reading proxy response header.$Error sending proxy request: %s.$Proxy connection failed: %s.$Proxy reconnection failed: %s.$Proxy returned status code %d.$Reconnection header:%s
API String ID: 4198914494-1398966102
Opcode ID: 105baa725abf844e59ea8d1ad3e4dffcf71dbed429d2935a7883ca77dce9b91b
Instruction ID: 69b98233892df6896bb819175d8e5510f6586ff4a2139c9df6886f64571591ff
Opcode Fuzzy Hash: 105baa725abf844e59ea8d1ad3e4dffcf71dbed429d2935a7883ca77dce9b91b
Instruction Fuzzy Hash: 0091D871D40119AACB20B7B59C4FFEE7A7DFF55301F0001A5F909B2191EE319B858BA6

Function 005A802B Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 264COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 9c3844d111779245d834c7069df9c3c3b54d8a6be449b24bd74c622f32c05a70
Instruction ID: ddb6bad6947e3b252aa14d1dbe11c53f6fab16cf42768a6fc682caf57e422407
Opcode Fuzzy Hash: 9c3844d111779245d834c7069df9c3c3b54d8a6be449b24bd74c622f32c05a70
Instruction Fuzzy Hash: 1B917B71E00305DBEB21AB10EC0AB7E3B65BB52315F054065E945673D3DF394E42CB6A

Function 005A8137 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 263COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: bf447ea585462e425b06a4128a6f5e91a7cf724098697c0b561d5af014c26894
Instruction ID: 81fb705d843ae1b836f8575cf2da67f1deb53eff5116039e61bb782d809b0a46
Opcode Fuzzy Hash: bf447ea585462e425b06a4128a6f5e91a7cf724098697c0b561d5af014c26894
Instruction Fuzzy Hash: 95918AB1E00205DBEB21AB20EC0AB7E3B65BB52315F054075E905273D3DF394E42CBAA

Function 005A81F6 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 263COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: a5c41e67acc46c9b9d0bc38d795263bed9ce0412a9ed2c79c68c82629518feb1
Instruction ID: 6484a2050697045ca5877f5f5c702b7605c87783522e62aa2d1ef81125ffb189
Opcode Fuzzy Hash: a5c41e67acc46c9b9d0bc38d795263bed9ce0412a9ed2c79c68c82629518feb1
Instruction Fuzzy Hash: C69179B1E00205DBEB21AB20EC0AB7E3B65BB52315F054075E905673D3DF395E42CBAA

Function 005A81E1 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 263COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 3f210b7bffe1b0050fdb874fb989e157b48d9b10e439a0134237dd49d2827e7b
Instruction ID: 5f8585e9130fa5352a320847112115127d1a09e324c11356d95153935fcc5729
Opcode Fuzzy Hash: 3f210b7bffe1b0050fdb874fb989e157b48d9b10e439a0134237dd49d2827e7b
Instruction Fuzzy Hash: CF9179B1E00205DBEB21AB20EC0AB7E3B65BB52315F054175E905673D3DF395E42CBAA

Function 005A801C Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 262COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: d1f404985935c4507e52fbc29053224ee56e0cbf3940c1b5023103593a3249cd
Instruction ID: 638f766fae0904316bbecfa1aaf1bc9985ad3ddb81b3d94fdf8c3981a6ad9693
Opcode Fuzzy Hash: d1f404985935c4507e52fbc29053224ee56e0cbf3940c1b5023103593a3249cd
Instruction Fuzzy Hash: 8E916B71E00305DBEB21AB10EC1AB7E3B65BB52315F0540A5E945273D3DF395E42CBAA

Function 005A8128 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 262COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: df2e680c0856a53bcd9dcd713bc06b17ea4685a152af2e1bc3614e135a756307
Instruction ID: a43b4b9516520950661ed4951ab60f39d70d24910f8a5c25cec8682a17826f10
Opcode Fuzzy Hash: df2e680c0856a53bcd9dcd713bc06b17ea4685a152af2e1bc3614e135a756307
Instruction Fuzzy Hash: 21916A71E00305DBEB21AB10EC1AB7E3B65BB52315F0540A5E945273D3DF394E42CBAA

Function 005A82E3 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 262COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 8c271d3ec2e6e97b1dd0c60ab821d06a27e8d4b107f910db5c0b5adef1a83dc7
Instruction ID: ce6a51abaa95d9f9523c816af444694a1aa061728cfbbe1c8c92719d900849c7
Opcode Fuzzy Hash: 8c271d3ec2e6e97b1dd0c60ab821d06a27e8d4b107f910db5c0b5adef1a83dc7
Instruction Fuzzy Hash: 39916AB1E00305DBEB21AB10EC1AB7E3B65BB52315F0540A5E945273D3DF395E42CBAA

Function 005A8315 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 262COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 86f833daf94c86e75a4f351803009c1c2c8059a7f36cb7b9a93d7ad10889718c
Instruction ID: 22e281b5fc358d69c35debfb24e2eb8eeecc15d4070c18a557bf351aca7ed70a
Opcode Fuzzy Hash: 86f833daf94c86e75a4f351803009c1c2c8059a7f36cb7b9a93d7ad10889718c
Instruction Fuzzy Hash: 72916AB1E00305DBEB21AB10EC1AB7E3B65BB52315F0540A5E945273D3DF395E42CBAA

Function 005A83B3 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 262COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 609402ce83e8ce8d6b1d1e75a9c2617fb8d42a8ac9ee4c7c6ea77e9e6e5db147
Instruction ID: 0d33320036b34febb6f8a3d57266a3e8a9a9068a3b03c1b47ebd3f1d8ee3fbe2
Opcode Fuzzy Hash: 609402ce83e8ce8d6b1d1e75a9c2617fb8d42a8ac9ee4c7c6ea77e9e6e5db147
Instruction Fuzzy Hash: 90917AB1E00305DBEB21AB10EC0AB7E3B65BB52315F0540A5E945273D3DF394E42CBAA

Function 005A82D2 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 261COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 9fb92f3e75c33921e1255f8b00f37c3e15b85a9ba2c9d0d0312aa0096c8d080f
Instruction ID: a78c3102398a2d92760a063b80589186c6a97e7f6ca0287bfe06a25c80920581
Opcode Fuzzy Hash: 9fb92f3e75c33921e1255f8b00f37c3e15b85a9ba2c9d0d0312aa0096c8d080f
Instruction Fuzzy Hash: BF917AB1E00305DBEB21AB10EC0AB7E3B65BB52315F0541A5E905273D3DF395E42CBAA

Function 005A830A Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 260COMMON

Download Yara Rule

APIs

_mbstowcs_s.LIBCMT ref: 005A88C5
_memset.LIBCMT ref: 005A8915
_free.LIBCMT ref: 005A8A52
_free.LIBCMT ref: 005A8A58

Strings

Could not resolve hostname %s., xrefs: 005A8C38
Invalid port number "%s"., xrefs: 005A8CDA
`$s, xrefs: 005A893B
$s, xrefs: 005A8951
`$s, xrefs: 005A8D29
$s, xrefs: 005A8D24
Vh<&s, xrefs: 005A8BAF
`$s, xrefs: 005A8D18
UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work., xrefs: 005A8DC0
`$s, xrefs: 005A8927
SCTP mode does not support connection brokering., xrefs: 005A8DDF
http, xrefs: 005A8970, 005A8985
-l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to., xrefs: 005A8ADA
`%s, xrefs: 005A8940
0123456789, xrefs: 005A8BEC
Could not resolve source address %s., xrefs: 005A8B07
$s, xrefs: 005A8D30
UDP mode does not support SSL., xrefs: 005A8D8B
46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n, xrefs: 005A88B9
UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec., xrefs: 005A8DAA
`$s, xrefs: 005A894C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_mbstowcs_s_memset
String ID: -l and -s are incompatible. Specify the address and port to bind to like you would a host to connect to.$0123456789$46Cc:e:g:G:i:km:hp:d:lo:x:ts:uvw:n$Could not resolve hostname %s.$Could not resolve source address %s.$Invalid port number "%s".$SCTP mode does not support connection brokering.$UDP mode does not support SSL.$UDP mode does not support connection brokering.If this feature is important to you, write nmap-dev@insecure.org with adescription of how you intend to use it, as an aid to deciding how UDPconnection brokering should work.$UDP mode does not support the -k or --keep-open options, except with --exec or --sh-exec.$Vh<&s$`$s$`$s$`$s$`$s$`$s$`%s$http$$s$$s$$s
API String ID: 2290147964-631660064
Opcode ID: 48b382b91f27a3f85c5a15b8b95eb03a53e652b58ea17f7aa37ff85e6719d817
Instruction ID: c447a31951ad21013ea23cad7f06c51f6142a308ad328a8809350688dc8b2b45
Opcode Fuzzy Hash: 48b382b91f27a3f85c5a15b8b95eb03a53e652b58ea17f7aa37ff85e6719d817
Instruction Fuzzy Hash: 5B9179B1E00205DBEB21AB10EC0AB7E3B65BB52315F0540A5E905273D3DF394E42CBAA

Function 005B5320 Relevance: 45.6, APIs: 21, Strings: 5, Instructions: 107pipethreadCOMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B5338

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B5358
__wassert.LIBCMT ref: 005B5378
__wassert.LIBCMT ref: 005B5398
CreatePipe.KERNEL32(0073337C,00733380,00000000,00000000,005B2597,00000000,00000000,?,007320A8), ref: 005B53AE
GetCurrentProcess.KERNEL32(00733378,00000000,00000000,00000002,00000000), ref: 005B53CB
GetStdHandle.KERNEL32(000000F6,00000000), ref: 005B53D0
GetCurrentProcess.KERNEL32(00000000), ref: 005B53D7
DuplicateHandle.KERNEL32(00000000), ref: 005B53DA
CloseHandle.KERNEL32 ref: 005B53F0
CloseHandle.KERNEL32 ref: 005B53F8
SetStdHandle.KERNEL32(000000F6), ref: 005B5400
__setmode.LIBCMT ref: 005B5411
__setmode.LIBCMT ref: 005B541B
GetStdHandle.KERNEL32(000000F6,00000000), ref: 005B5426
__open_osfhandle.LIBCMT ref: 005B542D
__dup2.LIBCMT ref: 005B543D
CreateThread.KERNEL32(00000000,00000000,005B5490,00000000,00000000,00000000), ref: 005B5454
CloseHandle.KERNEL32 ref: 005B546F
CloseHandle.KERNEL32 ref: 005B5477
CloseHandle.KERNEL32 ref: 005B547F

Strings

stdin_pipe_w == NULL, xrefs: 005B5373
thread_stdin_handle == NULL, xrefs: 005B5393
nbase_winunix.c, xrefs: 005B532E, 005B534E, 005B536E, 005B538E
stdin_pipe_r == NULL, xrefs: 005B5353
stdin_thread == NULL, xrefs: 005B5333

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Handle$Close$__wassert$CreateCurrentModuleProcess__setmode$DuplicateFileNamePipeThread__dup2__open_osfhandle
String ID: nbase_winunix.c$stdin_pipe_r == NULL$stdin_pipe_w == NULL$stdin_thread == NULL$thread_stdin_handle == NULL
API String ID: 1849156993-301782061
Opcode ID: f4888147074ae906faa6f1e94f98b3f05bc791b99d8a0b78cdfbbbb479814792
Instruction ID: c6ef350f5933aa2596827b058c79fc636e74420f754ae2fa991dabea8846fb61
Opcode Fuzzy Hash: f4888147074ae906faa6f1e94f98b3f05bc791b99d8a0b78cdfbbbb479814792
Instruction Fuzzy Hash: 0031B631A803147AFA702B74BC1BF953E55AB01B27F14C619F514AA2E0FEF86944CA5B

Function 005A2B20 Relevance: 39.0, APIs: 6, Strings: 16, Instructions: 456COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A2B4D

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005A2B78

Strings

Connected to proxy %s:%hu, xrefs: 005A2EBC
Failed to create stdin nsiod., xrefs: 005A303E
Error sending proxy request: %s., xrefs: 005A2F57
%lu bytes sent, %lu bytes received in %.2f seconds., xrefs: 005A30E2
Proxy connection failed., xrefs: 005A2FBA
Proxy connection failed: %s., xrefs: 005A2E62
Failed to create nsock_pool., xrefs: 005A2BE5
Error: short reponse from proxy., xrefs: 005A2F92
ncat_connect.c, xrefs: 005A2B43, 005A2B6E
Z, xrefs: 005A2FB4
type == NSE_TYPE_TIMER, xrefs: 005A2B48
status == NSE_STATUS_SUCCESS, xrefs: 005A2B73
Idle timeout expired (%d ms)., xrefs: 005A2B86
Sorry, -g can only currently be used with IPv4., xrefs: 005A2CCE
Failed to create nsock_iod., xrefs: 005A2C5C
Failed to set hostname on iod., xrefs: 005A2C82

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: %lu bytes sent, %lu bytes received in %.2f seconds.$Connected to proxy %s:%hu$Error sending proxy request: %s.$Error: short reponse from proxy.$Failed to create nsock_iod.$Failed to create nsock_pool.$Failed to create stdin nsiod.$Failed to set hostname on iod.$Idle timeout expired (%d ms).$Proxy connection failed.$Proxy connection failed: %s.$Sorry, -g can only currently be used with IPv4.$Z$ncat_connect.c$status == NSE_STATUS_SUCCESS$type == NSE_TYPE_TIMER
API String ID: 1760609008-679983938
Opcode ID: 0f3b41b04e46c86b00a42ca3c1560b170abaf66dad25f9f544abc4e883563c9e
Instruction ID: 2a947857e2c26b3b59de18c477cdf97a6897e8fadc19a65b03ca7a0a234a48ce
Opcode Fuzzy Hash: 0f3b41b04e46c86b00a42ca3c1560b170abaf66dad25f9f544abc4e883563c9e
Instruction Fuzzy Hash: 69D18FB1E00205BBEB117B64AC0BFBE3B6DBB55705F004065F805A11E3FA795A93876B

Function 005B0FA0 Relevance: 35.3, APIs: 12, Strings: 8, Instructions: 348networkCOMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

_free.LIBCMT ref: 005B1112

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

Part of subcall function 0066C5E4: ___report_securityfailure.LIBCMT ref: 0066C5E9

__wassert.LIBCMT ref: 005B1273

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

__wassert.LIBCMT ref: 005B1296
htons.WS2_32(?), ref: 005B12A1
__wassert.LIBCMT ref: 005B12C2
_memmove.LIBCMT ref: 005B12D0
__wassert.LIBCMT ref: 005B1003

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

_memmove.LIBCMT ref: 005B10D9
_free.LIBCMT ref: 005B11E4
__wassert.LIBCMT ref: 005B12F2
_memmove.LIBCMT ref: 005B1306
_memmove.LIBCMT ref: 005B136C

Strings

nse, xrefs: 005B0FFE, 005B126E
Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s, xrefs: 005B11A1
sslen <= sizeof(nse->writeinfo.dest), xrefs: 005B12BD
Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s, xrefs: 005B11C1
sin->sin_family == AF_INET6, xrefs: 005B1291
sslen <= sizeof(nse->iod->peer), xrefs: 005B12ED
Sendto request for %d bytes to IOD #%li EID %li [%s:%hu]%s, xrefs: 005B13D5
src\nsock_write.c, xrefs: 005B0FF9, 005B1269, 005B128C, 005B12B8, 005B12E8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$_memmove$Module_fprintf_free$ErrorFileFreeHandleHeapLastName___report_securityfailure__vfwprintf_p_memcpy_s_memsethtons
String ID: Sendto request for %d bytes to IOD #%li EID %li [%s:%hu]%s$Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s$Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s$nse$sin->sin_family == AF_INET6$src\nsock_write.c$sslen <= sizeof(nse->iod->peer)$sslen <= sizeof(nse->writeinfo.dest)
API String ID: 3713742693-3789109187
Opcode ID: 2d4e26f5f61cd46a59b8e6a0a65d26a3a68cb499f649f6913a1d629ef6edc634
Instruction ID: bb6de395b4b3e897d57adf96eab32023f408cef6184e3d28677099a160561015
Opcode Fuzzy Hash: 2d4e26f5f61cd46a59b8e6a0a65d26a3a68cb499f649f6913a1d629ef6edc634
Instruction Fuzzy Hash: F6C12875D00219ABDB20DF64CC86FEA77ADFF58300F4005A5FA49A7241E771AE908FA5

Function 005AD520 Relevance: 33.6, APIs: 8, Strings: 11, Instructions: 365networkCOMMON

Download Yara Rule

APIs

getsockopt.WS2_32(?,0000FFFF,00001007,?,00000004), ref: 005AD5B5
WSAGetLastError.WS2_32 ref: 005AD5BF
_perror.LIBCMT ref: 005AD631
__wassert.LIBCMT ref: 005AD645
__wassert.LIBCMT ref: 005AD679
__wassert.LIBCMT ref: 005AD742
_wprintf.LIBCMT ref: 005AD80A
closesocket.WS2_32(?), ref: 005AD94E

Part of subcall function 005AE990: __wassert.LIBCMT ref: 005AE9AD

Strings

Strange connect error from %s (%d), xrefs: 005AD614
EID %li reconnecting with SSL_OP_NO_SSLv2, xrefs: 005AD93E
EID %li %s, xrefs: 005ADA13
SSL_new failed: %s, xrefs: 005AD6AF
Uh-oh: SSL_set_session() failed - please tell Fyodor, xrefs: 005AD805
h4nm, xrefs: 005AD73D
SSL_clear failed: %s, xrefs: 005AD99C
SSL_set_fd failed: %s, xrefs: 005AD6DF
certificate verification error for EID %li: %s, xrefs: 005AD890
ms->sslctx != NULL, xrefs: 005AD674
src\nsock_core.c, xrefs: 005AD63B, 005AD66F, 005AD738

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$ErrorLast_perror_wprintfclosesocketgetsockopt
String ID: EID %li %s$EID %li reconnecting with SSL_OP_NO_SSLv2$SSL_clear failed: %s$SSL_new failed: %s$SSL_set_fd failed: %s$Strange connect error from %s (%d)$Uh-oh: SSL_set_session() failed - please tell Fyodor$certificate verification error for EID %li: %s$h4nm$ms->sslctx != NULL$src\nsock_core.c
API String ID: 116990089-3712873215
Opcode ID: d85f812b851d959e292005186373385505551ce9f5dcce21a73822f094251918
Instruction ID: e9c6650b4ea205432b9068a73133916588b6b2158127cdb1aa67043d71c914d3
Opcode Fuzzy Hash: d85f812b851d959e292005186373385505551ce9f5dcce21a73822f094251918
Instruction Fuzzy Hash: 12D116B0900305ABDF20BF20CC8ABAE7BB9FF46304F100569F91E96592D735A984CB75

Function 0059EAC0 Relevance: 31.8, APIs: 5, Strings: 13, Instructions: 343COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059EB25

Strings

algorithm, xrefs: 0059ED38
auth-int, xrefs: 0059ED95
realm, xrefs: 0059EC88
Digest, xrefs: 0059EB05
Basic, xrefs: 0059EAEB
nonce, xrefs: 0059ECB4
MD5, xrefs: 0059ED4C
cnonce, xrefs: 0059EDAF
response, xrefs: 0059ED0C
auth, xrefs: 0059ED7A
qop, xrefs: 0059ED66
username, xrefs: 0059EC59
uri, xrefs: 0059ECE0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: Basic$Digest$MD5$algorithm$auth$auth-int$cnonce$nonce$qop$realm$response$uri$username
API String ID: 269201875-1588491986
Opcode ID: acb913a3ecad6a47309e4ec2b30c691c5660813a8c9332b5dce7402053e3bbc9
Instruction ID: 7893a7fad75c83bee12fd8f0eb04e17208a93fe5ff89c6680e66cd73900bbaf0
Opcode Fuzzy Hash: acb913a3ecad6a47309e4ec2b30c691c5660813a8c9332b5dce7402053e3bbc9
Instruction Fuzzy Hash: 01A1D0A19046026ADF10AB30AC4B73B7F9EBF55359F084936FC4AD5202FB25EA15C7A1

Function 0059E690 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 300COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059E6F7
_free.LIBCMT ref: 0059E923
_free.LIBCMT ref: 0059E92B
_free.LIBCMT ref: 0059E9CE

Strings

auth, xrefs: 0059E8B2
algorithm, xrefs: 0059E841
auth-int, xrefs: 0059E8CC
realm, xrefs: 0059E7B3
qop, xrefs: 0059E871
Digest, xrefs: 0059E6DF
opaque, xrefs: 0059E811
Basic, xrefs: 0059E6C5
nonce, xrefs: 0059E7E1
MD5, xrefs: 0059E856

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: Basic$Digest$MD5$algorithm$auth$auth-int$nonce$opaque$qop$realm
API String ID: 269201875-196838774
Opcode ID: 730049c71a2dc766e0f9befc00573b8537d37bbbd71c9115ad4462f13b7bb7d8
Instruction ID: 90f7db0a14cfdebedd37c175b5ea31e6dc76a0982444b5d9bc48cf8ef89ab633
Opcode Fuzzy Hash: 730049c71a2dc766e0f9befc00573b8537d37bbbd71c9115ad4462f13b7bb7d8
Instruction Fuzzy Hash: 5891C1A1D002066BDF20EBB4AC4766A7FA9BF51344F084875FC49D6202FB35EA55C7A2

Function 005A9D80 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 271networkCOMMON

Download Yara Rule

APIs

connect.WS2_32(00000000,?,?), ref: 005A9E76
send.WS2_32(00000000,00000000,?,00000000), ref: 005A9EEE
WSAGetLastError.WS2_32 ref: 005A9F90
WSAGetLastError.WS2_32 ref: 005A9F99
__WSAFDIsSet.WS2_32(?,?), ref: 005A9FF3
WSAGetLastError.WS2_32(?,?,?), ref: 005AA01E
send.WS2_32(?,?,00000000,00000000), ref: 005AA042
WSAGetLastError.WS2_32(?,?,?), ref: 005AA04D
__WSAFDIsSet.WS2_32(?,?), ref: 005AA070
recv.WS2_32(?,?,00002000,00000000), ref: 005AA08F
WSAGetLastError.WS2_32(?,?,?,?), ref: 005AA09C
WSAGetLastError.WS2_32 ref: 005AA0CA
closesocket.WS2_32(?), ref: 005AA0D7

Strings

Error sending %u leftover bytes: %s., xrefs: 005A9F14
Can't resolve name %s., xrefs: 005A9E29
Can't connect to %s., xrefs: 005A9E97
CONNECT to %s:%hu., xrefs: 005A9DE9
No port number in CONNECT URI., xrefs: 005A9DBA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$send$closesocketconnectrecv
String ID: CONNECT to %s:%hu.$Can't connect to %s.$Can't resolve name %s.$Error sending %u leftover bytes: %s.$No port number in CONNECT URI.
API String ID: 4287265157-4284069566
Opcode ID: d386b5f2ca4365d59833e69daa42795901d39cff6a166f6b0d3e3d69350d81bd
Instruction ID: 4b66d9feadcd8e85b76437e40e43522c254edf542a06421250f53f48e8159b2e
Opcode Fuzzy Hash: d386b5f2ca4365d59833e69daa42795901d39cff6a166f6b0d3e3d69350d81bd
Instruction Fuzzy Hash: 2A911971900219AEDF20BB749C8EBEE7BADFB45310F100596F909E21C1EB359D81CB66

Function 005B1C40 Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 132COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B1C5B

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B1C7B
__wassert.LIBCMT ref: 005B1CA3
__wassert.LIBCMT ref: 005B1CCB
__wassert.LIBCMT ref: 005B1D0A

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

__wassert.LIBCMT ref: 005B1D2A
__wassert.LIBCMT ref: 005B1D52
__wassert.LIBCMT ref: 005B1D7A
__wassert.LIBCMT ref: 005B1DA5

Part of subcall function 00667226: __itow_s.LIBCMT ref: 00667550

__wassert.LIBCMT ref: 005B1DD6

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1CC6, 005B1D75
list->magic == GH_LIST_MAGIC, xrefs: 005B1C76, 005B1D25
list->count == 0 || (list->first && list->last), xrefs: 005B1C9E, 005B1D4D
elem->magic == GH_LIST_MAGIC, xrefs: 005B1D05
list->last == elem, xrefs: 005B1DD1
src\gh_list.c, xrefs: 005B1C51, 005B1C71, 005B1C99, 005B1CC1, 005B1D00, 005B1D20, 005B1D48, 005B1D70, 005B1D9B, 005B1DCC
list, xrefs: 005B1C56
list->first == elem, xrefs: 005B1DA0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName__itow_s_memcpy_s
String ID: elem->magic == GH_LIST_MAGIC$list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->first == elem$list->last == elem$list->magic == GH_LIST_MAGIC$src\gh_list.c
API String ID: 1261084644-1313617570
Opcode ID: 1fb834f3ff91d907202cc800110f9b3524993639b47dfed1fcfc94b1455d645f
Instruction ID: 8d13d9f32349c442fbef9f32a55fc89aed655a8d17c15c952cb188b2605b5b77
Opcode Fuzzy Hash: 1fb834f3ff91d907202cc800110f9b3524993639b47dfed1fcfc94b1455d645f
Instruction Fuzzy Hash: 6241B971E80F06FFC7605B14D862F91BBA1BF40B25F45C62AF459566C0D3B0B9A4C68A

Function 005B1E00 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 105COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B1E1B

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B1E3B
__wassert.LIBCMT ref: 005B1E59
__wassert.LIBCMT ref: 005B1E79
__wassert.LIBCMT ref: 005B1EA1
__wassert.LIBCMT ref: 005B1EC9
__wassert.LIBCMT ref: 005B1EF4

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

__wassert.LIBCMT ref: 005B1F37

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1EC4
list->magic == GH_LIST_MAGIC, xrefs: 005B1E74
list->count == 0 || (list->first && list->last), xrefs: 005B1E9C
elem->magic == GH_LIST_MAGIC, xrefs: 005B1E36
list->last == elem, xrefs: 005B1F32
elem, xrefs: 005B1E16
src\gh_list.c, xrefs: 005B1E11, 005B1E31, 005B1E4F, 005B1E6F, 005B1E97, 005B1EBF, 005B1EEA, 005B1F2D
list, xrefs: 005B1E54
list->first == elem, xrefs: 005B1EEF

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_memcpy_s
String ID: elem$elem->magic == GH_LIST_MAGIC$list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->first == elem$list->last == elem$list->magic == GH_LIST_MAGIC$src\gh_list.c
API String ID: 206349368-3729104230
Opcode ID: b18e62123ff0b21d9ff238ebea7c664a0038a4383cd6a0b119004e08bc0b2839
Instruction ID: 69b8c6d229bdb63d0d9371130b3b4d7dd54932b136aace52532edcffaf0e8f31
Opcode Fuzzy Hash: b18e62123ff0b21d9ff238ebea7c664a0038a4383cd6a0b119004e08bc0b2839
Instruction Fuzzy Hash: CF31B372A40B06EBC7609F14E852F62BBA5BF40B21F05C52EF85996B80E371F550C696

Function 005A5630 Relevance: 29.8, APIs: 9, Strings: 8, Instructions: 83synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,005A5C24,?), ref: 005A5649
__wassert.LIBCMT ref: 005A5663

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,005A5C24,?), ref: 005A567A
__wassert.LIBCMT ref: 005A5694
WaitForSingleObject.KERNEL32(000000FF,?,?,005A5C24,?), ref: 005A56A4
__wassert.LIBCMT ref: 005A56BD
_signal.LIBCMT ref: 005A5725
ReleaseMutex.KERNEL32(?,005A5C24,?), ref: 005A573D
__wassert.LIBCMT ref: 005A5756

Strings

subprocesses_mutex != NULL, xrefs: 005A565E
pseudo_sigchld_mutex != NULL, xrefs: 005A568F
WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A56B8
ncat_exec_win.c, xrefs: 005A5659, 005A568A, 005A56B3, 005A574C
No free process slots for termination handler., xrefs: 005A56DA
Register subprocess %p at index %d., xrefs: 005A56FE
ReleaseMutex(subprocesses_mutex) != 0, xrefs: 005A5751
$\Z, xrefs: 005A56F0, 005A56FD

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Mutex$CreateModule$FileHandleNameObjectReleaseSingleWait_signal
String ID: $\Z$No free process slots for termination handler.$Register subprocess %p at index %d.$ReleaseMutex(subprocesses_mutex) != 0$WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0$ncat_exec_win.c$pseudo_sigchld_mutex != NULL$subprocesses_mutex != NULL
API String ID: 1618942818-4161116545
Opcode ID: 2566ec2de1eb6632722979ed3d7b88e5262103e56795e576d71e027dc5d1836e
Instruction ID: 76a3829f853211081bdb5a6f8e201a2de1de734ced88c23a77d0643562e45cb8
Opcode Fuzzy Hash: 2566ec2de1eb6632722979ed3d7b88e5262103e56795e576d71e027dc5d1836e
Instruction Fuzzy Hash: 4B212871E44714BAF7302B606C5BF1D3B85B721B66F00002AFA18B62E2FBF48551865F

Function 005AB220 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 199COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AB38D

Strings

SSL_CTX_use_PrivateKey(): %s., xrefs: 005AB3F9
ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL, xrefs: 005AB388
SSL_CTX_use_certificate_file(): %s., xrefs: 005AB46A
ncat_ssl.c, xrefs: 005AB383
Generating a temporary %d-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one., xrefs: 005AB324
Unable to set OpenSSL cipher list: %s, xrefs: 005AB2F1
SHA-1 fingerprint: %s, xrefs: 005AB399
ssl_gen_cert(): %s., xrefs: 005AB352
Failed to seed OpenSSL PRNG (RAND_status returned false)., xrefs: 005AB25A
SSL_CTX_new(): %s., xrefs: 005AB2AC
ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH, xrefs: 005AB2CD
The --ssl-key and --ssl-cert options must be used together., xrefs: 005AB434
SSL_CTX_use_certificate(): %s., xrefs: 005AB3C8
SSL_CTX_use_Privatekey_file(): %s., xrefs: 005AB4A0
SSLv23_server_method(): %s., xrefs: 005AB280

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH$Failed to seed OpenSSL PRNG (RAND_status returned false).$Generating a temporary %d-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.$SHA-1 fingerprint: %s$SSL_CTX_new(): %s.$SSL_CTX_use_PrivateKey(): %s.$SSL_CTX_use_Privatekey_file(): %s.$SSL_CTX_use_certificate(): %s.$SSL_CTX_use_certificate_file(): %s.$SSLv23_server_method(): %s.$The --ssl-key and --ssl-cert options must be used together.$Unable to set OpenSSL cipher list: %s$ncat_ssl.c$ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL$ssl_gen_cert(): %s.
API String ID: 3993402318-1023607928
Opcode ID: e488da44460c8859e7c15b20604590c99cef961e21582840f34fbc1b83f61698
Instruction ID: d23e92428d6f1511abbef17efa79389ba9d093538938172240071da0ea793a9b
Opcode Fuzzy Hash: e488da44460c8859e7c15b20604590c99cef961e21582840f34fbc1b83f61698
Instruction Fuzzy Hash: 4651D3B0E01602B6FE107BB46C4BFAE3A6DFF50305F054455F904A2293FA2AA51186AE

Function 00637E10 Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 475COMMONLIBRARYCODE

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 00637F0A
_strncmp.LIBCMT ref: 00637F3A
_memmove.LIBCMT ref: 00637FC7
_strncmp.LIBCMT ref: 00638095
_memmove.LIBCMT ref: 006380B4
_strncmp.LIBCMT ref: 006381A6
_memmove.LIBCMT ref: 006381E3
_strncmp.LIBCMT ref: 0063824A
_strncmp.LIBCMT ref: 00638266
_strncmp.LIBCMT ref: 00638287

Strings

.\crypto\pem\pem_lib.c, xrefs: 00637F69, 00637FAF, 00637FF1, 006382C9, 00638362, 006383C2, 006383E5, 0063843A
-----END , xrefs: 0063808F, 006381A0, 00638244
, xrefs: 006382F0
-----, xrefs: 00637F34, 00638281
-----BEGIN , xrefs: 00637F04

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp$_memmove
String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
API String ID: 3166575885-2733969777
Opcode ID: 7e9bb9279948f44d6daaa88e83f2f97a64628b314861a2eaaf39f259ec3c66bc
Instruction ID: 7a8dc1a3652f973d1df62d20c26328c73bce18ada22d84214f98bb06d24c5361
Opcode Fuzzy Hash: 7e9bb9279948f44d6daaa88e83f2f97a64628b314861a2eaaf39f259ec3c66bc
Instruction Fuzzy Hash: 92F1C4716083419FE721EB64DC46FABB7D9AF94704F040529F94897383EB74D90587D2

Function 005ADDC0 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 328COMMON

Download Yara Rule

Strings

nse->iod->ssl != NULL, xrefs: 005AE169
NSE #%lu: Removing event from event_lists[%i], xrefs: 005AE184
list %i, iterating %lu, xrefs: 005ADE98
Event has unknown type (%d), xrefs: 005AE12E
src\nsock_core.c, xrefs: 005AE164
before iterating, list %i, xrefs: 005ADE21
before iterating %lu, xrefs: 005ADE3A

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fprintf$__vfwprintf_p__wassert
String ID: Event has unknown type (%d)$NSE #%lu: Removing event from event_lists[%i]$before iterating %lu$before iterating, list %i$list %i, iterating %lu$nse->iod->ssl != NULL$src\nsock_core.c
API String ID: 2916389163-3819103802
Opcode ID: 96ffaaf875aeab3f6099d848a0062e8b55a27d8596434898c81d1d1975b4cd8e
Instruction ID: 6d1ce7190f13312a6d1efda8989f7e49245b484b0ebad48e10292fb8b862739f
Opcode Fuzzy Hash: 96ffaaf875aeab3f6099d848a0062e8b55a27d8596434898c81d1d1975b4cd8e
Instruction Fuzzy Hash: 20C1BE70A00616DFDB28DF24C886BAEBBF6BF46304F14452DE81A97281E731AD41CB61

Function 005AA530 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 319COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005AA615

Strings

Error parsing header., xrefs: 005AA71F
CONNECT, xrefs: 005AA803
Header:%s, xrefs: 005AA6E3
Bad method: %s., xrefs: 005AA685
HEAD, xrefs: 005AA881
GET, xrefs: 005AA851
Error parsing Request-Line., xrefs: 005AA62A
Error reading header., xrefs: 005AA6CD
Request-Line: %s, xrefs: 005AA5EE
Error reading Request-Line., xrefs: 005AA5D8
POST, xrefs: 005AA8B1
Failed SSL connection: %s, xrefs: 005AA58B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: Bad method: %s.$CONNECT$Error parsing Request-Line.$Error parsing header.$Error reading Request-Line.$Error reading header.$Failed SSL connection: %s$GET$HEAD$Header:%s$POST$Request-Line: %s
API String ID: 269201875-1893062376
Opcode ID: b463768a0ec32a15ea761305c1d8c1c9a38530143f0e89232c0a065f69b23672
Instruction ID: 61f9fb1513cae49b8da63736f752aecd36cf77c7238b02efa619d961f45ae5fa
Opcode Fuzzy Hash: b463768a0ec32a15ea761305c1d8c1c9a38530143f0e89232c0a065f69b23672
Instruction Fuzzy Hash: 95B1D872D4011A9ACF21B6709C4E7EE7B6DBF16300F0805E6E909E7142EB359E85CB67

Function 005B18A0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 105COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B18CE

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B18EE
__wassert.LIBCMT ref: 005B1913
__wassert.LIBCMT ref: 005B1938
__wassert.LIBCMT ref: 005B196D
__wassert.LIBCMT ref: 005B19AA
_free.LIBCMT ref: 005B19D7

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1933
free_index < 32, xrefs: 005B1968, 005B19A5
list->magic == GH_LIST_MAGIC, xrefs: 005B18E9
list->count == 0 || (list->first && list->last), xrefs: 005B190E
y7Z, xrefs: 005B19E4
src\gh_list.c, xrefs: 005B18C4, 005B18E4, 005B1909, 005B192E, 005B1963, 005B19A0
list, xrefs: 005B18C9

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_free
String ID: free_index < 32$list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->magic == GH_LIST_MAGIC$src\gh_list.c$y7Z
API String ID: 2045457572-1625238457
Opcode ID: 37ea91bbe8c475c1909c4d21e05a52859aa02c7aee800f3c0f32cc066279ab9b
Instruction ID: 05902886ce5f36a8d57ff0ee731d54dd32dbf44c69f9daf5be2579d3da50f797
Opcode Fuzzy Hash: 37ea91bbe8c475c1909c4d21e05a52859aa02c7aee800f3c0f32cc066279ab9b
Instruction Fuzzy Hash: BA314832A40709E7CBB05E149CB2FE5B722BF40B50F46812AF8595A285D670FD50C6DB

Function 005A1B10 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 311COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A1B56

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__read.LIBCMT ref: 005A1B7B
_free.LIBCMT ref: 005A1CFE
_free.LIBCMT ref: 005A1D09
closesocket.WS2_32(00000000), ref: 005A1E33

Strings

Closing connection., xrefs: 005A1DF8
Handling data from client %d., xrefs: 005A1BFB
Error formatting chat message from fd %d, xrefs: 005A1C5C
EOF on stdin, xrefs: 005A1D67
Error reading from stdin: %s, xrefs: 005A1D48
ncat_broker.c, xrefs: 005A1B4C
fdn, xrefs: 005A1B51

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module_free$FileHandleName__read__wassertclosesocket
String ID: Closing connection.$EOF on stdin$Error formatting chat message from fd %d$Error reading from stdin: %s$Handling data from client %d.$fdn$ncat_broker.c
API String ID: 1425795917-2589088409
Opcode ID: c2591740545cf95b0bc065f68b9d4feb37c71a577420e43bdfaac52be4b22796
Instruction ID: af9f6a462b6abec60ef63c9bec62003e35535f32b47da345799c17e9af272d3f
Opcode Fuzzy Hash: c2591740545cf95b0bc065f68b9d4feb37c71a577420e43bdfaac52be4b22796
Instruction Fuzzy Hash: 44B14A70900609DFEF14EF10EC996AD7BB9FB62341F0081AADA0982152F7359E86CF5D

Function 005AF0D0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 159COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF0F7

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AF14E
_free.LIBCMT ref: 005AF1FC

Strings

nsi_delete() called on nsock_iod which appears to have already been deleted, xrefs: 005AF105
src\nsock_iod.c, xrefs: 005AF0ED, 005AF144
pending_response == NSOCK_PENDING_NOTIFY || pending_response == NSOCK_PENDING_SILENT, xrefs: 005AF149
nsi_delete called with argument NSOCK_PENDING_ERROR on a nsock_iod that has %d pending event(s) associated with it, xrefs: 005AF126
nsi, xrefs: 005AF0F2
nsi_delete(): SSL shutdown failed (%s) on NSI %li, xrefs: 005AF245
Trying to delete NSI, but could not find %d of the purportedly pending events on that IOD., xrefs: 005AF1D8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName_free
String ID: Trying to delete NSI, but could not find %d of the purportedly pending events on that IOD.$nsi$nsi_delete called with argument NSOCK_PENDING_ERROR on a nsock_iod that has %d pending event(s) associated with it$nsi_delete() called on nsock_iod which appears to have already been deleted$nsi_delete(): SSL shutdown failed (%s) on NSI %li$pending_response == NSOCK_PENDING_NOTIFY || pending_response == NSOCK_PENDING_SILENT$src\nsock_iod.c
API String ID: 2627425660-4242804720
Opcode ID: 49995b08104b75031c264de62038eb3f7eaf45c1688ec9e8673812a539578b20
Instruction ID: c462f89914254111c6b967ac903c6f3bdba6e697caf879dc2e52717e6ba73667
Opcode Fuzzy Hash: 49995b08104b75031c264de62038eb3f7eaf45c1688ec9e8673812a539578b20
Instruction Fuzzy Hash: E5510475900700DBDB30AF64EC4ABAE7BA6FF51704F140A3DE45697281E732E914CBA2

Function 005B3A40 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

_wprintf.LIBCMT ref: 005B3A77
_wprintf.LIBCMT ref: 005B3A8A
_wprintf.LIBCMT ref: 005B3AB9
_wprintf.LIBCMT ref: 005B3ACC
_wprintf.LIBCMT ref: 005B3ADC
_wprintf.LIBCMT ref: 005B3AF1
_wprintf.LIBCMT ref: 005B3B09
_wprintf.LIBCMT ref: 005B3B1C
_wprintf.LIBCMT ref: 005B3B2C
_wprintf.LIBCMT ref: 005B3B41

Strings

%08lX , xrefs: 005B3A72
%02X, xrefs: 005B3AC7, 005B3AD7, 005B3B17, 005B3B27

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _wprintf
String ID: %02X$%08lX
API String ID: 2738768116-2186753140
Opcode ID: a929b973ba3e2590b617c06f3510a7349068365c38c73135eea20a9e12aa2a1e
Instruction ID: d86d2535580697d74d2d8ad0985baadddb84109c9d55b3153a66af6f9827d6a1
Opcode Fuzzy Hash: a929b973ba3e2590b617c06f3510a7349068365c38c73135eea20a9e12aa2a1e
Instruction Fuzzy Hash: 842123F3D446266A9B5066D85C43CB57E4BBB1071072A0163FC8AB6341F251FB588AF7

Function 005A6140 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 70synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 005A6162
__wassert.LIBCMT ref: 005A617B
GetExitCodeProcess.KERNEL32(?,?), ref: 005A61C3
TerminateProcess.KERNEL32(?,00000000,?,?), ref: 005A61EC
ReleaseMutex.KERNEL32 ref: 005A620B
__wassert.LIBCMT ref: 005A6225

Strings

WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A6176
ncat_exec_win.c, xrefs: 005A6171, 005A621B
kill index %d, xrefs: 005A61DC
Terminating subprocesses, xrefs: 005A614D
max_index %d, xrefs: 005A6192
ReleaseMutex(subprocesses_mutex) != 0, xrefs: 005A6220

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Process__wassert$CodeExitMutexObjectReleaseSingleTerminateWait
String ID: ReleaseMutex(subprocesses_mutex) != 0$Terminating subprocesses$WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0$kill index %d$max_index %d$ncat_exec_win.c
API String ID: 217169712-50151551
Opcode ID: 2b562678b648682fe1c5bfb44a4de790067dd13b7a7deacbc9d054da7079894e
Instruction ID: 835be0078e3e8b85d5b201a86775998db948a3c37eff0a7244200d79885d4aef
Opcode Fuzzy Hash: 2b562678b648682fe1c5bfb44a4de790067dd13b7a7deacbc9d054da7079894e
Instruction Fuzzy Hash: A1112C71900314BBE7105B55BC4AE6D3F59FB41B06F094119F904A2272EB79C953C75A

Function 005B44D0 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 424COMMONLIBRARYCODE

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 005B44E0
_strncmp.LIBCMT ref: 005B4674
_strncmp.LIBCMT ref: 005B46E9
_fprintf.LIBCMT ref: 005B4769
_fprintf.LIBCMT ref: 005B47BF
_fprintf.LIBCMT ref: 005B4842

Strings

%s: option `--%s' requires an argument, xrefs: 005B47B1
%s: option `--%s' doesn't allow an argument, xrefs: 005B475B
POSIXLY_CORRECT, xrefs: 005B44D9
%s: option `%s' is ambiguous, xrefs: 005B4834
%s: unrecognized option `%s', xrefs: 005B4899

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fprintf$_strncmp$__wgetenv
String ID: %s: option `%s' is ambiguous$%s: option `--%s' doesn't allow an argument$%s: option `--%s' requires an argument$%s: unrecognized option `%s'$POSIXLY_CORRECT
API String ID: 1252001697-3186393691
Opcode ID: 16805aaf3d1f2052634146719c1bf72ee3341b4fb57fb40ab37d0a0de9dd3a32
Instruction ID: 803ef0c2203d29736c759c72b370af4ce3173ba6d44745e94bc4bcb2bd86fb6f
Opcode Fuzzy Hash: 16805aaf3d1f2052634146719c1bf72ee3341b4fb57fb40ab37d0a0de9dd3a32
Instruction Fuzzy Hash: 48F1F2B0A002869FDF31CF58D8807BABFA5FF45314F1480AAE89597252D732AD42CF91

Function 006731C8 Relevance: 19.6, APIs: 13, Instructions: 84COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 006731DF

Part of subcall function 006767D7: __calloc_impl.LIBCMT ref: 006767E6

__calloc_crt.LIBCMT ref: 00673203
_free.LIBCMT ref: 00673211
__calloc_crt.LIBCMT ref: 0067321F
_free.LIBCMT ref: 0067322F
_free.LIBCMT ref: 00673235
__copytlocinfo_nolock.LIBCMT ref: 00673244
__wsetlocale_nolock.LIBCMT ref: 00673251
__setmbcp_nolock.LIBCMT ref: 00673265
_free.LIBCMT ref: 00673273
___removelocaleref.LIBCMT ref: 0067327A
___freetlocinfo.LIBCMT ref: 00673281
_free.LIBCMT ref: 00673287

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
String ID:
API String ID: 1503006713-0
Opcode ID: 8e2d15c1684bd95e4d1b6bbdc2f4b95261955831bbd22b503785966531f67258
Instruction ID: d935d3710a597aab2f1d76e09a452c5b196a5a8e8187b3c9cbdef7179aa0836d
Opcode Fuzzy Hash: 8e2d15c1684bd95e4d1b6bbdc2f4b95261955831bbd22b503785966531f67258
Instruction Fuzzy Hash: 2821F636504621AEEBB17F64DC02E4A7BE7DF41790B20C52DF54D5A762EF228B00EB58

Function 005B0670 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B06C7

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

_memmove.LIBCMT ref: 005B0703
getsockname.WS2_32(?,?,00000080), ref: 005B0746
_memset.LIBCMT ref: 005B0755
__wassert.LIBCMT ref: 005B0789

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

_memmove.LIBCMT ref: 005B07A5
_memset.LIBCMT ref: 005B07DB
_memset.LIBCMT ref: 005B07EB

Strings

src\nsock_connect.c, xrefs: 005B06BD, 005B077F
socklen > 0, xrefs: 005B06C2
slen > 0, xrefs: 005B0784

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset$Module__wassert_memmove$FileHandleName_memcpy_sgetsockname
String ID: slen > 0$socklen > 0$src\nsock_connect.c
API String ID: 2802950837-2265596112
Opcode ID: 84777f311c982271a097631b79a671e49bfa51c1c91b34d085567050495bac0f
Instruction ID: e26b3e486d9cfd5e4d1dfa1b25e6e1a2bca6cad6c024feb53175bef99e2b8326
Opcode Fuzzy Hash: 84777f311c982271a097631b79a671e49bfa51c1c91b34d085567050495bac0f
Instruction Fuzzy Hash: 7A41BD31A002149BDB24DF24DC91BABB7B9FF44710F1442ADE85D9B281EF31AD448F94

Function 005B0020 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 139COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0046

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

_memset.LIBCMT ref: 005B007D
__wassert.LIBCMT ref: 005B00AE
__wassert.LIBCMT ref: 005B0124

Strings

src\nsock_event.c, xrefs: 005B003C, 005B00A4, 005B011A
type < NSE_TYPE_MAX, xrefs: 005B00A9
msevent_new (IOD #%li) (EID #%li), xrefs: 005B01DE
timeout_msecs >= 0, xrefs: 005B011F
msevent_new (IOD #NULL) (EID #%li), xrefs: 005B01C1
+Z, xrefs: 005B0020
msiod->state != NSIOD_STATE_DELETED, xrefs: 005B0041

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$FileHandleName__vfwprintf_p_memset
String ID: +Z$msevent_new (IOD #%li) (EID #%li)$msevent_new (IOD #NULL) (EID #%li)$msiod->state != NSIOD_STATE_DELETED$src\nsock_event.c$timeout_msecs >= 0$type < NSE_TYPE_MAX
API String ID: 3609237820-3250929871
Opcode ID: e46797402a6c19487b7aa280e6db63c1eea6d9bb9675a4734d8888df99e2cb1e
Instruction ID: 8a43ee6181a1f0aa27e81536771ad4cc7c2aabc86c05704ecd12e6cdfa1b5334
Opcode Fuzzy Hash: e46797402a6c19487b7aa280e6db63c1eea6d9bb9675a4734d8888df99e2cb1e
Instruction Fuzzy Hash: 0F41E771A002059BCB54DF18DC82BAA7BA5FB44710F05923AFD09AF386E771AA14CBD5

Function 005A2960 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005A29EA
_strtok.LIBCMT ref: 005A2A13
_strtok.LIBCMT ref: 005A2A22
_free.LIBCMT ref: 005A2A31
_free.LIBCMT ref: 005A2A78
_free.LIBCMT ref: 005A2A7E

Strings

CONNECT, xrefs: 005A2A4D
Unknown authentication type., xrefs: 005A2A88
$s, xrefs: 005A2977, 005A2981
Basic %s, xrefs: 005A29D6
Proxy-Authorization:, xrefs: 005A2992

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$_strtok
String ID: Basic %s$CONNECT$Proxy-Authorization:$Unknown authentication type.$$s
API String ID: 3793430130-799106003
Opcode ID: 86ca3208e8b795023e2ab1496bf2d279fa45825f79ed02221a5d5dab75492515
Instruction ID: 6aa290f8fbcfc4a95ecaf6f7068f492b0042f76abfed94898859bcad831dbe64
Opcode Fuzzy Hash: 86ca3208e8b795023e2ab1496bf2d279fa45825f79ed02221a5d5dab75492515
Instruction Fuzzy Hash: 824180B6D00609BBCB11EBA4DC4ADDF7BBDBF45310F100296FD05A3241EA759B0587A5

Function 005A43F0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 121networkCOMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A441F

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005A443A
__wassert.LIBCMT ref: 005A449B
WSASetLastError.WS2_32(00000000), ref: 005A44C9
__wassert.LIBCMT ref: 005A44F7
_memmove.LIBCMT ref: 005A450C

Strings

result->ai_addrlen > 0 && result->ai_addrlen <= (int) sizeof(struct sockaddr_storage), xrefs: 005A44F2
sslen, xrefs: 005A4435
rc >= 0 && rc < sizeof(portbuf), xrefs: 005A4496
ncat_core.c, xrefs: 005A4415, 005A4430, 005A4491, 005A44ED
%hu, xrefs: 005A4470

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$ErrorFileHandleLastName_memmove
String ID: %hu$ncat_core.c$rc >= 0 && rc < sizeof(portbuf)$result->ai_addrlen > 0 && result->ai_addrlen <= (int) sizeof(struct sockaddr_storage)$sslen
API String ID: 3559440965-3933039210
Opcode ID: d54c8b6cccbb696a0003e25e8947ca89eb2049b209af623b0e26da1323e2df6f
Instruction ID: f2ad58fdc2c314dd5d85e259c08b79a9d289a7a6df5ad239cca9b3b810b24459
Opcode Fuzzy Hash: d54c8b6cccbb696a0003e25e8947ca89eb2049b209af623b0e26da1323e2df6f
Instruction Fuzzy Hash: 0941AB72E043046BDB10DFA4EC82FBE77A9FF99700F00011AFE45A7241F6B599458B96

Function 005C3980 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 78registrywindowCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,005C3AC6,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,005C36AE,.\crypto\cryptlib.c,00000253,pointer != NULL,005A0857), ref: 005C399A
GetFileType.KERNEL32(00000000), ref: 005C39A5
__vfwprintf_p.LIBCMT ref: 005C39C7

Part of subcall function 0066C01D: _vfprintf_helper.LIBCMT ref: 0066C030

vswprintf.LIBCMT ref: 005C39FD
GetVersion.KERNEL32 ref: 005C3A0D
RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 005C3A2B
ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 005C3A4F
DeregisterEventSource.ADVAPI32(00000000), ref: 005C3A56
MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 005C3A80

Strings

OpenSSL: FATAL, xrefs: 005C3A74
OPENSSL, xrefs: 005C3A24

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Event$Source$DeregisterFileHandleMessageRegisterReportTypeVersion__vfwprintf_p_vfprintf_helpervswprintf
String ID: OPENSSL$OpenSSL: FATAL
API String ID: 1849508505-1348657634
Opcode ID: 0cd153a10901cb6b704482223257a27dd6154800fc5527d364da2f7a369f0146
Instruction ID: ccf30bb15c12a3e439c305b3f500e50df82f583fe407c33aee01349ca4e701d6
Opcode Fuzzy Hash: 0cd153a10901cb6b704482223257a27dd6154800fc5527d364da2f7a369f0146
Instruction Fuzzy Hash: 3321B0B1604304AFE7A0AB60CC47FEB779AFF58701F40881DF699861D0EEB99544865B

Function 005AFF40 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AFF5B

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AFF79
__wassert.LIBCMT ref: 005AFF99
__wassert.LIBCMT ref: 005AFFB8
__wassert.LIBCMT ref: 005AFFE8

Strings

nsp->evl.events_pending >= 0, xrefs: 005AFFB3
src\nsock_event.c, xrefs: 005AFF51, 005AFF6F, 005AFF8F, 005AFFAE, 005AFFDE
nse, xrefs: 005AFF74
nsp, xrefs: 005AFF56
nse->iod->events_pending >= 0, xrefs: 005AFFE3
nse->event_done, xrefs: 005AFF94

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName
String ID: nse$nse->event_done$nse->iod->events_pending >= 0$nsp$nsp->evl.events_pending >= 0$src\nsock_event.c
API String ID: 335529470-982700732
Opcode ID: c0f89fb15050223f3490480149fbe0ec758b109f55bcd2f119af53806e247c96
Instruction ID: 34667cd963529c40742d14e69bdb553e56aa6de80261a897c20c34df893236e2
Opcode Fuzzy Hash: c0f89fb15050223f3490480149fbe0ec758b109f55bcd2f119af53806e247c96
Instruction Fuzzy Hash: 5211CB32B80204BAD61067509C57FDB7FDAFF92B14F07102AF91C26286E7B1951047E6

Function 0067329F Relevance: 18.1, APIs: 12, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

__invoke_watson.LIBCMT ref: 006732D8
__calloc_crt.LIBCMT ref: 00673329
__lock.LIBCMT ref: 0067333F
__copytlocinfo_nolock.LIBCMT ref: 00673350
__wsetlocale_nolock.LIBCMT ref: 00673367
_wcscmp.LIBCMT ref: 0067338A
__lock.LIBCMT ref: 006733A1
__updatetlocinfoEx_nolock.LIBCMT ref: 006733B3
___removelocaleref.LIBCMT ref: 006733B9
__updatetlocinfoEx_nolock.LIBCMT ref: 006733D8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson__wsetlocale_nolock_wcscmp
String ID:
API String ID: 2762079118-0
Opcode ID: 5902668042cfe078681e081c8548f25bb20605fa26c70bbd20ef5b86e2ba99bd
Instruction ID: fb7666520872b5708c5a9927b6e1a5071f6fb0e67554eb5428274ede1358a435
Opcode Fuzzy Hash: 5902668042cfe078681e081c8548f25bb20605fa26c70bbd20ef5b86e2ba99bd
Instruction Fuzzy Hash: 9A412432900315AFDB61AFA4D84279D77F2AF04310F20C52EF90C5A392DB7687429B58

Function 005ACD20 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 238COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005ACEA1
_memmove.LIBCMT ref: 005ACEDB

Strings

Program bug: fd (%d) not on list., xrefs: 005ACDD2
*offset <= *size, xrefs: 005ACE9C
Swapping fd[%d] (%d) with fd[%d] (%d), xrefs: 005ACD6B
Program bug: Trying to remove fd from list with no fds., xrefs: 005ACDC7
integer overflow %lu * %lu., xrefs: 005ACE66
Removed fd %d from list, nfds %d, maxfd %d, xrefs: 005ACDB4
integer overflow %lu + %lu., xrefs: 005ACE26
util.c, xrefs: 005ACE97

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert_memmove
String ID: *offset <= *size$Program bug: Trying to remove fd from list with no fds.$Program bug: fd (%d) not on list.$Removed fd %d from list, nfds %d, maxfd %d$Swapping fd[%d] (%d) with fd[%d] (%d)$integer overflow %lu * %lu.$integer overflow %lu + %lu.$util.c
API String ID: 878353696-2738761925
Opcode ID: 188db047a61d80e62f99df8be7b8bc2d03a767ab2acb8e6069ae01ad65cb317b
Instruction ID: 3ce3bc837f725946f0df50d7a4c52a6f0397365e787c080f920da95eec7aa947
Opcode Fuzzy Hash: 188db047a61d80e62f99df8be7b8bc2d03a767ab2acb8e6069ae01ad65cb317b
Instruction Fuzzy Hash: 2641B576604215AFCB10DF59DC85DAABFAEFF8A710714406AF9488B302D772ED11CBA1

Function 005AE2F0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 235COMMON

Download Yara Rule

Strings

Callback: %s %s %sfor EID %li [%s:%hu], xrefs: 005AE3B3
[%s (%d)] , xrefs: 005AE340
Callback: %s %s for EID %li [%s:%hu] %s(%d bytes)%s, xrefs: 005AE501
Callback: %s %s %sfor EID %li (peer unspecified), xrefs: 005AE402
Callback: %s %s %sfor EID %li, xrefs: 005AE592
[EOF], xrefs: 005AE4C1, 005AE4C9, 005AE52F, 005AE537
Callback %s %s for EID %li (peer unspecified) %s(%d bytes)%s, xrefs: 005AE552
src\nsock_core.c, xrefs: 005AE5B6

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fprintf$__getptd_noexit__vfwprintf_p__wasserthtonsvswprintf
String ID: Callback %s %s for EID %li (peer unspecified) %s(%d bytes)%s$Callback: %s %s %sfor EID %li$Callback: %s %s %sfor EID %li (peer unspecified)$Callback: %s %s %sfor EID %li [%s:%hu]$Callback: %s %s for EID %li [%s:%hu] %s(%d bytes)%s$[%s (%d)] $[EOF]$src\nsock_core.c
API String ID: 1380710141-2644316678
Opcode ID: 70c321fcb93b6387798f74dda555841bb89a9454a60ad449ac6419a4451bc4ce
Instruction ID: b72c90f04811b3d24f75e07b119bf36612ed6f4963de38b3980229c61c27f4cf
Opcode Fuzzy Hash: 70c321fcb93b6387798f74dda555841bb89a9454a60ad449ac6419a4451bc4ce
Instruction Fuzzy Hash: 8671D8B5D00205AFDB14AB64EC87EBFB79DFF54318F00056AF84E92253EB31AD548A61

Function 005AF700 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF753

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AF79E
__wassert.LIBCMT ref: 005AF7EF
_free.LIBCMT ref: 005AF859
_free.LIBCMT ref: 005AF881

Strings

nse, xrefs: 005AF799
nsp, xrefs: 005AF74E
src\nsock_pool.c, xrefs: 005AF749, 005AF794, 005AF7E5
nse->iod->events_pending >= 0, xrefs: 005AF7EA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_free$FileHandleName
String ID: nse$nse->iod->events_pending >= 0$nsp$src\nsock_pool.c
API String ID: 1807690261-2598767419
Opcode ID: bd1708fe06c574dc2888ca3792329472eb3c7220066b684f0418406aabd67067
Instruction ID: bce32fc4730c28bc58ceb8fcca1eadf390b6d7944d3d21f190f9f421c522cfb7
Opcode Fuzzy Hash: bd1708fe06c574dc2888ca3792329472eb3c7220066b684f0418406aabd67067
Instruction Fuzzy Hash: F941E971D012029BDB10AFA4DC86FAF7BA9BF81784F050135FD09AB242EB35E61587E5

Function 005C3840 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,005B5BAF,?,005C3A1F), ref: 005C3867
GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 005C3877
GetDesktopWindow.USER32 ref: 005C389B
GetProcessWindowStation.USER32(?,005C3A1F), ref: 005C38A1
GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,005C3A1F), ref: 005C38BC
GetLastError.KERNEL32(?,005C3A1F), ref: 005C38CA
GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,005C3A1F), ref: 005C3905
_wcsstr.LIBCMT ref: 005C392A

Strings

Service-0x, xrefs: 005C3920
_OPENSSL_isservice, xrefs: 005C3871

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
String ID: Service-0x$_OPENSSL_isservice
API String ID: 2112994598-1672312481
Opcode ID: c9b76f21f8de936618f569ec50bffb71ad644acc1a886334c0fe8355b4c3bed0
Instruction ID: ea1da7f80851d51d75be6cc55bd0998e42c0e375e64b346598835225e6c8702c
Opcode Fuzzy Hash: c9b76f21f8de936618f569ec50bffb71ad644acc1a886334c0fe8355b4c3bed0
Instruction Fuzzy Hash: 4B31C731A002099FDB509FB8EC45BAE77B8EF44721F14866DF816E71D0EF749A018B56

Function 005B0420 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 77networkCOMMON

Download Yara Rule

APIs

Part of subcall function 005B0520: _perror.LIBCMT ref: 005B054D

WSAGetLastError.WS2_32(?,?,00000000,?,?,?,?,?,?,?,5600002A), ref: 005B045D
__wassert.LIBCMT ref: 005B048A
htons.WS2_32(?), ref: 005B0495
__wassert.LIBCMT ref: 005B04BA
_memmove.LIBCMT ref: 005B04CB
connect.WS2_32(?,?,?), ref: 005B04E0
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,5600002A), ref: 005B04EC

Strings

sslen <= sizeof(iod->peer), xrefs: 005B04B5
src\nsock_connect.c, xrefs: 005B0480, 005B04B0
sin->sin_family == AF_INET6, xrefs: 005B0485

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast__wassert$_memmove_perrorconnecthtons
String ID: sin->sin_family == AF_INET6$src\nsock_connect.c$sslen <= sizeof(iod->peer)
API String ID: 1126094538-3885889868
Opcode ID: d9587cd0e94b3ae0a64f1d44fd4a55f14157fe7d0a796a40726b2b93c93846f3
Instruction ID: 5fa7c4cf6ccd65bd36173054e8165eb0469b9616aa70ed94de19646038b56418
Opcode Fuzzy Hash: d9587cd0e94b3ae0a64f1d44fd4a55f14157fe7d0a796a40726b2b93c93846f3
Instruction Fuzzy Hash: 6C210671400304ABDB205F65DC4ABDF7BA5FF44720F14952AF928472D2E375A8508B65

Function 005A5AA0 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(?,?,?), ref: 005A5AAF
__wassert.LIBCMT ref: 005A5ACD

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

WaitForSingleObject.KERNEL32(?,000000FF), ref: 005A5ADD
__wassert.LIBCMT ref: 005A5AF6
ReleaseMutex.KERNEL32 ref: 005A5B0C
__wassert.LIBCMT ref: 005A5B25

Strings

ReleaseMutex(pseudo_sigchld_mutex) != 0, xrefs: 005A5B20
pseudo_sigchld_mutex != NULL, xrefs: 005A5AC8
WaitForSingleObject(pseudo_sigchld_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A5AF1
ncat_exec_win.c, xrefs: 005A5AC3, 005A5AEC, 005A5B1B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$ModuleMutex$CreateFileHandleNameObjectReleaseSingleWait
String ID: ReleaseMutex(pseudo_sigchld_mutex) != 0$WaitForSingleObject(pseudo_sigchld_mutex, INFINITE) == WAIT_OBJECT_0$ncat_exec_win.c$pseudo_sigchld_mutex != NULL
API String ID: 2775428847-346067620
Opcode ID: d7156b57cd98f14ff989b0f9e5df5c7c1e0428c0534d67b8e0769a1cc4d443b6
Instruction ID: 34c47b7d9068946fd1df0532cfa8c86a4f2fb2082bf8f1f80a6962f0d493f627
Opcode Fuzzy Hash: d7156b57cd98f14ff989b0f9e5df5c7c1e0428c0534d67b8e0769a1cc4d443b6
Instruction Fuzzy Hash: 8CF0C2B1B483057FE6606F64AC46E2A375DF724B06F108129F904D2291FBB8C802862B

Function 0066ED91 Relevance: 16.8, APIs: 11, Instructions: 263COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0066EDCC

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

__gmtime64_s.LIBCMT ref: 0066EE65
__gmtime64_s.LIBCMT ref: 0066EE9B
__gmtime64_s.LIBCMT ref: 0066EEB8
__allrem.LIBCMT ref: 0066EF0E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066EF2A
__allrem.LIBCMT ref: 0066EF41
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066EF5F
__allrem.LIBCMT ref: 0066EF76
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066EF94
__invoke_watson.LIBCMT ref: 0066F005

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 2f66cf644c0430835c2b12805ef97936ead9ad885c971acb70e53f41e1b023df
Instruction ID: 018dceed9d727af21a22bdc0993e91fd04ff5404880e1ecdfbd1edffd007d965
Opcode Fuzzy Hash: 2f66cf644c0430835c2b12805ef97936ead9ad885c971acb70e53f41e1b023df
Instruction Fuzzy Hash: 5371E4B5A00716ABE7149F79CC41BAAB3AAAF04724F14823EF514D77C1EB72D9408BD4

Function 005A3350 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 419COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A33D4

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

__wassert.LIBCMT ref: 005A3537
__wassert.LIBCMT ref: 005A337E

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005A359A
_free.LIBCMT ref: 005A3618

Strings

ncat_connect.c, xrefs: 005A3374, 005A33CA, 005A352D, 005A3590
status == NSE_STATUS_SUCCESS, xrefs: 005A33CF, 005A3595
%s., xrefs: 005A346C, 005A348B, 005A363C, 005A365B
type == NSE_TYPE_READ, xrefs: 005A3379, 005A3532

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_free_memcpy_s
String ID: %s.$ncat_connect.c$status == NSE_STATUS_SUCCESS$type == NSE_TYPE_READ
API String ID: 3792695269-4233978470
Opcode ID: 66f25b1e30e8a6ecd49e0f422f0a4c097d0926f3ee2cffb44cf34f48497585cc
Instruction ID: f3e75c8015fe24fc45139f3947abae960b5835c98c4002807aea292f06df21bd
Opcode Fuzzy Hash: 66f25b1e30e8a6ecd49e0f422f0a4c097d0926f3ee2cffb44cf34f48497585cc
Instruction Fuzzy Hash: 6C515D72D4021476DB1176A8AC4FFEF7E5CAF96714F050022FD08B2292F561AB5582FB

Function 005AD0B0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 256networkCOMMON

Download Yara Rule

APIs

recvfrom.WS2_32(00000008,?,00002000,00000000,?,?), ref: 005AD148
WSAGetLastError.WS2_32(?,?,00002000,00000000,?,?), ref: 005AD155
__read.LIBCMT ref: 005AD188
__wassert.LIBCMT ref: 005AD1BC
_memmove.LIBCMT ref: 005AD1DC
WSAGetLastError.WS2_32 ref: 005AD22E

Strings

peerlen <= sizeof(iod->peer), xrefs: 005AD1B7
SSL_read() failed for reason %s on NSI %li, xrefs: 005AD3E4
src\nsock_core.c, xrefs: 005AD1B2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$__read__wassert_memmoverecvfrom
String ID: SSL_read() failed for reason %s on NSI %li$peerlen <= sizeof(iod->peer)$src\nsock_core.c
API String ID: 2375464485-943913281
Opcode ID: 5e39e0ef3607dee8678b382cf2316e800b4b18cd3542159e9e6cf1f1847e074a
Instruction ID: ab38f25cd851722a3054e2be1a59c3f9a7457b937b9d580894389182c0defcc2
Opcode Fuzzy Hash: 5e39e0ef3607dee8678b382cf2316e800b4b18cd3542159e9e6cf1f1847e074a
Instruction Fuzzy Hash: 5D9105759002199BDB24EF64CC89BDDB7B5FF05314F0042AAE91ED7282DB316E94CBA1

Function 005B24E0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,00000000), ref: 005B2536
__WSAFDIsSet.WS2_32(00000000,?), ref: 005B254B
__WSAFDIsSet.WS2_32(00000000,?), ref: 005B255A
__WSAFDIsSet.WS2_32(00000000,00000000), ref: 005B257C
__wassert.LIBCMT ref: 005B25AA
select.WS2_32(00000000,00000000,00000000,00000000,00000000), ref: 005B26DE
select.WS2_32(00000000,00000000,?,?,?), ref: 005B27C1

Part of subcall function 005B2FF0: Sleep.KERNEL32(007320A8,?,005B27EC,00002710,?,007320A8), ref: 005B2FFB

Strings

ret != 0, xrefs: 005B25A5
nbase_misc.c, xrefs: 005B25A0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: select$Sleep__wassert
String ID: nbase_misc.c$ret != 0
API String ID: 397136083-1591180994
Opcode ID: 87f3ca30edeb4145e8116e50da145b9d96d760676e9b3b30927b6efc15514274
Instruction ID: a9d215248226699ae2c7e7141ced4aca32bef98f559526310a871b48f1b5aeab
Opcode Fuzzy Hash: 87f3ca30edeb4145e8116e50da145b9d96d760676e9b3b30927b6efc15514274
Instruction Fuzzy Hash: 18918571A002198BDF25DF24C8557E9BBB9FF58310F1441ADE809AB281DB70AF85CFA4

Function 005A3E40 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 239COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005A3E87
_memset.LIBCMT ref: 005A3EB1
_strncat.LIBCMT ref: 005A3F6D
_strncat.LIBCMT ref: 005A3FAE
_strncat.LIBCMT ref: 005A404A
_strncat.LIBCMT ref: 005A4072

Strings

%02X , xrefs: 005A3F35
%.4x, xrefs: 005A3EFE
[%4.4s] %-50.50s %s, xrefs: 005A3FC6, 005A40A7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncat$_memset
String ID: %.4x$%02X $[%4.4s] %-50.50s %s
API String ID: 2457719212-3167463071
Opcode ID: 7cde5f5616c43de28fbf0c67d80f64eb05010b942b2fb9cb761d80bf89bd8008
Instruction ID: 4e7aae532b7eeb66f0fde804244c78dbdb210970c1130b64a501b6afe829eff6
Opcode Fuzzy Hash: 7cde5f5616c43de28fbf0c67d80f64eb05010b942b2fb9cb761d80bf89bd8008
Instruction Fuzzy Hash: 9F81F37190434D9ACB10DFA4CC49BFE7B7EBF55304F040299EA49AB142E771AB49CB61

Function 005A14D0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 224networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

accept.WS2_32(?,00000080), ref: 005A1520
closesocket.WS2_32(00000000), ref: 005A155A

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

Strings

add_fdinfo() failed., xrefs: 005A1771, 005A17CC
New connection denied: connection limit reached (%d), xrefs: 005A15D0
Connection from %s., xrefs: 005A15A5
Error in accept: %s, xrefs: 005A1546
Connection from %s on file descriptor %d., xrefs: 005A1591
Failed SSL connection from %s: %s, xrefs: 005A169E
New connection denied: not allowed, xrefs: 005A1615

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$acceptclosesocket
String ID: Connection from %s on file descriptor %d.$Connection from %s.$Error in accept: %s$Failed SSL connection from %s: %s$New connection denied: connection limit reached (%d)$New connection denied: not allowed$add_fdinfo() failed.
API String ID: 4198774548-2495864302
Opcode ID: 563a81c5a3e3a846d65b345208e15973197c9cffc2015e3db0bb905a51068410
Instruction ID: 4f6b0b47c9b384911574f171872ae8744c4e43a30942e3084b3922962d9bb305
Opcode Fuzzy Hash: 563a81c5a3e3a846d65b345208e15973197c9cffc2015e3db0bb905a51068410
Instruction Fuzzy Hash: B581F870D00505DFEF14AB60EC5ABAD3B79FB41302F0480A9E84AD6152EF355A99CF6E

Function 005A4AB0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 222COMMON

Download Yara Rule

Strings

udp, xrefs: 005A4B82, 005A4B8A, 005A4B8E
65535, xrefs: 005A4AC0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: 65535$udp
API String ID: 0-1267037602
Opcode ID: 43bd5594b3910ff61eeeba0d1bcd53cd6cc4d5c4fd701abd1c2b01e13e8468b6
Instruction ID: 5172f163cb8e73bb88cf7490fe23c1621af08e5ddc7a6b8115504579c911e5ed
Opcode Fuzzy Hash: 43bd5594b3910ff61eeeba0d1bcd53cd6cc4d5c4fd701abd1c2b01e13e8468b6
Instruction Fuzzy Hash: 9561E431A012099BDF14DFA9D855BBEBBA5FFC6310F04416EEC0A97281DBB5CC019BA1

Function 005A2230 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

Part of subcall function 005B0670: __wassert.LIBCMT ref: 005B06C7
Part of subcall function 005B0670: _memmove.LIBCMT ref: 005B0703
Part of subcall function 005B0670: getsockname.WS2_32(?,?,00000080), ref: 005B0746
Part of subcall function 005B0670: _memset.LIBCMT ref: 005B0755

Part of subcall function 005AF580: htons.WS2_32(?), ref: 005AF59D

__wassert.LIBCMT ref: 005A22C8

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005A233F

Strings

cert != NULL, xrefs: 005A22C3
ncat_connect.c, xrefs: 005A22BE, 005A2335
Connected to %s:%hu., xrefs: 005A2380
SSL connection to %s:%hu., xrefs: 005A229A
ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL, xrefs: 005A233A
%s, xrefs: 005A2306
SHA-1 fingerprint: %s, xrefs: 005A234B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_memmove_memsetgetsocknamehtons
String ID: %s$Connected to %s:%hu.$SHA-1 fingerprint: %s$SSL connection to %s:%hu.$cert != NULL$ncat_connect.c$ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL
API String ID: 1194385628-4275594481
Opcode ID: c512e1de5d98c65ce9083518ae03ca7ca6bc6abac7e66d3af1dd2948257edf4a
Instruction ID: 3e85d7a403561ed6ac37babe971c3f51fc5e0c063c46a6f2ad04ae867f7263af
Opcode Fuzzy Hash: c512e1de5d98c65ce9083518ae03ca7ca6bc6abac7e66d3af1dd2948257edf4a
Instruction Fuzzy Hash: 7431C8B2E4021577EA2076A46C0BFEF3A5CAF55704F000462FD05B52C2FA64AB5547FB

Function 005B09F0 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 73COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0A15

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B0A56

Strings

L,s, xrefs: 005B0A32
nse, xrefs: 005B0A51
nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN, xrefs: 005B0A10
:.Z, xrefs: 005B0A68, 005B0A98, 005B0A7D, 005B0A9F
TCP connection requested to %s:%hu (IOD #%li) EID %li, xrefs: 005B0A87
`$s, xrefs: 005B09F4, 005B0A35
src\nsock_connect.c, xrefs: 005B0A0B, 005B0A4C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: :.Z$L,s$TCP connection requested to %s:%hu (IOD #%li) EID %li$`$s$nse$nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN$src\nsock_connect.c
API String ID: 1760609008-3966029959
Opcode ID: 05dbb8c42ff43b18cd31cf898388470aa4959c9e50bec8558f4861efd74a5864
Instruction ID: 2dcc9aa229a8249fbbab8f3289ee20c95c0ca668032333d08a571aa4ac4ded56
Opcode Fuzzy Hash: 05dbb8c42ff43b18cd31cf898388470aa4959c9e50bec8558f4861efd74a5864
Instruction Fuzzy Hash: 9511AC32640209BBDB21AE449C87FEF3B6AFF85704F111004FE0866282D662BD218BA5

Function 005B0AC0 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 73COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0AE5

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B0B25

Strings

`$s, xrefs: 005B0AC4, 005B0B04
nse, xrefs: 005B0B20
nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN, xrefs: 005B0AE0
UDP connection requested to %s:%hu (IOD #%li) EID %li, xrefs: 005B0B56
src\nsock_connect.c, xrefs: 005B0ADB, 005B0B1B
L,s, xrefs: 005B0AF9
P-Z, xrefs: 005B0B34, 005B0B61, 005B0B4B, 005B0B6D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: L,s$P-Z$UDP connection requested to %s:%hu (IOD #%li) EID %li$`$s$nse$nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN$src\nsock_connect.c
API String ID: 1760609008-1533687154
Opcode ID: 5b0044356ca63fe5529351ac8a53ce33496f71576f5f1f8a4c3c50e9ec4f6c81
Instruction ID: 3ff8ac970b942924d931a52434e0c83ac4221aa4ed084e240ecae5c5098cfe85
Opcode Fuzzy Hash: 5b0044356ca63fe5529351ac8a53ce33496f71576f5f1f8a4c3c50e9ec4f6c81
Instruction Fuzzy Hash: 0511BE71640209BBDB11AE44DC87FEF3B2AFF85714F111109FD18662C2D671F9618AB5

Function 005B17C0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B17DA

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B17FA
__wassert.LIBCMT ref: 005B1822
__wassert.LIBCMT ref: 005B184A

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1845
list->magic == GH_LIST_MAGIC, xrefs: 005B17F5
list->count == 0 || (list->first && list->last), xrefs: 005B181D
src\gh_list.c, xrefs: 005B17D0, 005B17F0, 005B1818, 005B1840
list, xrefs: 005B17D5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName
String ID: list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->magic == GH_LIST_MAGIC$src\gh_list.c
API String ID: 335529470-4149527736
Opcode ID: 0eb3bb0c6970b19d39bab8e97807668113e03309c834962e975e00989de82ba1
Instruction ID: bb7d6b4a12ff9bab6d86773c010146be6fb79b846a3cba3d9c3c8e6af6f0b85b
Opcode Fuzzy Hash: 0eb3bb0c6970b19d39bab8e97807668113e03309c834962e975e00989de82ba1
Instruction Fuzzy Hash: EE21D271A00705EBDB704F14D866B927BE1FF00714F65C42EF449AA280E7B2E980C68A

Function 005B1B60 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B1B7A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B1B9A
__wassert.LIBCMT ref: 005B1BC2
__wassert.LIBCMT ref: 005B1BEA

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1BE5
list->magic == GH_LIST_MAGIC, xrefs: 005B1B95
list->count == 0 || (list->first && list->last), xrefs: 005B1BBD
src\gh_list.c, xrefs: 005B1B70, 005B1B90, 005B1BB8, 005B1BE0
list, xrefs: 005B1B75

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName
String ID: list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->magic == GH_LIST_MAGIC$src\gh_list.c
API String ID: 335529470-4149527736
Opcode ID: e8bfe4b250a2eafbcfaca5005fdd9021170cedbc23d83ce87a2989b84cdf5345
Instruction ID: ee75b10cc7712eeb8fab06b56f9ff6e2294b40095d1312327bf516cc5347169a
Opcode Fuzzy Hash: e8bfe4b250a2eafbcfaca5005fdd9021170cedbc23d83ce87a2989b84cdf5345
Instruction Fuzzy Hash: 5E21A231A44B05ABDB708F14D856B917BE1BF00B15F55C46EF48A96281F7B1F980C78A

Function 005B1A90 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 63COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B1AAA

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B1ACA
__wassert.LIBCMT ref: 005B1AF2
__wassert.LIBCMT ref: 005B1B1A

Strings

list->count != 0 || (list->first == NULL && list->last == NULL), xrefs: 005B1B15
list->magic == GH_LIST_MAGIC, xrefs: 005B1AC5
list->count == 0 || (list->first && list->last), xrefs: 005B1AED
src\gh_list.c, xrefs: 005B1AA0, 005B1AC0, 005B1AE8, 005B1B10
list, xrefs: 005B1AA5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName
String ID: list$list->count != 0 || (list->first == NULL && list->last == NULL)$list->count == 0 || (list->first && list->last)$list->magic == GH_LIST_MAGIC$src\gh_list.c
API String ID: 335529470-4149527736
Opcode ID: 1a16a8ebb536b16a9ad6c47398dd8fb198f023e65907a6be55564a4ee0513661
Instruction ID: 6a6c41fa4beffbae35a22c24506c9833c6d16255afc4142d9bc95924b64afa5d
Opcode Fuzzy Hash: 1a16a8ebb536b16a9ad6c47398dd8fb198f023e65907a6be55564a4ee0513661
Instruction Fuzzy Hash: A9119631A41B05DFDB748F14D866F91BBE5FF04B14F45C41EE49A96A80E3B0BC94C68A

Function 005A6270 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 49synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF,?,005A5F3B,JUZ,?,00000000), ref: 005A627B
__wassert.LIBCMT ref: 005A6294

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

ReleaseMutex.KERNEL32(JUZ,?,005A5F3B,JUZ,?,00000000), ref: 005A62C7
__wassert.LIBCMT ref: 005A62E0

Strings

WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A628F
ncat_exec_win.c, xrefs: 005A628A, 005A62D6
Unregister subprocess %p from index %d., xrefs: 005A6307
JUZ, xrefs: 005A62A1
ReleaseMutex(subprocesses_mutex) != 0, xrefs: 005A62DB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleMutexNameObjectReleaseSingleWait
String ID: JUZ$ReleaseMutex(subprocesses_mutex) != 0$Unregister subprocess %p from index %d.$WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0$ncat_exec_win.c
API String ID: 1222572828-3392720357
Opcode ID: 2afe228020a460e729afbac3ef3274b3aaa646548279dee98dc7b1bdfd6f764e
Instruction ID: ca8ab0cd13230efbd126e87bd658d6b4f297bb13367dc62f30870aeaa81fa1c0
Opcode Fuzzy Hash: 2afe228020a460e729afbac3ef3274b3aaa646548279dee98dc7b1bdfd6f764e
Instruction Fuzzy Hash: 48014C35A042217BE7101B50AC5AF1D3F54FF52B51F094235F954A22E1EA64CC12839A

Function 005CFF40 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 005CFF88
GetLastError.KERNEL32(?,?,00000000), ref: 005CFF94
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 005CFFB7
GetLastError.KERNEL32(?,?,00000000), ref: 005CFFC3
MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 005CFFF1
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 005D001B
GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 005D00B5

Strings

',', xrefs: 005D00CB
fopen(', xrefs: 005D00D1
.\crypto\bio\bss_file.c, xrefs: 005D00B0, 005D00EF, 005D0100

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID: ','$.\crypto\bio\bss_file.c$fopen('
API String ID: 1717984340-2085858615
Opcode ID: cf99837181561aefaae7343f5751b7d6b404b5d033659776dc60a1d8ba14aaf0
Instruction ID: e60c66966c62747c1aa427caf6d516c63d106531542c998c02440bfa0f163ade
Opcode Fuzzy Hash: cf99837181561aefaae7343f5751b7d6b404b5d033659776dc60a1d8ba14aaf0
Instruction Fuzzy Hash: F7512735A40305BBEB306BA4CC4BFAF7A66FF45700F05412BF901AB2C2DAA5590187A6

Function 005A63C0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 273networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

accept.WS2_32(?,00000080), ref: 005A6410
closesocket.WS2_32(00000000), ref: 005A644A

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

Strings

add_fdinfo() failed., xrefs: 005A671C, 005A677C
New connection denied: connection limit reached (%d), xrefs: 005A6532
Connection from %s:%hu., xrefs: 005A650E
Error in accept: %s, xrefs: 005A6436
Failed SSL connection from %s: %s, xrefs: 005A65FF
New connection denied: not allowed, xrefs: 005A6576

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$acceptclosesocket
String ID: Connection from %s:%hu.$Error in accept: %s$Failed SSL connection from %s: %s$New connection denied: connection limit reached (%d)$New connection denied: not allowed$add_fdinfo() failed.
API String ID: 4198774548-257788806
Opcode ID: 2d0f088b01160b966abb0d983a656105724ecc2edce722eb6e40cbcdbcc10edf
Instruction ID: 4a3f1dd034eab3c3f025ad4a6dc4427612b5c51bba0af54712e34bbee54381f7
Opcode Fuzzy Hash: 2d0f088b01160b966abb0d983a656105724ecc2edce722eb6e40cbcdbcc10edf
Instruction Fuzzy Hash: 84A14BB0900106DFEF14EF60EC4AB6D3B79FB15306F1480A9E84AE3152EF355956CB6A

Function 005B41A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 256COMMONLIBRARYCODE

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 005B41B3
_fprintf.LIBCMT ref: 005B4260
_fprintf.LIBCMT ref: 005B4313

Strings

%s: option requires an argument -- %c, xrefs: 005B4305
gH[, xrefs: 005B4498
gH[, xrefs: 005B41C6, 005B4418, 005B43A3, 005B4222, 005B43A6, 005B441B
%s: illegal option -- %c, xrefs: 005B4252
POSIXLY_CORRECT, xrefs: 005B41A9

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fprintf$__wgetenv
String ID: %s: illegal option -- %c$%s: option requires an argument -- %c$POSIXLY_CORRECT$gH[$gH[
API String ID: 192575029-4113403474
Opcode ID: a222d9a88f866b4b34bf5c7b913e264b777156f8071e1e857409ab19852bcce9
Instruction ID: 4079484f81904c8eb8936a0e2453bfc8edb147ae9fa0689c491ed348b12333cd
Opcode Fuzzy Hash: a222d9a88f866b4b34bf5c7b913e264b777156f8071e1e857409ab19852bcce9
Instruction Fuzzy Hash: C8A18CB49042A5AFEF31CF5CD8807A97FA5FB45314F18805AE8858B352C635AE82CF95

Function 0063DAA0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 249COMMON

Download Yara Rule

Strings

ssl3-md5, xrefs: 0063DCF9
.\ssl\ssl_lib.c, xrefs: 0063DAB1, 0063DADD, 0063DAFB, 0063DB28, 0063DCEA, 0063DD15, 0063DD40, 0063DE3E, 0063DE76, 0063DEF1
ALL:!aNULL:!eNULL:!SSLv2, xrefs: 0063DC7E
ssl3-sha1, xrefs: 0063DD24
ssl2-md5, xrefs: 0063DCCE
SSLv2, xrefs: 0063DC84, 0063DC8F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\ssl\ssl_lib.c$ALL:!aNULL:!eNULL:!SSLv2$SSLv2$ssl2-md5$ssl3-md5$ssl3-sha1
API String ID: 0-2116906738
Opcode ID: 4817f1ac569e1e9b8440b16525fc803df6cde23db97b195dfd67875939ad7178
Instruction ID: 4e37ed5e012659f2d8b6b30749c98708eca9ad8573f5800c7ae919ff512dde65
Opcode Fuzzy Hash: 4817f1ac569e1e9b8440b16525fc803df6cde23db97b195dfd67875939ad7178
Instruction Fuzzy Hash: C5A15FB0740B03BAF3059F21DD5ABD7FAE5BF44708F044229E5189A2C2E7B6A424CBD5

Function 005C5240 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 206COMMON

Download Yara Rule

APIs

__localtime64.LIBCMT ref: 005C5298
_memset.LIBCMT ref: 005C5399
_memmove.LIBCMT ref: 005C5409

Strings

number=%d, address=%08lX, xrefs: 005C534A
[%02d:%02d:%02d] , xrefs: 005C52A7
thread=%lu, file=%s, line=%d, info=", xrefs: 005C53B8
%5lu file=%s, line=%d, , xrefs: 005C52E1
thread=%lu, , xrefs: 005C531A

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __localtime64_memmove_memset
String ID: thread=%lu, file=%s, line=%d, info="$%5lu file=%s, line=%d, $[%02d:%02d:%02d] $number=%d, address=%08lX$thread=%lu,
API String ID: 2015878608-3316983000
Opcode ID: 746186590c6be71087005f579135253279092557d4bc1d49eec7e7be903212d1
Instruction ID: 17a1cf5f840ff747aa5308780ceee76b8eae2301583b42aed89a97ee684e5d65
Opcode Fuzzy Hash: 746186590c6be71087005f579135253279092557d4bc1d49eec7e7be903212d1
Instruction Fuzzy Hash: F76136715006016FCB15DFA8CC49FAB7FA9FF85308F48492DF98887102E726F5458BA5

Function 005A20B0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 174COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A20E1

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005A210F

Strings

ncat_connect.c, xrefs: 005A20D7, 005A2105
status == NSE_STATUS_SUCCESS, xrefs: 005A210A
Failed to create stdin nsiod., xrefs: 005A217B
Certificate verification error., xrefs: 005A214A
type == NSE_TYPE_CONNECT || type == NSE_TYPE_CONNECT_SSL, xrefs: 005A20DC
%s., xrefs: 005A21A9, 005A21C8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: %s.$Certificate verification error.$Failed to create stdin nsiod.$ncat_connect.c$status == NSE_STATUS_SUCCESS$type == NSE_TYPE_CONNECT || type == NSE_TYPE_CONNECT_SSL
API String ID: 1760609008-3485691289
Opcode ID: 9d64aa4eb3e2e9d6eea4fc258d9aea5c4a779cbd30c649fedb5d582ac63d1a91
Instruction ID: 2c38252701d48410cf2445af732b618f501a11d6b70aa5b7bbeee4643ea97270
Opcode Fuzzy Hash: 9d64aa4eb3e2e9d6eea4fc258d9aea5c4a779cbd30c649fedb5d582ac63d1a91
Instruction Fuzzy Hash: C121F976E4021632EA1137686C0FFAF7D1D7BA2B05F054026FE08B12A3F556E55282BB

Function 005AE600 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

__wassert.LIBCMT ref: 005AE6B3
__wassert.LIBCMT ref: 005AE76C
__wassert.LIBCMT ref: 005AE7D3
__wassert.LIBCMT ref: 005AE83A

Strings

NSE #%lu: Adding event, xrefs: 005AE616
+Z, xrefs: 005AE600
nse->iod->sd >= 0, xrefs: 005AE6AE, 005AE767, 005AE7CE
src\nsock_core.c, xrefs: 005AE6A9, 005AE762, 005AE7C9, 005AE830

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$_fprintf$__vfwprintf_p
String ID: +Z$NSE #%lu: Adding event$nse->iod->sd >= 0$src\nsock_core.c
API String ID: 218237209-2775401553
Opcode ID: 21f6b871a82fbfd226f62a1652948e669fba22cc8d6a95ea78a84161f6aba7b1
Instruction ID: 06fa4ade260e50287ca6c31a8a9cf0ca39692b3665e1aeeeb4a3f01e2b94451e
Opcode Fuzzy Hash: 21f6b871a82fbfd226f62a1652948e669fba22cc8d6a95ea78a84161f6aba7b1
Instruction Fuzzy Hash: A3510631B00B01AFD7149B64EC56F9ABBE6FF92315F040A2AF51D83251D771B860CBA1

Function 005ADBB0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 155networkCOMMON

Download Yara Rule

APIs

sendto.WS2_32(00000008,CCCCCCCC,83000000,00000000,005AF451,86890000), ref: 005ADC67
__wassert.LIBCMT ref: 005ADC11

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

send.WS2_32(00000008,CCCCCCCC,83000000,00000000), ref: 005ADC4C
__wassert.LIBCMT ref: 005ADCAF

Part of subcall function 00667226: _memcpy_s.LIBCMT ref: 00667395

Part of subcall function 005AE860: __wassert.LIBCMT ref: 005AE895

Part of subcall function 005AEAD0: __wassert.LIBCMT ref: 005AEAED

Strings

bytesleft > 0, xrefs: 005ADC0C
res == -1, xrefs: 005ADCAA
src\nsock_core.c, xrefs: 005ADC07, 005ADCA5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_memcpy_ssendsendto
String ID: bytesleft > 0$res == -1$src\nsock_core.c
API String ID: 4152049702-3472187406
Opcode ID: 49eb24193beb2b8262e7033c605a8615bf9df1cc56e16725461be8463e302328
Instruction ID: ea76836bb82578d115cddb065e2442640d53991cd55484e78ad7cf42ad27c984
Opcode Fuzzy Hash: 49eb24193beb2b8262e7033c605a8615bf9df1cc56e16725461be8463e302328
Instruction Fuzzy Hash: 6E519E71600704ABDB20AF68CD99BAE7BF9FB42314F14496DF86E87691D371AD00CB61

Function 005AECE0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 148networkCOMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AED06

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AEDD3
WSAGetLastError.WS2_32(?,?,?,?,00000000), ref: 005AEE40

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

Strings

msec_timeout >= -1, xrefs: 005AED01
nsock_loop error %d: %s, xrefs: 005AEE8F
combined_msecs == -1, xrefs: 005AEDCE
src\nsock_core.c, xrefs: 005AECFC, 005AEDC9
wait_for_events, xrefs: 005AED2C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$ErrorFileHandleLastName__vfwprintf_p
String ID: combined_msecs == -1$msec_timeout >= -1$nsock_loop error %d: %s$src\nsock_core.c$wait_for_events
API String ID: 2434803019-2961403923
Opcode ID: 1303e55865bc6c1d6eceae4b50c5b525a69e963b804f943ecbf536a16d36afe6
Instruction ID: 2443e3d29c8c1d06ee3e76fbda0c0de9995c1e06ab7df35e52333eec3bb0a2b2
Opcode Fuzzy Hash: 1303e55865bc6c1d6eceae4b50c5b525a69e963b804f943ecbf536a16d36afe6
Instruction Fuzzy Hash: 0E412E72E002049BCF189E28DC836DE775ABF85324F19477AFD19EF2C2D7309A1186A0

Function 005A1090 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 132COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,007321B0), ref: 005A1148
getpeername.WS2_32(00000000,?,00000080), ref: 005A1164

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

_free.LIBCMT ref: 005A1258

Strings

nobody, xrefs: 005A11F4
%s as <user%d>, xrefs: 005A11C0
<announce> already connected: , xrefs: 005A10F4
<announce> %s is connected as <user%d>., xrefs: 005A10D5
getpeername for sd %d failed: %s., xrefs: 005A117C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$_freegetpeername
String ID: %s as <user%d>$<announce> %s is connected as <user%d>.$<announce> already connected: $getpeername for sd %d failed: %s.$nobody
API String ID: 2516502739-2284656682
Opcode ID: aaecb19bcad3420b129cfda6d86ac43c2f638df1b0adffcb31024887210d1c79
Instruction ID: de2d6d33701f029255bb5066ce930b0fd0e4ac3f6942e2b161fa83a3b68ec27b
Opcode Fuzzy Hash: aaecb19bcad3420b129cfda6d86ac43c2f638df1b0adffcb31024887210d1c79
Instruction Fuzzy Hash: 094144B2D00528AADF61EAA0CC45FDF77BDBB44700F408196FA4DE2142EE349B558BA5

Function 005B3400 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

_fgetc.LIBCMT ref: 005B3423
_fgetc.LIBCMT ref: 005B3440

Part of subcall function 0066DBEF: __lock_file.LIBCMT ref: 0066DC27

Part of subcall function 0066C5E4: ___report_securityfailure.LIBCMT ref: 0066C5E9

_ungetc.LIBCMT ref: 005B3466
_fgetc.LIBCMT ref: 005B346E
_fgetc.LIBCMT ref: 005B34BC

Strings

8&s, xrefs: 005B3416
evZ, xrefs: 005B34E4
Host specification starting with "%s" is too long., xrefs: 005B351D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fgetc$___report_securityfailure__lock_file_ungetc
String ID: 8&s$Host specification starting with "%s" is too long.$evZ
API String ID: 1217111067-162145604
Opcode ID: a56362364c9429b5a773c590ff6f5fa65be99d2266372e918ea10cfcffcd582e
Instruction ID: 8f39d3be45ce526cf855f00e929c6c7e5d8b9f7e8995ed56c1df684674a373fd
Opcode Fuzzy Hash: a56362364c9429b5a773c590ff6f5fa65be99d2266372e918ea10cfcffcd582e
Instruction Fuzzy Hash: 2D31DBB1E001185BDB20AA7CAC857ED7799DF44330F1002F9EE19F32C1EA359F56869A

Function 005B08F0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 88COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0939
__wassert.LIBCMT ref: 005B096B

Strings

tcp, xrefs: 005B0993, 005B09A6
nse, xrefs: 005B0966
nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN, xrefs: 005B0934
sctp, xrefs: 005B099E
src\nsock_connect.c, xrefs: 005B092F, 005B0961
SSL connection requested to %s:%hu/%s (IOD #%li) EID %li, xrefs: 005B09BB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: SSL connection requested to %s:%hu/%s (IOD #%li) EID %li$nse$nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN$sctp$src\nsock_connect.c$tcp
API String ID: 3993402318-464943280
Opcode ID: e0062bf3ebd3be5f5a594e0f09b40fc8a198987cd9ff4ee16a6f6f929a835333
Instruction ID: 5ab3415c51f7caaee8287297b9c54787fdd882d09f3ff8180c806960e698af65
Opcode Fuzzy Hash: e0062bf3ebd3be5f5a594e0f09b40fc8a198987cd9ff4ee16a6f6f929a835333
Instruction Fuzzy Hash: 9921B031640209BBEB11AE549C87EEF3B6AFF85319F051115FD0866283D776ED208BB6

Function 005B0820 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0845

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005B0886

Strings

L,s, xrefs: 005B0862
SCTP association requested to %s:%hu (IOD #%li) EID %li, xrefs: 005B08B7
nse, xrefs: 005B0881
nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN, xrefs: 005B0840
src\nsock_connect.c, xrefs: 005B083B, 005B087C
`$s, xrefs: 005B0824, 005B0865

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: L,s$SCTP association requested to %s:%hu (IOD #%li) EID %li$`$s$nse$nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN$src\nsock_connect.c
API String ID: 1760609008-2419792783
Opcode ID: 5559d3b93cb3204e9e3f379bd8931083ed9d514ac0298f06e61fce502b5a8deb
Instruction ID: 80d5278873241c40b388528aa6ea883f5e84700d62619ed7723953a3df13e6e9
Opcode Fuzzy Hash: 5559d3b93cb3204e9e3f379bd8931083ed9d514ac0298f06e61fce502b5a8deb
Instruction Fuzzy Hash: A211AC36640209BBDB11AE44DC87FEF3B6AFF85704F015104FE0866282D671BE208BE5

Function 005A5570 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 60threadCOMMON

Download Yara Rule

APIs

Part of subcall function 005B2120: _malloc.LIBCMT ref: 005B212B

Part of subcall function 005A5B80: _free.LIBCMT ref: 005A5C0D
Part of subcall function 005A5B80: TerminateProcess.KERNEL32(?,00000002), ref: 005A5C46

closesocket.WS2_32(?), ref: 005A55AB
_free.LIBCMT ref: 005A55A0

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

CreateThread.KERNEL32(00000000,00000000,Function_00025D10,00000000,00000000,00000000), ref: 005A55C5
GetLastError.KERNEL32 ref: 005A55D7
_free.LIBCMT ref: 005A55EC

Strings

XfZ, xrefs: 005A5582
Error in CreateThread: %d, xrefs: 005A55DE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast$CreateFreeHeapProcessTerminateThread_mallocclosesocket
String ID: Error in CreateThread: %d$XfZ
API String ID: 2182257601-1039679285
Opcode ID: 8b9c90b4d124a0237fe9c6971a3e82d9d29ced7f9c4ea9b3d5f3d3435e134836
Instruction ID: f5cb0d0e6e80e9031af10576dc9f5b105f4dde6992db04ab8fd852dd4b89af0f
Opcode Fuzzy Hash: 8b9c90b4d124a0237fe9c6971a3e82d9d29ced7f9c4ea9b3d5f3d3435e134836
Instruction Fuzzy Hash: AA012B72B417046BD6202B75AC0AF9E7F59EB81773F008236FE1D823D0EA70950586A6

Function 005C62A0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 005C6399

Strings

0123456789ABCDEF, xrefs: 005C6386
lm, xrefs: 005C6361
0123456789abcdef, xrefs: 005C6374
, xrefs: 005C6332
+, xrefs: 005C6325
hm, xrefs: 005C6351

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __aulldvrm
String ID: $+$0123456789ABCDEF$0123456789abcdef$hm$lm
API String ID: 1302938615-781441587
Opcode ID: c3ce85c65bcd97e253b40651cf924f80e1888295d694efd6c54c26ab83b080aa
Instruction ID: 3cb8afbe23bc0a603802b0072b015131b4535a69ede074a070f27b66f3525caa
Opcode Fuzzy Hash: c3ce85c65bcd97e253b40651cf924f80e1888295d694efd6c54c26ab83b080aa
Instruction Fuzzy Hash: C4818A71A087518FD710CE689880B2BBBE5BFC8B44F540D1DF995A7252D335EE018B92

Function 005CFBD0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

_fseek.LIBCMT ref: 005CFC05
__setmode.LIBCMT ref: 005CFC64
GetLastError.KERNEL32(.\crypto\bio\bss_file.c,0000018E), ref: 005CFD49

Strings

',', xrefs: 005CFD63
fopen(', xrefs: 005CFD69
.\crypto\bio\bss_file.c, xrefs: 005CFD44, 005CFD7A, 005CFDB3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast__setmode_fseek
String ID: ','$.\crypto\bio\bss_file.c$fopen('
API String ID: 2517826580-2085858615
Opcode ID: 4ae8866b49f361d9ebc3c8e6c99b7db3385920da25acea5a38f74c1586a7f399
Instruction ID: 64b949b0f61752bee5556521b0410cfdf3955c9e0d38120a3866a342b467dc96
Opcode Fuzzy Hash: 4ae8866b49f361d9ebc3c8e6c99b7db3385920da25acea5a38f74c1586a7f399
Instruction Fuzzy Hash: 9B5138B3B443092BD7105BD8BC42FE9B796FB84766F04013BFA44E7282D766D91097A1

Function 005AA1D0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 181networkCOMMON

Download Yara Rule

APIs

connect.WS2_32(00000000,?,00000080), ref: 005AA356

Strings

Unknown scheme in URI: %s., xrefs: 005AA233
http, xrefs: 005AA1E7
Can't connect to %s., xrefs: 005AA377
Unknown port in URI., xrefs: 005AA265
Can't resolve name %s:%d., xrefs: 005AA2BE
Proxy loop detected: %s:%d, xrefs: 005AA30F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: connect
String ID: Can't connect to %s.$Can't resolve name %s:%d.$Proxy loop detected: %s:%d$Unknown port in URI.$Unknown scheme in URI: %s.$http
API String ID: 1959786783-2912323833
Opcode ID: 9e8d3970b03e95f7d1340ad59485af95c4a1202539df6d2b6fd79254136d7454
Instruction ID: 0f747c2f2d6ab9862aaccc5b1d5bba8c670de8365ea489b52707277cd77c8119
Opcode Fuzzy Hash: 9e8d3970b03e95f7d1340ad59485af95c4a1202539df6d2b6fd79254136d7454
Instruction Fuzzy Hash: F0515A32A001059BCF20AB65EC45BFE7BA9FF85310F0441ABF90AD2191EB368E55C756

Function 00613220 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 176COMMONLIBRARYCODE

Download Yara Rule

Strings

.\crypto\evp\evp_enc.c, xrefs: 006132DC
{c, xrefs: 0061328A
bl <= (int)sizeof(ctx->buf), xrefs: 006132D2
{c, xrefs: 006133B5, 006133BC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: {c${c$.\crypto\evp\evp_enc.c$bl <= (int)sizeof(ctx->buf)
API String ID: 0-1751446982
Opcode ID: c705927c628d0d0e50becaefc4594a0d76532614e50f5657a9c9e3dc6851071e
Instruction ID: 92d82a718cc560f73a93f4af17685e51e63730541876c61e86522c663171d661
Opcode Fuzzy Hash: c705927c628d0d0e50becaefc4594a0d76532614e50f5657a9c9e3dc6851071e
Instruction Fuzzy Hash: 0251AC722043159FD700DF99D880A9BB7E9FF88324F18462EF949C7301D735EA558B91

Function 005A3AB0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 165networkCOMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A3ADD

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005B2D20: FormatMessageA.KERNEL32(000012FF,00000000,00000000,00000000,00732C68,00000080,00000000,?,005A21A8,00000000,?), ref: 005B2D3B

Part of subcall function 00669685: _doexit.LIBCMT ref: 0066968F

__wassert.LIBCMT ref: 005A3B0D
send.WS2_32(?,000000FF,00000003,00000000), ref: 005A3C05

Strings

ncat_connect.c, xrefs: 005A3AD3, 005A3B03
status == NSE_STATUS_SUCCESS, xrefs: 005A3B08
type == NSE_TYPE_WRITE, xrefs: 005A3AD8
%s., xrefs: 005A3B42, 005A3B61

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileFormatHandleMessageName_doexitsend
String ID: %s.$ncat_connect.c$status == NSE_STATUS_SUCCESS$type == NSE_TYPE_WRITE
API String ID: 356263667-828792866
Opcode ID: eb312ed3bdac05f9767e799f9aa939269e136344740d0d92292271241e4fb23d
Instruction ID: f67d9a893a13060b97e97d60c248d15aeb01886cadc56b31adbb6b748b1adac4
Opcode Fuzzy Hash: eb312ed3bdac05f9767e799f9aa939269e136344740d0d92292271241e4fb23d
Instruction Fuzzy Hash: A5314E3294425C36CB21355C5C4BFEE7F0E6B57728F188216FDA8662D2E161AA0142BB

Function 005B2820 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005B2841
_memset.LIBCMT ref: 005B28CF
__snprintf.LIBCMT ref: 005B28EB
__snprintf.LIBCMT ref: 005B292C

Strings

%04x, xrefs: 005B28E3
, xrefs: 005B28F3
%02x, xrefs: 005B2921

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: $%02x$%04x
API String ID: 2657849664-1555630966
Opcode ID: a9579ca8f1d57b5650019418115396dd00a9e145d0db751defc5475cab19cb6c
Instruction ID: 3ae456ff3834230c8efbdc490dcba8d5fbb0cbef5a0e58b5c52eecc3fe9c4eec
Opcode Fuzzy Hash: a9579ca8f1d57b5650019418115396dd00a9e145d0db751defc5475cab19cb6c
Instruction Fuzzy Hash: B2512D71E003999ADB10CFB88841AEDFBB5FF59300F14016EEC89AB342E779A504C7A1

Function 005A9500 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 157COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005A9588

Strings

Nonce is %d seconds old; rejecting., xrefs: 005A965D
Ncat, xrefs: 005A95EB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: Ncat$Nonce is %d seconds old; rejecting.
API String ID: 269201875-2863257374
Opcode ID: 3b85046bcd84da7ba1b12f15069d0b7011e6c46eab9e8e9219f72cb3b618312b
Instruction ID: 6d584ac2e6c61669c10106800e29225b12206a6b1f9e90a33675c839142f6688
Opcode Fuzzy Hash: 3b85046bcd84da7ba1b12f15069d0b7011e6c46eab9e8e9219f72cb3b618312b
Instruction Fuzzy Hash: 01412D72E001145BDB21EB789C477BEBBA6FF8A310F184295FD09D7241E632DD528790

Function 00637BB0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 00637BE2
_strncmp.LIBCMT ref: 00637C22

Strings

.\crypto\pem\pem_lib.c, xrefs: 00637BF3, 00637C33, 00637C67, 00637C99, 00637CF1
Proc-Type: , xrefs: 00637BDC
DEK-Info: , xrefs: 00637C82
ENCRYPTED, xrefs: 00637C1C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
API String ID: 909875538-2908105608
Opcode ID: 945500ff62e9450a8a4aa73ec0fab33bb3562872847524d6876f7c059bd5c7dc
Instruction ID: af5cad93357c2215bd1a0c9e184aff1df582fefb192ef38497942bcbddaff717
Opcode Fuzzy Hash: 945500ff62e9450a8a4aa73ec0fab33bb3562872847524d6876f7c059bd5c7dc
Instruction Fuzzy Hash: 9F4128E5FCC3462DFA316638BC07FE667C65FA1B15F081625F984EA2C3E285884382D5

Function 005D5820 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 005D5837
_strtoul.LIBCMT ref: 005D5851

Part of subcall function 00669DE2: strtoxl.LIBCMT ref: 00669E02

Strings

pkix, xrefs: 005D58AD
MASK:, xrefs: 005D5831
utf8only, xrefs: 005D58EF
nombstr, xrefs: 005D586B
default, xrefs: 005D5931

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp_strtoulstrtoxl
String ID: MASK:$default$nombstr$pkix$utf8only
API String ID: 3333299677-3483942737
Opcode ID: ba9319ce238d39082fe6c49eb0d9f1ff74eeb40d31793acfcc716895977bbc4e
Instruction ID: 116a99de24f165800c7c70a2f0e883c533b6100e4b6e58fce0f0c4d652888253
Opcode Fuzzy Hash: ba9319ce238d39082fe6c49eb0d9f1ff74eeb40d31793acfcc716895977bbc4e
Instruction Fuzzy Hash: 9741E762B189814AD7315B3C58A17B36F97AB22364F3C44ABE8D6CB392F213CD49D351

Function 0059DF90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059DFE3
_free.LIBCMT ref: 0059DFCC

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

_free.LIBCMT ref: 0059DFF1
_free.LIBCMT ref: 0059E005
_free.LIBCMT ref: 0059E066
_free.LIBCMT ref: 0059E076

Part of subcall function 0059F940: _free.LIBCMT ref: 0059F9B6
Part of subcall function 0059F940: _free.LIBCMT ref: 0059F9C5

Strings

Connection, xrefs: 0059DF9C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: Connection
API String ID: 776569668-1722446006
Opcode ID: b85982a43d62cea3b85309bc09aec5b9dc750921194e5072c4fddc7e8067bac6
Instruction ID: 44e1876ea89671c5f5f5dd34b6fa463f4042c38e0096f290e83d53a5d9c15d79
Opcode Fuzzy Hash: b85982a43d62cea3b85309bc09aec5b9dc750921194e5072c4fddc7e8067bac6
Instruction Fuzzy Hash: 1421F773900205EBDF20EEA4DD86A9EBBB9BF40300F140179ED4563212EA72AE559796

Function 005ABC30 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000400), ref: 005ABC55
GetModuleFileNameA.KERNEL32(00000000), ref: 005ABC5C
_free.LIBCMT ref: 005ABD43

Strings

ca-bundle.crt, xrefs: 005ABCA9
Unable to load trusted CA certificates from %s: %s, xrefs: 005ABD30
\%s, xrefs: 005ABCAE
Using trusted CA certificates from %s., xrefs: 005ABCEE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName_free
String ID: Unable to load trusted CA certificates from %s: %s$Using trusted CA certificates from %s.$\%s$ca-bundle.crt
API String ID: 2313169594-2730629574
Opcode ID: 4059c3cc063c80824a1706c5465f2b049bc3812705132dc9b3ad8516aaee6c4d
Instruction ID: d98400c44cb67e72cff7efcbc6f2e48ba260686e4bb560344ec7c1a4cd73af6c
Opcode Fuzzy Hash: 4059c3cc063c80824a1706c5465f2b049bc3812705132dc9b3ad8516aaee6c4d
Instruction Fuzzy Hash: 693129F1D002189BDF10AB648C45BDD7769AB04304F0042EAFB09B7191DB755A868FDD

Function 005A3940 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A3A15

Strings

ncat_connect.c, xrefs: 005A3A0B
ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL, xrefs: 005A3A10
Issuer: , xrefs: 005A39BD
Certificate verification failed (%s)., xrefs: 005A3A43
Subject: , xrefs: 005A3987
SHA-1 fingerprint: %s, xrefs: 005A3A21

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: Certificate verification failed (%s).$Issuer: $SHA-1 fingerprint: %s$Subject: $ncat_connect.c$ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf)) != NULL
API String ID: 3993402318-1024154495
Opcode ID: 2c0dcae3d1641bbb28bc246823dce366d074e29e50509eaf367441bc15610901
Instruction ID: 6e6bbf4cc188099546b17407e3e3ef1674712687d0e6c8275950ea9d465435b6
Opcode Fuzzy Hash: 2c0dcae3d1641bbb28bc246823dce366d074e29e50509eaf367441bc15610901
Instruction Fuzzy Hash: E82103B2E4021977DA10B7B46C4FFBE3A5D6B94746F010026FD45B2383FA64AA0143EB

Function 00668D90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 00668D94

Part of subcall function 0067285C: GetLastError.KERNEL32(00000000,?,006684E3,0066AE2D,00000000,?,00676835,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008), ref: 0067285E
Part of subcall function 0067285C: __calloc_crt.LIBCMT ref: 0067287F
Part of subcall function 0067285C: __initptd.LIBCMT ref: 006728A1
Part of subcall function 0067285C: GetCurrentThreadId.KERNEL32 ref: 006728A8
Part of subcall function 0067285C: SetLastError.KERNEL32(00000000,00676835,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?,?,00668F43), ref: 006728C0

__calloc_crt.LIBCMT ref: 00668DB7
__get_sys_err_msg.LIBCMT ref: 00668DD5
__invoke_watson.LIBCMT ref: 00668DF2
__get_sys_err_msg.LIBCMT ref: 00668E24
__invoke_watson.LIBCMT ref: 00668E42

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00668D9F, 00668DC5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast__calloc_crt__get_sys_err_msg__invoke_watson$CurrentThread__getptd_noexit__initptd
String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 2139067377-798102604
Opcode ID: 22083eb38ebd5d34e2f602b780a1802d173e54882924917bfc3788bc8ac60c03
Instruction ID: 1fa57468465ed291a31fbcd6ba0d9fc2bffeebb0e7f212910a591922996c25a7
Opcode Fuzzy Hash: 22083eb38ebd5d34e2f602b780a1802d173e54882924917bfc3788bc8ac60c03
Instruction Fuzzy Hash: 6A112B71500618AFEB6236759C01AFB728EDF507A0F100629FD48D7682DF71DC4142F8

Function 00637850 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00637878
_fprintf.LIBCMT ref: 006378DE
_memset.LIBCMT ref: 0063790B

Strings

.\crypto\pem\pem_lib.c, xrefs: 006378F7
wc, xrefs: 00637892, 006378A4, 006378E5, 00637907
Enter PEM pass phrase:, xrefs: 00637896, 006378A3, 006378E4
phrase is too short, needs to be at least %d chars, xrefs: 006378D0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _fprintf_memmove_memset
String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars$wc
API String ID: 797568609-2377209045
Opcode ID: 862a653d2eee932b36158868b476b1dcb2f4155ed7a08ab761d9da443abe024f
Instruction ID: 4fcf298e0d54ed3a634777388b7c36524d3685d2bc2c8a97200b8462818fa40f
Opcode Fuzzy Hash: 862a653d2eee932b36158868b476b1dcb2f4155ed7a08ab761d9da443abe024f
Instruction Fuzzy Hash: 87215BB2A043157BE7305A255C02FBB779EDFC1B98F050628FA54672C2EA31DD0182F9

Function 005AD117 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71networkCOMMON

Download Yara Rule

APIs

recvfrom.WS2_32(00000008,?,00002000,00000000,?,?), ref: 005AD148
WSAGetLastError.WS2_32(?,?,00002000,00000000,?,?), ref: 005AD155
__read.LIBCMT ref: 005AD188
__wassert.LIBCMT ref: 005AD1BC
_memmove.LIBCMT ref: 005AD1DC
WSAGetLastError.WS2_32 ref: 005AD22E

Strings

peerlen <= sizeof(iod->peer), xrefs: 005AD1B7
src\nsock_core.c, xrefs: 005AD1B2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$__read__wassert_memmoverecvfrom
String ID: peerlen <= sizeof(iod->peer)$src\nsock_core.c
API String ID: 2375464485-1792664094
Opcode ID: 26625c36f4cf78d24e73cc9d98373feae7ed209d39f663de1aa3d2439e580524
Instruction ID: 1b43f0e14df30d73ab81f06e5790222943025f8fd870909e398e56324e5cc6c6
Opcode Fuzzy Hash: 26625c36f4cf78d24e73cc9d98373feae7ed209d39f663de1aa3d2439e580524
Instruction Fuzzy Hash: AC21A175C003199BEB34AB54CCC9F9E7774BF05310F0042A5EA5EE3282EA309E88CB65

Function 005AAC40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005AACAF

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

_free.LIBCMT ref: 005AACF9

Strings

RESPONSE:%s, xrefs: 005AACDC
Proxy-Authenticate: %s, xrefs: 005AAC9B
Ncat, xrefs: 005AAC8B
HTTP/1.0 407 Proxy Authentication Required, xrefs: 005AAC47
Proxy-Authenticate: Basic realm="Ncat", xrefs: 005AAC72

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: HTTP/1.0 407 Proxy Authentication Required$Ncat$Proxy-Authenticate: %s$Proxy-Authenticate: Basic realm="Ncat"$RESPONSE:%s
API String ID: 776569668-563148464
Opcode ID: 3bbe691e6f6f48d36c90b8f11ba4d50fdad68806437dfa42a4a790143a6902d1
Instruction ID: 3c25768180ce44e9661008b439f35362434fa21bd99f497ef7c329041e0b19e9
Opcode Fuzzy Hash: 3bbe691e6f6f48d36c90b8f11ba4d50fdad68806437dfa42a4a790143a6902d1
Instruction Fuzzy Hash: 7011E276C4050CBBCB11EBE1DD4ADCEBBBDBB44340F104192F905B2241EA759715DBA5

Function 005A5440 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 49synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF,005A56CA,?,005A5C24,?), ref: 005A5448
__wassert.LIBCMT ref: 005A5461

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

ReleaseMutex.KERNEL32(74DF2F70,?,005A5C24,?), ref: 005A54B8
__wassert.LIBCMT ref: 005A54D1

Strings

WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0, xrefs: 005A545C
ncat_exec_win.c, xrefs: 005A5457, 005A54C7
ReleaseMutex(subprocesses_mutex) != 0, xrefs: 005A54CC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleMutexNameObjectReleaseSingleWait
String ID: ReleaseMutex(subprocesses_mutex) != 0$WaitForSingleObject(subprocesses_mutex, INFINITE) == WAIT_OBJECT_0$ncat_exec_win.c
API String ID: 1222572828-3833895908
Opcode ID: 6fe4591f219ec458d6aa473f86407e8b0e59cd79ffbe4190a926bf90ce63d38c
Instruction ID: 99f456f937ece4600bd6fd11b685b2faf2da8554433e7a38c9ae264231c6a80d
Opcode Fuzzy Hash: 6fe4591f219ec458d6aa473f86407e8b0e59cd79ffbe4190a926bf90ce63d38c
Instruction Fuzzy Hash: 33012031B08A119AEE781728BC56D2D3D41BB5B737B164339F975922E1FB648CC14246

Function 005AE230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AE250

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

_fprintf.LIBCMT ref: 005AE2B4
__vfwprintf_p.LIBCMT ref: 005AE2C6
_fprintf.LIBCMT ref: 005AE2D6

Strings

ms->tracefile != NULL, xrefs: 005AE24B
NSOCK (%.4fs) , xrefs: 005AE2A9
src\nsock_core.c, xrefs: 005AE246

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module_fprintf$FileHandleName__vfwprintf_p__wassert
String ID: NSOCK (%.4fs) $ms->tracefile != NULL$src\nsock_core.c
API String ID: 158263348-1783281335
Opcode ID: 893263fe50c1fd247bfeb3381dc45bb284ba4095006aa891df45ff6db4bef0b3
Instruction ID: 49e089cac3c44ffcef619a36ef6bc533c36b002a3683d83361c2753feecb65fb
Opcode Fuzzy Hash: 893263fe50c1fd247bfeb3381dc45bb284ba4095006aa891df45ff6db4bef0b3
Instruction Fuzzy Hash: 53012B72E40705BBC7499A74EC02E9DFB6FBF90320F059325F41856251EB72A872CAC4

Function 005A5CB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 005A5CD3
CloseHandle.KERNEL32(R\Z,?,005A5C52,?), ref: 005A5CE1
CloseHandle.KERNEL32(?,?,005A5C52,?), ref: 005A5CE6
CloseHandle.KERNEL32(?,?,005A5C52,?), ref: 005A5CEB
CloseHandle.KERNEL32(005A5C52,?,005A5C52,?), ref: 005A5CF0
CloseHandle.KERNEL32(?,?,005A5C52,?), ref: 005A5CF5

Strings

R\Z, xrefs: 005A5CB5, 005A5CD9

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: CloseHandle$closesocket
String ID: R\Z
API String ID: 1416695526-231311742
Opcode ID: 68a901efea54dece47ad93fd3e01eeb81baca23638846c2326a8674f2743780b
Instruction ID: 9ff48340ed88ef548079a85d8edee35bad061f863d8e80e0f898fc9a720d4f8b
Opcode Fuzzy Hash: 68a901efea54dece47ad93fd3e01eeb81baca23638846c2326a8674f2743780b
Instruction Fuzzy Hash: DCF01C32500619BBCB112F66EC0590AFF3AFF002A27004621F51892530DB32B871DEE4

Function 0059D9F0 Relevance: 12.0, APIs: 8, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059DA01

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

_free.LIBCMT ref: 0059DA14
_free.LIBCMT ref: 0059DA1C
_free.LIBCMT ref: 0059DA24
_free.LIBCMT ref: 0059DA2C
_free.LIBCMT ref: 0059DA34
_free.LIBCMT ref: 0059DA3C
_free.LIBCMT ref: 0059DA44

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 54772db372a0b6838144892c2d80d3fa6b282e328550cb22a09c300187f8bcac
Instruction ID: 3b7d98464d0a8af41beba5a9aaaa6e663ff25e1c7f57b7903e05c707c177c3ed
Opcode Fuzzy Hash: 54772db372a0b6838144892c2d80d3fa6b282e328550cb22a09c300187f8bcac
Instruction Fuzzy Hash: B6F0F4318007006FCAB1BF34DC12846BBF7AF203507004A2CF98B72533DF22A9609655

Function 005AC1D0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 343networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 005AC221
htonl.WS2_32(?), ref: 005AC232
gethostname.WS2_32(?,00000080), ref: 005AC2B3
WSASetLastError.WS2_32(00000000), ref: 005AC2FB
_memmove.LIBCMT ref: 005AC352

Strings

getaddrinfo returned oversized address (%u > %u), xrefs: 005AC3F2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: htonl$ErrorLast_memmovegethostname
String ID: getaddrinfo returned oversized address (%u > %u)
API String ID: 557056733-535826596
Opcode ID: 1489ea3381f81b3ec9074e8e4d92d1317224820ea7fd4ff5e11ef938958c13c5
Instruction ID: f10acd2dc7d4dfd7fd4a8dda68c50e032e41f62e1f9a88b89b1b6a801c80982e
Opcode Fuzzy Hash: 1489ea3381f81b3ec9074e8e4d92d1317224820ea7fd4ff5e11ef938958c13c5
Instruction Fuzzy Hash: 1061F632E001189BDF20DF64DC817ED7BA5FF55310F5085A6E949DB281EB31AD85CB91

Function 005A4770 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 248COMMON

Download Yara Rule

Strings

tcp, xrefs: 005A48DB
udp, xrefs: 005A48B2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: tcp$udp
API String ID: 0-3725065008
Opcode ID: 0736e21eeb658f83cfddee015db0b2d0dbf5aa7c4a959d512ff679bf328c6b84
Instruction ID: 5820968eae13d5cfe5b7197cb58ec7be363a0a6ad6ced074da003c3dcc1d3f76
Opcode Fuzzy Hash: 0736e21eeb658f83cfddee015db0b2d0dbf5aa7c4a959d512ff679bf328c6b84
Instruction Fuzzy Hash: A6819F31A0024A9FDB24CFC9D88467FBBA4FF96710F10806AE9449B251DBB9CD51DF91

Function 005B1420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

__wassert.LIBCMT ref: 005B1478

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

Part of subcall function 0066C5E4: ___report_securityfailure.LIBCMT ref: 0066C5E9

_memmove.LIBCMT ref: 005B14D4

Strings

nse, xrefs: 005B1473
Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s, xrefs: 005B154F
Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s, xrefs: 005B156F
src\nsock_write.c, xrefs: 005B146E

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$FileHandleName___report_securityfailure__vfwprintf_p_memmove_memset
String ID: Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s$Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s$nse$src\nsock_write.c
API String ID: 2028401370-2713313581
Opcode ID: 3dd2ae26a4f1b1de0263733c267e48ffbfcbca5563a3afc100d01a1eaf4532fa
Instruction ID: 5b562224f347a016684ff495f923b277a335b0077636ba46f2842cd280866ef7
Opcode Fuzzy Hash: 3dd2ae26a4f1b1de0263733c267e48ffbfcbca5563a3afc100d01a1eaf4532fa
Instruction Fuzzy Hash: 2A411771900219ABDF20DF54CC85FEA7B6DFF99300F0001A6FD4997242E670AE908FA4

Function 005A1128 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,007321B0), ref: 005A1148
getpeername.WS2_32(00000000,?,00000080), ref: 005A1164

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

_free.LIBCMT ref: 005A1258

Strings

nobody, xrefs: 005A11F4
%s as <user%d>, xrefs: 005A11C0
getpeername for sd %d failed: %s., xrefs: 005A117C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$_freegetpeername
String ID: %s as <user%d>$getpeername for sd %d failed: %s.$nobody
API String ID: 2516502739-2470074565
Opcode ID: ab18d57f5ea622965072dad937071de2e83cf2e027d8e7a5609970af57846f2f
Instruction ID: d48a9abafd10429d1464384434c14729ed1e35c82aaaf322ce288812bddb4c51
Opcode Fuzzy Hash: ab18d57f5ea622965072dad937071de2e83cf2e027d8e7a5609970af57846f2f
Instruction Fuzzy Hash: 6C3141B2D00528AADF61E6A0CD46FDE77BDBF44300F0041D6FA4DE2142EE349B558BA9

Function 005A7600 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 005A768F
_strtok.LIBCMT ref: 005A76D7

Part of subcall function 0066AAD6: __fsopen.LIBCMT ref: 0066AAE1

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

Strings

can't open %s: %s., xrefs: 005A763F
8&s, xrefs: 005A7610, 005A765F, 005A76B3
error in host specification "%s"., xrefs: 005A76C3
error in hosts file %s., xrefs: 005A766F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit_strtok$__fsopen
String ID: 8&s$can't open %s: %s.$error in host specification "%s".$error in hosts file %s.
API String ID: 2584570422-3257462532
Opcode ID: afab1ee2361e17c05e999127206b824dad8a6aa1c56a9c36b352df56ef06d284
Instruction ID: 8321bba9349887ff52c6ca43f468dc43aee2edae0da6a2f438a03c24d4d3e5aa
Opcode Fuzzy Hash: afab1ee2361e17c05e999127206b824dad8a6aa1c56a9c36b352df56ef06d284
Instruction Fuzzy Hash: 282157B2E01A007FDB113B749D07F2B3E5ABB55751F094029FD0963212FA72E9109BAE

Function 005B2420 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B243A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

%.3fMB, xrefs: 005B24BB
nbase_misc.c, xrefs: 005B2430
buf != NULL, xrefs: 005B2435
%uB, xrefs: 005B2457
%.3fKB, xrefs: 005B2490

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: %.3fKB$%.3fMB$%uB$buf != NULL$nbase_misc.c
API String ID: 1832359313-1362644445
Opcode ID: 0c8d217c50dbc8ab1bf7918d9020d9bd304d4f5a4ad190952922328caa6defca
Instruction ID: aa873ccc03e2033fa79847c40c4323a10447291191c1d4b99dcf25bc142752b1
Opcode Fuzzy Hash: 0c8d217c50dbc8ab1bf7918d9020d9bd304d4f5a4ad190952922328caa6defca
Instruction Fuzzy Hash: 46010832F0125E26CF01BE98AC02DDF7B16FF56760F01511AF90962502EA60A520C7EA

Function 005A9D00 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 005A9D06

Part of subcall function 0066ADA6: __FF_MSGBANNER.LIBCMT ref: 0066ADBD
Part of subcall function 0066ADA6: __NMSG_WRITE.LIBCMT ref: 0066ADC4
Part of subcall function 0066ADA6: RtlAllocateHeap.NTDLL(00C70000,00000000,00000001,00000000,00000000,00000000,?,00676835,?,?,?,00000000,?,00676ABC,00000018,007257C8), ref: 0066ADE9

CreateThread.KERNEL32(00000000,00000000,005AA470,00000000,00000000,00000000), ref: 005A9D23
GetLastError.KERNEL32 ref: 005A9D35
_free.LIBCMT ref: 005A9D4A
CloseHandle.KERNEL32(00000000), ref: 005A9D56

Strings

Error in CreateThread: %d, xrefs: 005A9D3C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AllocateCloseCreateErrorHandleHeapLastThread_free_malloc
String ID: Error in CreateThread: %d
API String ID: 207082866-3607634902
Opcode ID: f2a97851ff025bee31b535d256834545affdc99fcc40139d8e73a00819d61376
Instruction ID: 086b7fcd1ef3ca70bb886193f6978425a083f0fe522b9cbf560a8d4e010dcef4
Opcode Fuzzy Hash: f2a97851ff025bee31b535d256834545affdc99fcc40139d8e73a00819d61376
Instruction Fuzzy Hash: 48F027B16803147BEBA02BB16C0BF9A3A18AB41763F048029FA09992C0EA71540083AF

Function 005F30C0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 264COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 005F3155

Strings

%02x%c, xrefs: 005F3249
%s%04x - <SPACES/NULS>, xrefs: 005F3359
, xrefs: 005F321D
%04x - , xrefs: 005F31DD

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID: $%02x%c$%04x - $%s%04x - <SPACES/NULS>
API String ID: 2102423945-310954626
Opcode ID: 4ca83e1ac519d722d4a7a972d9e28a7f18f33206e57d9b48b0770b851b433d95
Instruction ID: ba78400dfc4b0dde587fbf36893e1326831d0bc68243c220bef2cbf75307fe06
Opcode Fuzzy Hash: 4ca83e1ac519d722d4a7a972d9e28a7f18f33206e57d9b48b0770b851b433d95
Instruction Fuzzy Hash: 8B81B572A083495FD710DE98D845FAFBBE9BF88704F440C2DF69593241E775EA088792

Function 005A7050 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 181COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A7094

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

closesocket.WS2_32(00000000), ref: 005A7147

Strings

ncat_listen.c, xrefs: 005A708A
Closing connection., xrefs: 005A7105
fdn != NULL, xrefs: 005A708F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassertclosesocket
String ID: Closing connection.$fdn != NULL$ncat_listen.c
API String ID: 2606998079-3681597536
Opcode ID: 5421159160cceed2c3a377f73b15f25e7401a263de4662c4e8450efbd7335b10
Instruction ID: 1183003c621a94577def01f3106c29f892c7610cdf5195770db80837fdd00993
Opcode Fuzzy Hash: 5421159160cceed2c3a377f73b15f25e7401a263de4662c4e8450efbd7335b10
Instruction Fuzzy Hash: B25109707042098BEB14EF14EC95B6DBBA6FF89305F20806DE80A97153E7355D46CB99

Function 005A6D80 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,?), ref: 005A6EFC

Strings

select returned %d fds ready, xrefs: 005A6ED3
P)s, xrefs: 005A6EAB
selecting, fdmax %d, xrefs: 005A6E8C
fd %d is ready, xrefs: 005A6F13

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: P)s$fd %d is ready$select returned %d fds ready$selecting, fdmax %d
API String ID: 0-1485321367
Opcode ID: 730a9edd4929193f5548d622f4589cfd0f501eeeb0ab0fee24c09f80c58de9c8
Instruction ID: 452a4214b33031dc581eba7462b1b7b67ac5cea9cbb0133c9ac9897ff4a8bd92
Opcode Fuzzy Hash: 730a9edd4929193f5548d622f4589cfd0f501eeeb0ab0fee24c09f80c58de9c8
Instruction Fuzzy Hash: E65129B0600201DBEB24BB64FC0BBAE7F59BB45302F144065F805A7193EB795897879E

Function 005A3ED7 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

_strncat.LIBCMT ref: 005A3F6D
_strncat.LIBCMT ref: 005A3FAE
_strncat.LIBCMT ref: 005A404A
_strncat.LIBCMT ref: 005A4072

Strings

%02X , xrefs: 005A3F35
%.4x, xrefs: 005A3EFE
[%4.4s] %-50.50s %s, xrefs: 005A3FC6, 005A40A7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncat
String ID: %.4x$%02X $[%4.4s] %-50.50s %s
API String ID: 2648904263-3167463071
Opcode ID: 63461a48ee8029d316912e6fa5548ac708a20b8b1e808fddd25037966e43c947
Instruction ID: b437ff631e9b4905d11f95f761eae8303bd02424b890ec03e2feada71d059804
Opcode Fuzzy Hash: 63461a48ee8029d316912e6fa5548ac708a20b8b1e808fddd25037966e43c947
Instruction Fuzzy Hash: D851F47290024D9ECF14DBA4CC89FFE7B7EBF45304F040199EA45A7142EB71AB098B61

Function 005A3ED5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 160COMMON

Download Yara Rule

APIs

_strncat.LIBCMT ref: 005A3F6D
_strncat.LIBCMT ref: 005A3FAE
_strncat.LIBCMT ref: 005A404A
_strncat.LIBCMT ref: 005A4072

Strings

%02X , xrefs: 005A3F35
%.4x, xrefs: 005A3EFE
[%4.4s] %-50.50s %s, xrefs: 005A3FC6, 005A40A7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncat
String ID: %.4x$%02X $[%4.4s] %-50.50s %s
API String ID: 2648904263-3167463071
Opcode ID: db3968c9ace13a2dd2311d322454268ad2e2b43316dd789fe3141d98d0c0f1e0
Instruction ID: fe193a8f045400a87c2c65389c5907cf87e8a0bdfb981e2237299607d4bff789
Opcode Fuzzy Hash: db3968c9ace13a2dd2311d322454268ad2e2b43316dd789fe3141d98d0c0f1e0
Instruction Fuzzy Hash: 0951047290024D9ECF14DBA4CC89FFE7B7EBF45304F040199EA45A7182EB71AB098B61

Function 005CC010 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 124COMMON

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 005CC065
_strncmp.LIBCMT ref: 005CC089

Strings

.\crypto\x509v3\v3_ncons.c, xrefs: 005CC12A, 005CC13B
excluded, xrefs: 005CC081
permitted, xrefs: 005CC05D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: .\crypto\x509v3\v3_ncons.c$excluded$permitted
API String ID: 909875538-3320112686
Opcode ID: c24d62a68da0e1d6106f41d701a9f2d95ac76962dd7b6b3b85d90481426b734e
Instruction ID: 2bacf788fb172119b13d05f65e423522240a58db730907273e7e470d52a57ea2
Opcode Fuzzy Hash: c24d62a68da0e1d6106f41d701a9f2d95ac76962dd7b6b3b85d90481426b734e
Instruction Fuzzy Hash: 58313771E443026FE7207BA59C46F277E95FB90B44F09043AF848AA293E762ED14C392

Function 005B6490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005B65B3

Strings

error:%08lX:%s:%s:%s, xrefs: 005B6582
reason(%lu), xrefs: 005B6548
lib(%lu), xrefs: 005B650C
func(%lu), xrefs: 005B6524

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
API String ID: 601868998-2416195885
Opcode ID: 7c7b543f208ffa98a22254c42ef8e3ecdfea5d07d32b64338b820085d5187d0b
Instruction ID: b11113871fa33e47644cf3e575e3156e2f6e6be7ad35c55648f6720f506a6cfc
Opcode Fuzzy Hash: 7c7b543f208ffa98a22254c42ef8e3ecdfea5d07d32b64338b820085d5187d0b
Instruction Fuzzy Hash: EE41C271A043055BD724EE54DC46BEAB7D9FF95304F80082EF58593281E679E90887A2

Function 005ACAE0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 118networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 005ACAF3

Strings

Initialized fdlist with %d maxfds, xrefs: 005ACBC2
Failed to convert address to presentation format! Error: %s., xrefs: 005ACB6A
Invalid address family passed to inet_port()., xrefs: 005ACB00

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: htons
String ID: Failed to convert address to presentation format! Error: %s.$Initialized fdlist with %d maxfds$Invalid address family passed to inet_port().
API String ID: 4207154920-432122452
Opcode ID: fb50f02ce2ba05ba5a15c1f35c303e28622dc968021280d2ea837a2027338df1
Instruction ID: 9bbe24794a4cdf8a6b5df867f1b7bf77c0e3dc4a38ea3a79c9ea4608b9bfde04
Opcode Fuzzy Hash: fb50f02ce2ba05ba5a15c1f35c303e28622dc968021280d2ea837a2027338df1
Instruction Fuzzy Hash: 281174B190020CBBD7046B58AC0B97E3F8CAB02325F904059F9099A783EA33A802C3A1

Function 00612F80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

Strings

b <= sizeof ctx->final, xrefs: 0061300E
.\crypto\evp\evp_enc.c, xrefs: 00613018
{c, xrefs: 0061302A, 00612FCE, 00612F9C, 00613035, 0061305C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: {c$.\crypto\evp\evp_enc.c$b <= sizeof ctx->final
API String ID: 0-3069786562
Opcode ID: f318618793c7f298f62b11790556bf33f95eae3faa7e7e918c28f2b9317aa1e4
Instruction ID: e430dcabbfd94d7af3bc019ae425cef2f8d2c51b528de1877fb68a51beceb625
Opcode Fuzzy Hash: f318618793c7f298f62b11790556bf33f95eae3faa7e7e918c28f2b9317aa1e4
Instruction Fuzzy Hash: EC31D3722083109FD7219E19FC44BDBB7EAFF98718F08052EF48582311D3B5EA958B62

Function 0063B870 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0063B8D3

Part of subcall function 005C3AB0: _raise.LIBCMT ref: 005C3AC8

_memmove.LIBCMT ref: 0063B8F5
_memmove.LIBCMT ref: 0063B967

Strings

ctx->length <= (int)sizeof(ctx->enc_data), xrefs: 0063B8A4
.\crypto\evp\encode.c, xrefs: 0063B8AE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove$_raise
String ID: .\crypto\evp\encode.c$ctx->length <= (int)sizeof(ctx->enc_data)
API String ID: 2343863546-2997570555
Opcode ID: 107d3f5f7bcc9bd5939696ade811f90ceec61075ebe2854c62c8b7d22c447bc6
Instruction ID: ef018e2ab634ce926501f91f4aae8a8d3feecb7ba402e9206315859c1ef999a9
Opcode Fuzzy Hash: 107d3f5f7bcc9bd5939696ade811f90ceec61075ebe2854c62c8b7d22c447bc6
Instruction Fuzzy Hash: E431C0B2604346AFD700CF68C881B5AF7E9FF95308F144A2EF69993241E771A924CBD5

Function 005A1CA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

__read.LIBCMT ref: 005A1B7B
_free.LIBCMT ref: 005A1CFE
_free.LIBCMT ref: 005A1D09

Strings

Handling data from client %d., xrefs: 005A1BFB
Error formatting chat message from fd %d, xrefs: 005A1C5C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$__read
String ID: Error formatting chat message from fd %d$Handling data from client %d.
API String ID: 878838068-3856357019
Opcode ID: 664d112e19bd79cce957ac5b04be52d78ef05ae2b743a96c2a2244d0bbb51561
Instruction ID: 6a80ad30d002e8cac8980922cf1c7b65174aa26e75606ceaaa7fbe79197058fb
Opcode Fuzzy Hash: 664d112e19bd79cce957ac5b04be52d78ef05ae2b743a96c2a2244d0bbb51561
Instruction Fuzzy Hash: 5541A271D00619DAEF249B10CD9AAED7BB9BB65344F0040EADB09A2102E6748ED1CF99

Function 005A5B80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005A5C0D
TerminateProcess.KERNEL32(?,00000002), ref: 005A5C46

Part of subcall function 005A5420: __wgetenv.LIBCMT ref: 005A5425

Strings

Couldn't register subprocess with termination handler; not executing., xrefs: 005A5C35
%s /C %s, xrefs: 005A5BCB
Executing: %s, xrefs: 005A5BEB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ProcessTerminate__wgetenv_free
String ID: %s /C %s$Couldn't register subprocess with termination handler; not executing.$Executing: %s
API String ID: 1365908934-1550525452
Opcode ID: 0f96a7e5664dcbe6eb6b4243a535c93e0b2d5826d15cf11e9a30694e1bdaed54
Instruction ID: 3479d6bbbb4eef9d673d068d0e214d7f62d5af7c98684a5e1684dd858068023d
Opcode Fuzzy Hash: 0f96a7e5664dcbe6eb6b4243a535c93e0b2d5826d15cf11e9a30694e1bdaed54
Instruction Fuzzy Hash: 63214876900505ABDB109F28EC4AEAD3F64BF82335F144265F90A67242FA325E4687A1

Function 005D8350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005D839D
_memmove.LIBCMT ref: 005D83BF
_memset.LIBCMT ref: 005D83E3
_memmove.LIBCMT ref: 005D8413

Strings

USVW, xrefs: 005D83CB, 005D83F7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove$_memset
String ID: USVW
API String ID: 1357608183-4079060124
Opcode ID: 69eeab65fdfb8dfaab01f99f18ce2f43ae80429373ff7823a9ca8f5cff099f18
Instruction ID: 7fa96b01bb0dcc268d489852e5fe6040f05ca4d11d0773640d9e3182d2edebda
Opcode Fuzzy Hash: 69eeab65fdfb8dfaab01f99f18ce2f43ae80429373ff7823a9ca8f5cff099f18
Instruction Fuzzy Hash: 2B21F1B69003055BDB64DE29DC80E677BADFF90714F05066BFC099B20AEB35E9058AA4

Function 005A06B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005A0746

Strings

, stale=true, xrefs: 005A076B
Digest realm=, xrefs: 005A06E5
, qop="auth", xrefs: 005A074B
, nonce=, xrefs: 005A071D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: , nonce=$, qop="auth"$, stale=true$Digest realm=
API String ID: 269201875-4218487944
Opcode ID: c93c993aa7dda9d9b21f27b220825df794d7b536e2d057416846d4e8a04d5039
Instruction ID: 396cb7a7c67afe98936a1a084dfcce0c9ae54ec716847151702a78ef6cf68dfb
Opcode Fuzzy Hash: c93c993aa7dda9d9b21f27b220825df794d7b536e2d057416846d4e8a04d5039
Instruction Fuzzy Hash: 5021C0B7C0010DBACB11EAE0DC45EDFB7BCAB04354F1041A3F615E2141E674A7588BA1

Function 005AB570 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AB615

Strings

2, xrefs: 005AB580
ncat_ssl.c, xrefs: 005AB60B
p - strbuf <= len, xrefs: 005AB610
%02X, xrefs: 005AB5E3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: %02X$2$ncat_ssl.c$p - strbuf <= len
API String ID: 3993402318-348824368
Opcode ID: 966438ae4b8555388370f829d255fd2b5aa44838c70d5de622eedd3f9047d74b
Instruction ID: 8b241216219010567a9f4e25b0b1f4af25d340c8f2b39358b584bb4a019f577f
Opcode Fuzzy Hash: 966438ae4b8555388370f829d255fd2b5aa44838c70d5de622eedd3f9047d74b
Instruction Fuzzy Hash: DD212E31E001089FDB10EEA4D846BFEB7A9FF55300F04056AEC15A7282E7759A0186E5

Function 005B0350 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0374

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_event.c, xrefs: 005B036A
nsp, xrefs: 005B036F
Event #%li (type %s) cancelled, xrefs: 005B038E
Bogus event type in nsock_event_cancel, xrefs: 005B03C8

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: Bogus event type in nsock_event_cancel$Event #%li (type %s) cancelled$nsp$src\nsock_event.c
API String ID: 1832359313-2627699039
Opcode ID: 00b64bb13ea134e0bf257a0e5680979b90b6b1de86f52ee6442bd6c1d8740ce5
Instruction ID: 5e6ed60a4f3929c61ded9d36437b41a59e4d11d5ecdf99c68509b05f1b04570c
Opcode Fuzzy Hash: 00b64bb13ea134e0bf257a0e5680979b90b6b1de86f52ee6442bd6c1d8740ce5
Instruction Fuzzy Hash: 7511E672640608EBD710DF14DC8ADEB7BE9FB80364F195929F80956181E732F9158661

Function 005AFDE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

src\nsock_event.c, xrefs: 005AFE39, 005AFE59
nse->event_done, xrefs: 005AFE5E
NSE #%lu: Removing event from some event_list, xrefs: 005AFE84

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: NSE #%lu: Removing event from some event_list$nse->event_done$src\nsock_event.c
API String ID: 0-472652507
Opcode ID: 82a682bbc6e374b62509736bf9226eed3c87b0df23e9594e81e18d35a3bf4f2c
Instruction ID: 3f60edc08e9fa5610d87a60b44b4f8fe26bd5924df04a53be6852e7479d1dea2
Opcode Fuzzy Hash: 82a682bbc6e374b62509736bf9226eed3c87b0df23e9594e81e18d35a3bf4f2c
Instruction Fuzzy Hash: 73112332A40205F7C6617A94AC07FAF7FADFF93B26F05043AF60921192D372552097B2

Function 005AE8D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AE8EC

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AE95B

Strings

(iod->readsd_count) > 0, xrefs: 005AE8E7
(iod)->events_pending > 0, xrefs: 005AE956
src\nsock_core.c, xrefs: 005AE8E2, 005AE951

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: (iod)->events_pending > 0$(iod->readsd_count) > 0$src\nsock_core.c
API String ID: 1760609008-2297569468
Opcode ID: 574a4a1895264be9e39e4176279411aca08289d42b227c6b26a7f45e9b5ceb98
Instruction ID: a4304bb8d4fb2440d11c5a8e83cab5edc121d682d1da4511f378631528da759a
Opcode Fuzzy Hash: 574a4a1895264be9e39e4176279411aca08289d42b227c6b26a7f45e9b5ceb98
Instruction Fuzzy Hash: 6311BE31604706DFCB60DA14C482A9AF7EAFF42724B18CA2EE41A87601E370E990CA81

Function 005AEA10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AEA2C

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

__wassert.LIBCMT ref: 005AEAA5

Strings

(iod->writesd_count) > 0, xrefs: 005AEA27
(iod)->events_pending > 0, xrefs: 005AEAA0
src\nsock_core.c, xrefs: 005AEA22, 005AEA9B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module__wassert$FileHandleName
String ID: (iod)->events_pending > 0$(iod->writesd_count) > 0$src\nsock_core.c
API String ID: 1760609008-52970106
Opcode ID: 0f375ba2479147d1db9dcd4fc110b450b02ef6207ebd0aed085ebb87570157c0
Instruction ID: 42ae813dfef433a9084e05898fd2d00f36d4c7f5a6a2586f39cd212398858a95
Opcode Fuzzy Hash: 0f375ba2479147d1db9dcd4fc110b450b02ef6207ebd0aed085ebb87570157c0
Instruction Fuzzy Hash: 8621BE31604706DFCB10CB64D486F99FBA6FF52324F18CA2AE05A97241E370B990CE81

Function 0059F210 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059F2A1

Strings

HTTP/1.0, xrefs: 0059F274, 0059F287
HTTP/1.1, xrefs: 0059F26A
%s %s, xrefs: 0059F24D
%s %s%s%s, xrefs: 0059F28D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: HTTP/1.0$ HTTP/1.1$%s %s$%s %s%s%s
API String ID: 269201875-3978687439
Opcode ID: 6c584f73e69cbe1823490fd44f8547b5498e1d83a747ba9adaad1f7dbcae0064
Instruction ID: f6f8509267b6d455098fb07ac38faf734c7f963dff89afe0e1e6b69ac817de8f
Opcode Fuzzy Hash: 6c584f73e69cbe1823490fd44f8547b5498e1d83a747ba9adaad1f7dbcae0064
Instruction Fuzzy Hash: 9111267A900209BBCF05DFA4CC95B9F7FBDAB89310F0001A6F905EB241E6319A549BA0

Function 005B0D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

__wassert.LIBCMT ref: 005B0DA3

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

Strings

Read request for %d bytes from IOD #%li [%s:%hu] EID %li, xrefs: 005B0DE5
nse, xrefs: 005B0D9E
src\nsock_read.c, xrefs: 005B0D99
Read request for %d bytes from IOD #%li (peer unspecified) EID %li, xrefs: 005B0DFE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$FileHandleName__vfwprintf_p_memset
String ID: Read request for %d bytes from IOD #%li (peer unspecified) EID %li$Read request for %d bytes from IOD #%li [%s:%hu] EID %li$nse$src\nsock_read.c
API String ID: 3609237820-2007483775
Opcode ID: bbb02a976fb4c8c43c9867db72b999b1b12fe87ac5098e2b8ebd58539f994470
Instruction ID: 13165ad261d3cb8ecc89471aa85ebdf1f4436545ace9db67ee31724e4b40951f
Opcode Fuzzy Hash: bbb02a976fb4c8c43c9867db72b999b1b12fe87ac5098e2b8ebd58539f994470
Instruction Fuzzy Hash: 19116D72A4020ABBCB216EA59C46FDB7FADFB49314F044415FD4852242E236B5709BE1

Function 005B0E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

__wassert.LIBCMT ref: 005B0E63

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

Strings

Read request for %d lines from IOD #%li (peer unspecified) EID %li, xrefs: 005B0EBE
nse, xrefs: 005B0E5E
src\nsock_read.c, xrefs: 005B0E59
Read request for %d lines from IOD #%li [%s:%hu] EID %li, xrefs: 005B0EA5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$FileHandleName__vfwprintf_p_memset
String ID: Read request for %d lines from IOD #%li (peer unspecified) EID %li$Read request for %d lines from IOD #%li [%s:%hu] EID %li$nse$src\nsock_read.c
API String ID: 3609237820-505108441
Opcode ID: 4953229233fa05b766146d9f1f7a2f5019b0a2c134b5050eae3a0da8475c9982
Instruction ID: 67922493e66a7694d10e92c942ccd948725fb6b990f7b4b0577c326323307d26
Opcode Fuzzy Hash: 4953229233fa05b766146d9f1f7a2f5019b0a2c134b5050eae3a0da8475c9982
Instruction Fuzzy Hash: B7118F7290020ABBCB216EA5DC46FDB7FADFF49324F004815FD4852242E236E5709BE1

Function 005B0CB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

__wassert.LIBCMT ref: 005B0CE6

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005AE230: __wassert.LIBCMT ref: 005AE250
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2B4
Part of subcall function 005AE230: __vfwprintf_p.LIBCMT ref: 005AE2C6
Part of subcall function 005AE230: _fprintf.LIBCMT ref: 005AE2D6

Strings

nse, xrefs: 005B0CE1
src\nsock_read.c, xrefs: 005B0CDC
Read request from IOD #%li [%s:%hu] (timeout: %dms) EID %li, xrefs: 005B0D29
Read request from IOD #%li (peer unspecified) (timeout: %dms) EID %li, xrefs: 005B0D3F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module_fprintf$FileHandleName__vfwprintf_p_memset
String ID: Read request from IOD #%li (peer unspecified) (timeout: %dms) EID %li$Read request from IOD #%li [%s:%hu] (timeout: %dms) EID %li$nse$src\nsock_read.c
API String ID: 3609237820-1044613702
Opcode ID: 0fce1f487e461e74d2fefa7a5a28e46882aca5fcee7ad1efc688bda281a755d6
Instruction ID: 13184f77d7600a6bf6ccf4bf754dd414ecc0f7c34db4832cda1001ca4af6a734
Opcode Fuzzy Hash: 0fce1f487e461e74d2fefa7a5a28e46882aca5fcee7ad1efc688bda281a755d6
Instruction Fuzzy Hash: 6011A37694020ABBDB116E549C86FDB7F6DBF59714F040425FD085A283D232A9209BF2

Function 005C3770 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 005C3797
_swscanf.LIBCMT ref: 005C37BA

Part of subcall function 00668C72: _vscan_fn.LIBCMT ref: 00668C86

_strtoul.LIBCMT ref: 005C37C9

Part of subcall function 00669DE2: strtoxl.LIBCMT ref: 00669E02

Strings

%I64i, xrefs: 005C37B4
OPENSSL_ia32cap, xrefs: 005C3788

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wgetenv_strtoul_swscanf_vscan_fnstrtoxl
String ID: %I64i$OPENSSL_ia32cap
API String ID: 409312853-1470193844
Opcode ID: b90df1b534c17fb3d19ed581f683f49ba0730541dc8e9054ebfaadedb3838c11
Instruction ID: 6707ebd73d154884dc43769b67babc7514931434b951314cb32b6871246d9943
Opcode Fuzzy Hash: b90df1b534c17fb3d19ed581f683f49ba0730541dc8e9054ebfaadedb3838c11
Instruction Fuzzy Hash: 6A11E5B2D452126FE710AFA0CC41B577BD9BB80385F0AC57DFC0897211EA799D04CBA6

Function 005B15C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0046
Part of subcall function 005B0020: _memset.LIBCMT ref: 005B007D
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B00AE
Part of subcall function 005B0020: __wassert.LIBCMT ref: 005B0124

__wassert.LIBCMT ref: 005B15F0

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

Timer created - %dms from now. EID %li, xrefs: 005B1606
nse, xrefs: 005B15EB
src\nsock_timers.c, xrefs: 005B15E6
+Z, xrefs: 005B15CE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert$Module$FileHandleName_memset
String ID: +Z$Timer created - %dms from now. EID %li$nse$src\nsock_timers.c
API String ID: 2164031735-1533878919
Opcode ID: 872bdd4f8d2f94f2e1df3bd271958833737010ec530a81acd8efcd92ccb8f1f5
Instruction ID: e06ad1c664d7465ba4ee0ee500576c514cf05683e0b7580340054c7176d9b550
Opcode Fuzzy Hash: 872bdd4f8d2f94f2e1df3bd271958833737010ec530a81acd8efcd92ccb8f1f5
Instruction Fuzzy Hash: 46F0B43254060A77CF116E44AC07FCF3B1AEF85725F550415FA1816282E772A5308BEA

Function 005AF600 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF61B

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Part of subcall function 005B2120: _malloc.LIBCMT ref: 005B212B

_memmove.LIBCMT ref: 005AF643

Strings

D&s, xrefs: 005AF639
src\nsock_iod.c, xrefs: 005AF611
iod, xrefs: 005AF616

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert_malloc_memmove
String ID: D&s$iod$src\nsock_iod.c
API String ID: 1478072667-2858696188
Opcode ID: bbf0728a5f55f7b301063fb17aa104139875504403417453fee9f1c8119957c0
Instruction ID: d3db0795fd76ce966b518b4a9559e0c15744f05a4794a6f4e34c42f6fcd4cd41
Opcode Fuzzy Hash: bbf0728a5f55f7b301063fb17aa104139875504403417453fee9f1c8119957c0
Instruction Fuzzy Hash: E2F0E533E8061476CA016EB9AC029DEBB1DEFD2771F01022BF93C97281E730A5104BD5

Function 0066F422 Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0066F480
_memcpy_s.LIBCMT ref: 0066F4F2
__read_nolock.LIBCMT ref: 0066F550
__filbuf.LIBCMT ref: 0066F573
_memset.LIBCMT ref: 0066F5B7

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: 04013221d83213cb932a169d6122f5e7553ff21a6f6717e407f5730d50a9d5b2
Instruction ID: 1eeb3c4cee8ca330fee4df6b720c2430047b02eefe4168cdaaceb233545495b1
Opcode Fuzzy Hash: 04013221d83213cb932a169d6122f5e7553ff21a6f6717e407f5730d50a9d5b2
Instruction Fuzzy Hash: 7051E131A003069BDB249F79E8806AE77E7AF50320F24873DF83A967D1DB719D518B90

Function 005A01A0 Relevance: 7.6, APIs: 5, Instructions: 109COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005A01AD
___from_strstr_to_strchr.LIBCMT ref: 005A01CB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID:
API String ID: 601868998-0
Opcode ID: 8dce78a4b2591717fd3257dcee27b31f0f890e49aa33e77d48872ef6873418d0
Instruction ID: 60048936f7f1916f42b7cb85bf13c9470cd645d797d612de66719f96f61569e2
Opcode Fuzzy Hash: 8dce78a4b2591717fd3257dcee27b31f0f890e49aa33e77d48872ef6873418d0
Instruction Fuzzy Hash: 50315775A143096FEB219A64EC457AEBF99FF03329F0441A5EC0887281E731A914C3A1

Function 0059EFA0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0059EFF7
_free.LIBCMT ref: 0059F000

Part of subcall function 006685B6: HeapFree.KERNEL32(00000000,00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?), ref: 006685CA
Part of subcall function 006685B6: GetLastError.KERNEL32(00000000,?,006728BC,00000000,?,?,?,00000000,?,00676ABC,00000018,007257C8,00000008,006769E9,?,?), ref: 006685DC

_free.LIBCMT ref: 0059F021
_free.LIBCMT ref: 0059F027
_free.LIBCMT ref: 0059F03C

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast_memmove
String ID:
API String ID: 3056279790-0
Opcode ID: 9309c2f5ff21634bd21833bae211a7db1ea3f03d06ae0d3c459d3e316c9717e6
Instruction ID: 8e26695c386fc1dfc843179879f659f844ed88be8aae94cb7059816dc88c11e9
Opcode Fuzzy Hash: 9309c2f5ff21634bd21833bae211a7db1ea3f03d06ae0d3c459d3e316c9717e6
Instruction Fuzzy Hash: D0112073D002046BDB10EE79DC85AEEBBADEF81320F044175FD05D6241EA354A1587E1

Function 0066D014 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0066D020

Part of subcall function 0066ADA6: __FF_MSGBANNER.LIBCMT ref: 0066ADBD
Part of subcall function 0066ADA6: __NMSG_WRITE.LIBCMT ref: 0066ADC4
Part of subcall function 0066ADA6: RtlAllocateHeap.NTDLL(00C70000,00000000,00000001,00000000,00000000,00000000,?,00676835,?,?,?,00000000,?,00676ABC,00000018,007257C8), ref: 0066ADE9

_free.LIBCMT ref: 0066D033

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 29a7cbf79781defbaab1df844092a4eaf671e330edbab5d3ff0f18e1c9a630ed
Instruction ID: 9df04a7e94c16c49383fb87af59d3696138a834cb5d57f4b863d718a56196856
Opcode Fuzzy Hash: 29a7cbf79781defbaab1df844092a4eaf671e330edbab5d3ff0f18e1c9a630ed
Instruction Fuzzy Hash: 0411C632E04615AFDFB03F74BC45A9A37D7AF14361F10822DF9499B251DF398D428698

Function 005B5490 Relevance: 7.6, APIs: 5, Instructions: 62fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000200,?,00000000), ref: 005B54C5
WriteFile.KERNEL32(?,?,?,00000000), ref: 005B54F8
ReadFile.KERNEL32(?,00000200,?,00000000), ref: 005B5527
CloseHandle.KERNEL32 ref: 005B553A
CloseHandle.KERNEL32 ref: 005B5542

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: File$CloseHandleRead$Write
String ID:
API String ID: 256437895-0
Opcode ID: 4d0183f268f1c5c38f4d88c586cddd4560ce19b81fb1ddcac8d605c16888f804
Instruction ID: 7b15d24994edc625f8e7bb8cd09d12763b66ae4ec61bfbc1b9224d19c005d1da
Opcode Fuzzy Hash: 4d0183f268f1c5c38f4d88c586cddd4560ce19b81fb1ddcac8d605c16888f804
Instruction Fuzzy Hash: 871184B150031CABFB20DB24DC45FEA77BDEB04711F508295E514D61A1EF35AE858F64

Function 005CF750 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 265COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 005CF7E1

Part of subcall function 005D78D0: _memset.LIBCMT ref: 005D78F2

Strings

NO X509_NAME, xrefs: 005CF7DB
.\crypto\x509\x509_obj.c, xrefs: 005CFA36

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset_strncpy
String ID: .\crypto\x509\x509_obj.c$NO X509_NAME
API String ID: 3140232205-14672339
Opcode ID: ef48657dc4a21db443e6cf3ee68127ae8ea01a51117962a9a2008f18725cabb4
Instruction ID: 2d31c0bfa69960ad4228e7335ae536f6c61938c2e9647a6fcfaa433b6f56fa04
Opcode Fuzzy Hash: ef48657dc4a21db443e6cf3ee68127ae8ea01a51117962a9a2008f18725cabb4
Instruction Fuzzy Hash: 3191D2719083429FD720DF68C885B5ABFE2BF94704F19493EF88997342E735D9058B92

Function 005D5A70 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

.\crypto\objects\obj_lib.c, xrefs: 005D5AAB, 005D5AC8, 005D5B2B, 005D5B6D, 005D5BAC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\objects\obj_lib.c
API String ID: 0-1655395264
Opcode ID: fa93dc4e5aac296497097ca7ac10021d1a9f506b10b3c21c071ba0aed8ae41ae
Instruction ID: 5ea49c4b3ec83ce909b8ad1b7860463291a956f9c6093840a5a3c4a0f7e96ded
Opcode Fuzzy Hash: fa93dc4e5aac296497097ca7ac10021d1a9f506b10b3c21c071ba0aed8ae41ae
Instruction Fuzzy Hash: D84143B67007066FE720EFA8AC41F67BB95BF80715F14853FF94686642EB62E4148B90

Function 005C6560 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005C6611

Strings

0123456789abcdef, xrefs: 005C65FA, 005C669A, 005C66C9
<NULL>, xrefs: 005C6575
.\crypto\bio\b_print.c, xrefs: 005C65F5, 005C662D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: .\crypto\bio\b_print.c$0123456789abcdef$<NULL>
API String ID: 4104443479-1901003480
Opcode ID: fc14e080f88cd8331a6d3739e48528dff090c7462dabeadefc331749c391497a
Instruction ID: ad3a38e73bce17a27fb0de4506d04262b7db1fe421d154e01f57f2aba38bbdae
Opcode Fuzzy Hash: fc14e080f88cd8331a6d3739e48528dff090c7462dabeadefc331749c391497a
Instruction Fuzzy Hash: 7C4169702083429FDB14DF58C880F2ABFE5FFC5308F64495DF8858B242E7719A818B46

Function 005A7330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON

Download Yara Rule

APIs

__read.LIBCMT ref: 005A7360
_free.LIBCMT ref: 005A74A9

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Part of subcall function 00668D90: __getptd_noexit.LIBCMT ref: 00668D94

Strings

EOF on stdin, xrefs: 005A73B0
Error reading from stdin: %s, xrefs: 005A7390

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit$__read_free
String ID: EOF on stdin$Error reading from stdin: %s
API String ID: 1157239004-3416925609
Opcode ID: 53f3ddc2e107ae992803e9723a7e7540f668e176b9cc8e3e0c68fb20b1ab5cbc
Instruction ID: ed57fa8082aad9726fdfc68443d2a406c95b4837ef123d3f5172d7b5ab9c5d66
Opcode Fuzzy Hash: 53f3ddc2e107ae992803e9723a7e7540f668e176b9cc8e3e0c68fb20b1ab5cbc
Instruction Fuzzy Hash: A841F970A0021DCBEF24EB54DC89BAD77A9FF49300F0141DAE80967153DB356E86CB99

Function 005A18E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,?), ref: 005A1A4C

Strings

select returned %d fds ready, xrefs: 005A1A26
Broker connection count is %d, xrefs: 005A19DF
fd %d is ready, xrefs: 005A1A5F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: Broker connection count is %d$fd %d is ready$select returned %d fds ready
API String ID: 0-2248981422
Opcode ID: 869151e0113bd7f5f6c2d2d9d791128d55cd2f795aaccbbbf1de874a0692dfa4
Instruction ID: 1b440f72c553d318195c9a8f6bc1bbdb5700ae1cc49678d57e856169aca754bf
Opcode Fuzzy Hash: 869151e0113bd7f5f6c2d2d9d791128d55cd2f795aaccbbbf1de874a0692dfa4
Instruction Fuzzy Hash: 8A414A74900A12EFFB28B764AC5FBAF3E68BB42702F414014F845A2193D6794587C7BE

Function 005D79B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D79CB
_memset.LIBCMT ref: 005D79EC

Strings

.\crypto\buffer\buffer.c, xrefs: 005D7A08, 005D7A3E, 005D7A53, 005D7A70

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c
API String ID: 2102423945-294840303
Opcode ID: 35713f947c768c27bb973ec7abc15c0fcbc00e4fe89d941cebdfa6933fe9cbc7
Instruction ID: 576aad266c769c638bd7484105018d419858bb6027211143265053bb1cced94d
Opcode Fuzzy Hash: 35713f947c768c27bb973ec7abc15c0fcbc00e4fe89d941cebdfa6933fe9cbc7
Instruction Fuzzy Hash: 1A21E4B6B043127BD614A62CFC46B5ABB99FB88B14F05412BF619D73C2E2B1AD11C3D4

Function 005A1380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 005B2120: _malloc.LIBCMT ref: 005B212B

Part of subcall function 005B3030: vswprintf.LIBCMT ref: 005B3044

_memmove.LIBCMT ref: 005A1442

Strings

\%03o, xrefs: 005A13F8
, xrefs: 005A139D
<user%d> , xrefs: 005A13AF

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _malloc_memmovevswprintf
String ID: $<user%d> $\%03o
API String ID: 1917943072-3731056544
Opcode ID: 2d7ae557c734aa7473a06809052ba55d297037d9741564cadb91f44ab45d9fa1
Instruction ID: 1f8dda490c4b7f7c4b2306430e21144c8a20f023913ec1613d1262848375fc0e
Opcode Fuzzy Hash: 2d7ae557c734aa7473a06809052ba55d297037d9741564cadb91f44ab45d9fa1
Instruction Fuzzy Hash: DD31A271D00248AFCF11EFA8D845AEDBFBABF0D300F14006AE955A7242E63569118B69

Function 0060A250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0060A2CB

Strings

ENV, xrefs: 0060A29C
default, xrefs: 0060A2DB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wgetenv
String ID: ENV$default
API String ID: 1112669753-1320007843
Opcode ID: f73b780936c49ab7dc20be84237c97c775d1f704f47c6b46fcbda2fdf45b01cd
Instruction ID: 837ec4d1c4ff6f74413b167f5185f0346037b118b1b81d0e494781e59413e3d8
Opcode Fuzzy Hash: f73b780936c49ab7dc20be84237c97c775d1f704f47c6b46fcbda2fdf45b01cd
Instruction Fuzzy Hash: 5321D572A483014BD7119EA4AC51AEBB7D6AEA0794F4C457DEC88D2342E327DB08C693

Function 005C1BA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 005C1BC6
_strncmp.LIBCMT ref: 005C1BF6

Strings

ASN1:, xrefs: 005C1BF0
DER:, xrefs: 005C1BC0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: ASN1:$DER:
API String ID: 909875538-1445514312
Opcode ID: 82a35fbf545a3006b3ca4191dd36c004b8a1873c2b2eff9cbbe57baf6f4a0320
Instruction ID: 0ae7ce33b983de4a848114dde58c8bde3725af5e9ffb962632b40454fe75c0a9
Opcode Fuzzy Hash: 82a35fbf545a3006b3ca4191dd36c004b8a1873c2b2eff9cbbe57baf6f4a0320
Instruction Fuzzy Hash: F2118CA2B00A200EDB182A715C50F767F5BAFA336470940ACFC4AEB203F617DD06C698

Function 0059F3A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0059F414

Strings

HTTP/1.0, xrefs: 0059F3E6, 0059F3FF
%s %d %s%s, xrefs: 0059F400
HTTP/1.1, xrefs: 0059F3DC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free
String ID: %s %d %s%s$HTTP/1.0$HTTP/1.1
API String ID: 269201875-3017260863
Opcode ID: 1c740c86325ef06570008aef64741d9c1c39b8ea9f27d7b00fe549bb2429f62b
Instruction ID: 2e921cf070e479747b2c2ea4597d1ff6507a45f43d6a5c4dae5d031332d908b7
Opcode Fuzzy Hash: 1c740c86325ef06570008aef64741d9c1c39b8ea9f27d7b00fe549bb2429f62b
Instruction Fuzzy Hash: F3016176900108BBCF10DF95D885F9FBFBAEF44310F1041A6FD09AB201DA369A158B90

Function 005B0B90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0BD8

Strings

SSL reconnection requested (IOD #%li) EID %li, xrefs: 005B0BFD
nse, xrefs: 005B0BD3
src\nsock_connect.c, xrefs: 005B0BCE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: SSL reconnection requested (IOD #%li) EID %li$nse$src\nsock_connect.c
API String ID: 3993402318-3097220534
Opcode ID: bedda6339bc044db43d768580ec53d35d1ae30de149e466b1c5a14ba8f43a3f1
Instruction ID: c4fbedd02af20e19430e99e62d17bbc35cd8c0bfd35c07b4e08564b55d72162c
Opcode Fuzzy Hash: bedda6339bc044db43d768580ec53d35d1ae30de149e466b1c5a14ba8f43a3f1
Instruction Fuzzy Hash: 56019276900209BBDB016E90DC46FDF7B69FF45359F001425F91816282E776A5708BE2

Function 005B0C30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B0C50

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN, xrefs: 005B0C4B
UDP unconnected socket (IOD #%li), xrefs: 005B0C7A
src\nsock_connect.c, xrefs: 005B0C46

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: UDP unconnected socket (IOD #%li)$nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN$src\nsock_connect.c
API String ID: 1832359313-2896882335
Opcode ID: 7e6e7cf45713926cdfb4fc1df9857bbf6da323823b9162f28a4bbbbdbb937db4
Instruction ID: c2a0223d7a5e4be861b39062bdaea47a96d2db3974b70554f2e9cc678ef06279
Opcode Fuzzy Hash: 7e6e7cf45713926cdfb4fc1df9857bbf6da323823b9162f28a4bbbbdbb937db4
Instruction Fuzzy Hash: 4FF04C32A4020473C6306958AC47FEF7F56FF91725F141615F51CA22C3D361B86486D5

Function 005ACCB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005ACCCF

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

_memmove.LIBCMT ref: 005ACCE7

Strings

util.c, xrefs: 005ACCC5
end >= start, xrefs: 005ACCCA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert_memmove
String ID: end >= start$util.c
API String ID: 3533946698-2313802945
Opcode ID: b2dddfa16d89df226e9c836148f4a58c4935a2ebdf1d9f70a9d9b24dd3228616
Instruction ID: fa65e7fac85047f035df50266f6f6a6cd8546bc5588e8f64f9ff1ca2b9dad18d
Opcode Fuzzy Hash: b2dddfa16d89df226e9c836148f4a58c4935a2ebdf1d9f70a9d9b24dd3228616
Instruction Fuzzy Hash: 7BF0E5337042143BDB0179AC9CC2DBF7B9EABC9324F05412AFA1997642E562AD0543F5

Function 005B52C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33pipeCOMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005B52DC

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,00000041,?,005B26F6,00000000,00000000,?,007320A8), ref: 005B52F6

Strings

nbase_winunix.c, xrefs: 005B52D2
stdin_pipe_r != NULL, xrefs: 005B52D7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleNameNamedPeekPipe__wassert
String ID: nbase_winunix.c$stdin_pipe_r != NULL
API String ID: 3630145511-403404485
Opcode ID: 8e6136f8e50fdf9b46d82fcf8dfe08b9df0d14870b60bc6c4c6e0f53ef222871
Instruction ID: c066d6de8c3164cdbd99e49f1ab938b823cc8856d0540515474f7104aba774c2
Opcode Fuzzy Hash: 8e6136f8e50fdf9b46d82fcf8dfe08b9df0d14870b60bc6c4c6e0f53ef222871
Instruction Fuzzy Hash: BFF0653079030D67E620DBB9EC43F6973989705B05F104555F908EB2C0F9A5EA108699

Function 005AF660 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF67B

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

_memmove.LIBCMT ref: 005AF6A0

Strings

src\nsock_iod.c, xrefs: 005AF671
iod, xrefs: 005AF676

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert_memmove
String ID: iod$src\nsock_iod.c
API String ID: 3533946698-4210484035
Opcode ID: ae716f35adc927687539e1cc27c8a6869560ed89d7bc40c0059353dde3870f1f
Instruction ID: 2696580fc0484246a3102028bd18ba95cbb7f22c6b729a06969e555e51835d00
Opcode Fuzzy Hash: ae716f35adc927687539e1cc27c8a6869560ed89d7bc40c0059353dde3870f1f
Instruction Fuzzy Hash: D3E06533E4021967CB1059A8BC01ECA375EABD5774F05063AF96C9B281D721951547D5

Function 005ACC30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 005ACC46
__vfwprintf_p.LIBCMT ref: 005ACC5E

Part of subcall function 0066C01D: _vfprintf_helper.LIBCMT ref: 0066C030

Strings

Ncat, xrefs: 005ACC33
%s: , xrefs: 005ACC38

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __vfwprintf_p_fprintf_vfprintf_helper
String ID: %s: $Ncat
API String ID: 323383941-697992811
Opcode ID: 8d461c318b528e8c9eda90930ab7b0a813fc91a48076e34cdda06bd6dfc590b8
Instruction ID: 0e6d9dea3791c328e85e7b7e963f30487807f4a6b1a6985c0b58da4c5f821059
Opcode Fuzzy Hash: 8d461c318b528e8c9eda90930ab7b0a813fc91a48076e34cdda06bd6dfc590b8
Instruction Fuzzy Hash: 7FD05EF2C402087ADB8037E19C03A1A760F49103D0B044015F848CA281E972E51440A9

Function 005B2190 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON

Download Yara Rule

APIs

_calloc.LIBCMT ref: 005B219D

Part of subcall function 00669E0C: __calloc_impl.LIBCMT ref: 00669E1F

Strings

Malloc Failed! Probably out of space., xrefs: 005B21B5
QUITTING!, xrefs: 005B20FC
Tried to malloc negative amount of memory!!!, xrefs: 005B21AB

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __calloc_impl_calloc
String ID: QUITTING!$Malloc Failed! Probably out of space.$Tried to malloc negative amount of memory!!!
API String ID: 2108883976-3809697216
Opcode ID: aeb8e652db9894bd1697c1375ee4f0133b4e428d19058600653def150b309aff
Instruction ID: 7977007c334075a133f30817b3b656be33cc5128613c912906fd651cdda587ce
Opcode Fuzzy Hash: aeb8e652db9894bd1697c1375ee4f0133b4e428d19058600653def150b309aff
Instruction Fuzzy Hash: 1FD0C9A079030E2AEE0076A96C0BF953B9E2F84B91F054016BE0CC5682E991F9A0D5B6

Function 0066E3EB Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0066E481
__flush.LIBCMT ref: 0066E4A1
__write.LIBCMT ref: 0066E4D4
__flsbuf.LIBCMT ref: 0066E502

Part of subcall function 006684DE: __getptd_noexit.LIBCMT ref: 006684DE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: 222ac35535e0669bdda1806253c71011bc142a690170d01256d657dcc5dc67f4
Instruction ID: fcc7f3e82cd2157927c637f55a6b4c8e0de44ba456b7e909dcf1e451c6f23943
Opcode Fuzzy Hash: 222ac35535e0669bdda1806253c71011bc142a690170d01256d657dcc5dc67f4
Instruction Fuzzy Hash: E74193397007069FDB288FB9D8805EE7BE7AF85360B24813DE856C7740EA72DD418B54

Function 0067AAFA Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0067AB30
__isleadbyte_l.LIBCMT ref: 0067AB5E
MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 0067AB8C
MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 0067ABC2

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 5efcb0ead3f0a0bf31cf498c3640eb718e293ddd937ff42df51ccd04ed1b7e03
Instruction ID: bcd4f5db3573f960a5452f0c52e854a1afa2ee0f0b9dd6667af26824915a674b
Opcode Fuzzy Hash: 5efcb0ead3f0a0bf31cf498c3640eb718e293ddd937ff42df51ccd04ed1b7e03
Instruction Fuzzy Hash: 3731B031600246EFDB218FB5CC45BAE7BA7FF81B10F158169F858872A0E731D891DB92

Function 005D89B0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005D89FD
_memmove.LIBCMT ref: 005D8A1F
_memset.LIBCMT ref: 005D8A43
_memmove.LIBCMT ref: 005D8A73

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove$_memset
String ID:
API String ID: 1357608183-0
Opcode ID: 7b3760a690dbaa302dccd1edd5ece6cc15d9f045837d7056ec06bf833681d979
Instruction ID: a2e0207b97b474108fab4eedc2f599269f354c585520a6e8aa485a9c18cd5a4f
Opcode Fuzzy Hash: 7b3760a690dbaa302dccd1edd5ece6cc15d9f045837d7056ec06bf833681d979
Instruction Fuzzy Hash: E521B5B69002055BDB20DA18DC80EA67BADFF94720F16026BFC099B206EB71ED44C6E4

Function 005B57D0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005B581D
_memmove.LIBCMT ref: 005B583F
_memset.LIBCMT ref: 005B5863
_memmove.LIBCMT ref: 005B5893

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove$_memset
String ID:
API String ID: 1357608183-0
Opcode ID: 31079b407157450a4a783d10b3e31f3cb93c4518e8eb1223b3b8d63c9f9dee72
Instruction ID: 0d99a1f8a02cf3aad90770f9288dcabd82f5ab86abada5ed1a944ef18e1756ad
Opcode Fuzzy Hash: 31079b407157450a4a783d10b3e31f3cb93c4518e8eb1223b3b8d63c9f9dee72
Instruction Fuzzy Hash: 6821FEB29002005BDB18DE18D880F977BAEFF90710F11016AFD099B206F731E944CAE4

Function 005B2010 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005B206C
_free.LIBCMT ref: 005B2083
_memmove.LIBCMT ref: 005B209D
_memmove.LIBCMT ref: 005B20AC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove$_free
String ID:
API String ID: 2620147621-0
Opcode ID: ce9dbacc43bc452cc3b03ccf867142c58f48c92e9108dbeeab599f8d7ae90052
Instruction ID: 78fe6d0088364409bc371fade8e640998773c31be45e44a53d4416d9fc3c6fc2
Opcode Fuzzy Hash: ce9dbacc43bc452cc3b03ccf867142c58f48c92e9108dbeeab599f8d7ae90052
Instruction Fuzzy Hash: 7221C0B1A006059FCB659F39DC55D67BBEAEF94320B148A2EF49AD3602E731F840CB50

Function 005B2230 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000400), ref: 005B2255
GetModuleFileNameA.KERNEL32(00000000), ref: 005B225C
___from_strstr_to_strchr.LIBCMT ref: 005B2287
___from_strstr_to_strchr.LIBCMT ref: 005B22AE

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module___from_strstr_to_strchr$FileHandleName
String ID:
API String ID: 4152681497-0
Opcode ID: 4fbad6e3f1a4784636640feb982b3a05bc7e33f1ab84a87cf494491d1c7b810f
Instruction ID: d6719ea9d0dc5e433168f1324152f1d3eb9dcdda8bca24c0086ea51cfcf1660b
Opcode Fuzzy Hash: 4fbad6e3f1a4784636640feb982b3a05bc7e33f1ab84a87cf494491d1c7b810f
Instruction Fuzzy Hash: 4B01DF75A012189BDB50A7745D067EE775DAF14305F000169FE05D6182FA34EA0546AA

Function 005B1630 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Part of subcall function 0066C889: _flsall.LIBCMT ref: 0066C8A2

__vfwprintf_p.LIBCMT ref: 005B1654

Part of subcall function 0066C01D: _vfprintf_helper.LIBCMT ref: 0066C030

_fprintf.LIBCMT ref: 005B166A

Part of subcall function 00669685: _doexit.LIBCMT ref: 0066968F

Part of subcall function 0066C889: __lock_file.LIBCMT ref: 0066C8AB
Part of subcall function 0066C889: __fflush_nolock.LIBCMT ref: 0066C8B5

__vfwprintf_p.LIBCMT ref: 005B16A4
_perror.LIBCMT ref: 005B16AE

Part of subcall function 0066BF17: ___lock_fhandle.LIBCMT ref: 0066BF2A
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF41
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF49
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF55
Part of subcall function 0066BF17: __get_sys_err_msg.LIBCMT ref: 0066BF64
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF6C
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF74
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF81

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __write_nolock$__vfwprintf_p_strlen$___lock_fhandle__fflush_nolock__get_sys_err_msg__lock_file_doexit_flsall_fprintf_perror_vfprintf_helper
String ID:
API String ID: 1729066401-0
Opcode ID: 8ffe2a97c7d772a71f858ba9c0820d02b23d252f5ef14ae29924b3803f316b5c
Instruction ID: 2d2a3839abeac1eec4d84a4ded137f685a29a028ce93b01bb3f6307d7436d559
Opcode Fuzzy Hash: 8ffe2a97c7d772a71f858ba9c0820d02b23d252f5ef14ae29924b3803f316b5c
Instruction Fuzzy Hash: 16F0E7F2C006087AEAC037F19C07E5E364F4A28394B484428F889D6692FD75E65445AE

Function 006778E1 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00677905

Part of subcall function 00678025: __fltout2.LIBCMT ref: 0067804E

__cftog_l.LIBCMT ref: 0067792B
__cftoe_l.LIBCMT ref: 0067795D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: dbf3941e24d6868804e2fe4548d1208fd3a96f358a1199e560aae7a9e007a9ab
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: 0201483204514EBBCF525E94DC418EE3F23BB19354B58C419FA2C99231D636CAB2AB81

Function 005B16D0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 0066C889: _flsall.LIBCMT ref: 0066C8A2

__vfwprintf_p.LIBCMT ref: 005B16F4

Part of subcall function 0066C01D: _vfprintf_helper.LIBCMT ref: 0066C030

_fprintf.LIBCMT ref: 005B170A
_perror.LIBCMT ref: 005B1714

Part of subcall function 0066BF17: ___lock_fhandle.LIBCMT ref: 0066BF2A
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF41
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF49
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF55
Part of subcall function 0066BF17: __get_sys_err_msg.LIBCMT ref: 0066BF64
Part of subcall function 0066BF17: _strlen.LIBCMT ref: 0066BF6C
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF74
Part of subcall function 0066BF17: __write_nolock.LIBCMT ref: 0066BF81

_fprintf.LIBCMT ref: 005B172A

Part of subcall function 0066BDEC: __lock_file.LIBCMT ref: 0066BE33
Part of subcall function 0066BDEC: __stbuf.LIBCMT ref: 0066BEB8
Part of subcall function 0066BDEC: __output_l.LIBCMT ref: 0066BEC8
Part of subcall function 0066BDEC: __ftbuf.LIBCMT ref: 0066BED4

Part of subcall function 00669685: _doexit.LIBCMT ref: 0066968F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __write_nolock$_fprintf_strlen$___lock_fhandle__ftbuf__get_sys_err_msg__lock_file__output_l__stbuf__vfwprintf_p_doexit_flsall_perror_vfprintf_helper
String ID:
API String ID: 4041689630-0
Opcode ID: 2ceb2d0ea45f27a308d75e514aee0cf756da2dde6c51ae5c138cf0fed20f8c24
Instruction ID: 085f75f3b17cd8ebf05192a2fb9d553df805a62eea35b48c5503952bb0e41aa7
Opcode Fuzzy Hash: 2ceb2d0ea45f27a308d75e514aee0cf756da2dde6c51ae5c138cf0fed20f8c24
Instruction Fuzzy Hash: 11E0C9F2D402447AE6C033F19C07A5E290F0E28780B094419B889D6283FD75E55440AE

Function 005BF550 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 298COMMON

Download Yara Rule

APIs

__vsnprintf.LIBCMT ref: 005BF5DD
__vsnprintf.LIBCMT ref: 005BF614

Strings

.\crypto\rsa\rsa_chk.c, xrefs: 005BF5F5, 005BF62D, 005BF66D, 005BF740, 005BF7C0, 005BF822, 005BF860, 005BF879

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __vsnprintf
String ID: .\crypto\rsa\rsa_chk.c
API String ID: 3521431053-2260634685
Opcode ID: 693522829a943bd0ed9581bf2ac5f8f7b126066f97df485fe424861496e9d8ac
Instruction ID: 4b750818b627ae344d211f2c5a9a8d88edb9cf1899cb9a73b37403f931333c9d
Opcode Fuzzy Hash: 693522829a943bd0ed9581bf2ac5f8f7b126066f97df485fe424861496e9d8ac
Instruction Fuzzy Hash: B691C4B2A4470377EA213A749C47B5B7E59BB50708F084536FA08692D3FB65F820C7A2

Function 005D6F70 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D7048
_memset.LIBCMT ref: 005D70C9

Strings

.\crypto\asn1\tasn_new.c, xrefs: 005D7029, 005D70AA, 005D7132, 005D7158

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\asn1\tasn_new.c
API String ID: 2102423945-2878120539
Opcode ID: 439069f3a508c132025de382800dd8b0650f92efc167e5d8fbb9d74afb4468c4
Instruction ID: 6c6bb02912a3af3a85dc726efb621eba61aff62a5d7499f99570fac0df71e3ab
Opcode Fuzzy Hash: 439069f3a508c132025de382800dd8b0650f92efc167e5d8fbb9d74afb4468c4
Instruction Fuzzy Hash: E351D27130470B26E7306AAEAC86F677F98FF85B50F05042BFA04D6381F661E855C6B2

Function 0063F5E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON

Download Yara Rule

Strings

.\ssl\ssl_lib.c, xrefs: 0063F5EE, 0063F615, 0063F638, 0063F6D9, 0063F740, 0063F7B0, 0063F7D3
s->sid_ctx_length <= sizeof s->sid_ctx, xrefs: 0063F736

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\ssl\ssl_lib.c$s->sid_ctx_length <= sizeof s->sid_ctx
API String ID: 0-2654578500
Opcode ID: 8381bcc06ced9cf37f69fbdf0bafeb49e355e26846ff9cf9ad9a418b650f09d5
Instruction ID: 636ce1eeb16def35959531f18e0bb169a112877c534b7a1d0d0af38240e166ea
Opcode Fuzzy Hash: 8381bcc06ced9cf37f69fbdf0bafeb49e355e26846ff9cf9ad9a418b650f09d5
Instruction Fuzzy Hash: A4715BB0B40702AFE714DF78C886FD6B7E0BB45704F044639E91C9B282E7B5A564CBA1

Function 005ABA60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005ABA9C
___from_strstr_to_strchr.LIBCMT ref: 005ABAB3

Strings

Wildcard name "%s" doesn't have at least two components after the wildcard; rejecting., xrefs: 005ABB1F

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: Wildcard name "%s" doesn't have at least two components after the wildcard; rejecting.
API String ID: 601868998-4279434083
Opcode ID: 398bdab56eccf0b9e047fa745e9b4db31821f89e20233999c69d1a1512acb14c
Instruction ID: 76529f2a061462b554110f8f3fc78eb22069fcb451bf88aa664e075e17685110
Opcode Fuzzy Hash: 398bdab56eccf0b9e047fa745e9b4db31821f89e20233999c69d1a1512acb14c
Instruction Fuzzy Hash: ED310B3160424D5BFF214E38A8507FEBF96BB63358F1845A6DC898614BE722D94783F0

Function 005E5880 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 005E59A7

Strings

|T^, xrefs: 005E5880
bd, xrefs: 005E59B5, 005E5998, 005E597B, 005E5945, 005E5950, 005E59A6, 005E59C0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: |T^$bd
API String ID: 4104443479-4045587324
Opcode ID: df05af5690e07589200ebdd34a032e0b41f904a85f89ce460fd27e75ea6c4798
Instruction ID: 513e3706fc47be3c3bd06788941976b31315e7559d2ec8cc54c3fe48bfecac65
Opcode Fuzzy Hash: df05af5690e07589200ebdd34a032e0b41f904a85f89ce460fd27e75ea6c4798
Instruction Fuzzy Hash: EC418435604A80CFD72CCF29E8446A67BE1BF81738F19896DE4D58B2A2E330DC45DB52

Function 005A7960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 005A796C

Strings

Did you specify the port number? It's required for IPv6., xrefs: 005A79F1
Could not resolve proxy "%s"., xrefs: 005A79D0

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: Could not resolve proxy "%s".$Did you specify the port number? It's required for IPv6.
API String ID: 3213747228-2366190706
Opcode ID: 0a9915cc0a672fcbc1ebb90bb831d74c406b43a7a11c165b578f7fde285dfbc9
Instruction ID: 5d1a5727cf0998cf6fddc388dd31df933ad221f0822dcfd00b4bf77fcd51458c
Opcode Fuzzy Hash: 0a9915cc0a672fcbc1ebb90bb831d74c406b43a7a11c165b578f7fde285dfbc9
Instruction Fuzzy Hash: 5D1136A250824ABFEB006F549C45AFF3F59BF57350F040166FD4596102EA269A0583F6

Function 005D78D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 005D78F2
_memset.LIBCMT ref: 005D7995

Strings

.\crypto\buffer\buffer.c, xrefs: 005D790B, 005D793E, 005D7950, 005D7967

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c
API String ID: 2102423945-294840303
Opcode ID: 5a2de534030fb02e9bcf82ea0305d0b53746c32196bca06803d79f28b7f8217f
Instruction ID: bb0b95303c88d7e111f4f5593697fc3c5e22551eb703f634ab74085f5416d312
Opcode Fuzzy Hash: 5a2de534030fb02e9bcf82ea0305d0b53746c32196bca06803d79f28b7f8217f
Instruction Fuzzy Hash: F321DAB6B483167BD210666CEC47B56BB99FB88B18F154127F619D73C2E2B1AC11C390

Function 005ACF60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005ACF81

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

*offset <= *size, xrefs: 005ACF7C
util.c, xrefs: 005ACF77

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: *offset <= *size$util.c
API String ID: 1832359313-849002754
Opcode ID: 1ad274d2219e339bfe23db2967675c32e626ac926b228095e2007a93df4df158
Instruction ID: 8c4eabe743d229dd88ab5fef5a6fc9baad7d2f005385a40bb8ab375e096cf7f7
Opcode Fuzzy Hash: 1ad274d2219e339bfe23db2967675c32e626ac926b228095e2007a93df4df158
Instruction Fuzzy Hash: 4F115171604206DFDB10DF58E881EA9BBEAFF59304F200569F584C7345E372A951CBA2

Function 005ECB20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005ECB29

Strings

.\crypto\x509v3\v3_alt.c, xrefs: 005ECB7B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: .\crypto\x509v3\v3_alt.c
API String ID: 601868998-3847280413
Opcode ID: 961cca5ef3c0ef9fada9dc07c0390d14db7559d03f0eb545f005542d767d23fc
Instruction ID: 5ed46e52c021749171a2e21acfada1e704616e2782533250bf47bfbf4e822f63
Opcode Fuzzy Hash: 961cca5ef3c0ef9fada9dc07c0390d14db7559d03f0eb545f005542d767d23fc
Instruction Fuzzy Hash: 6D119131105206AFC700ABB9DC46F57BF9DBF81318F04856AF54C8A242EA22E41187A4

Function 005CE290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

l <= sizeof(c->iv), xrefs: 005CE2F9
.\crypto\evp\evp_lib.c, xrefs: 005CE300

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\evp\evp_lib.c$l <= sizeof(c->iv)
API String ID: 0-1790184000
Opcode ID: 34feb3f9b04583ccd0f13c626b791aa3a568bfaacc7c34395860f24cd1e92634
Instruction ID: c46b87f0c8f5cadb9054bd8c230759681195e3b012e9c8adb5e8b16dd5d2fc05
Opcode Fuzzy Hash: 34feb3f9b04583ccd0f13c626b791aa3a568bfaacc7c34395860f24cd1e92634
Instruction Fuzzy Hash: 1401A576A002119FC710CE98D882F9B7BA9FBC4B60B184A6EF9558B281D371EC15D691

Function 005A3D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(00000000,?), ref: 005A3D54
WSAGetLastError.WS2_32 ref: 005A3D80

Strings

Error sending to fd %d: %s., xrefs: 005A3D8D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: Error sending to fd %d: %s.
API String ID: 1452528299-1604897461
Opcode ID: 96d074c11b7688cbeff10bcabfdbb1b601ef4f3c9d3e9bf3a3ab945c33925823
Instruction ID: 7c30d6580c6f5d97f5fd5dea48209f02cf9ee31e1f6f360f27e5a2a0022ce5d8
Opcode Fuzzy Hash: 96d074c11b7688cbeff10bcabfdbb1b601ef4f3c9d3e9bf3a3ab945c33925823
Instruction Fuzzy Hash: D7014C72900606EFDB213EA59C4E9DFBF5DFF81369B004120FD18A1452D331D92187B5

Function 005B3C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

htonl.WS2_32(c8[), ref: 005B3C21
htonl.WS2_32(00000000), ref: 005B3C2A

Strings

c8[, xrefs: 005B3C03, 005B3C20

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: htonl
String ID: c8[
API String ID: 2009864989-1593219308
Opcode ID: 316a09849ed4f4973d3a274ddb537bd9165498d5425892d330d39c28202e0b40
Instruction ID: 1cdcd28dbdbfb3a2c6abba326627bc1f3bd8debe6b4d93d55e66914f70baa4d5
Opcode Fuzzy Hash: 316a09849ed4f4973d3a274ddb537bd9165498d5425892d330d39c28202e0b40
Instruction Fuzzy Hash: 0E01627261071467DB2466E9DC1DAEB3E9CEF84761F000A19F916F7682D934FF0083A0

Function 005AE990 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AE9AD

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

(iod->readsd_count) >= 0, xrefs: 005AE9A8
src\nsock_core.c, xrefs: 005AE9A3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: (iod->readsd_count) >= 0$src\nsock_core.c
API String ID: 1832359313-212430703
Opcode ID: a421b635bd1fb481b3e5f25598b3b9a3b0d3eb4312ee86f52fc9523fc20cdf8e
Instruction ID: d5722b31ff8e3fca14e4501789212b1cb11b0bf20947293a02db52583e1b1d9f
Opcode Fuzzy Hash: a421b635bd1fb481b3e5f25598b3b9a3b0d3eb4312ee86f52fc9523fc20cdf8e
Instruction Fuzzy Hash: B301D471300706AFDB148E08C4C2B6AB7A6FF85314F24853FE94A87641D331B851CB90

Function 005AEAD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AEAED

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

(iod->writesd_count) >= 0, xrefs: 005AEAE8
src\nsock_core.c, xrefs: 005AEAE3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: (iod->writesd_count) >= 0$src\nsock_core.c
API String ID: 1832359313-2847875116
Opcode ID: aa0da92cfa729e7b463ea34877c22c1356415004d9146ad12f0be3975fae11a5
Instruction ID: e0bf78b2979ca7cd72b1224e1bcf47608f125258ac78b8af018969c8f3d3f2ce
Opcode Fuzzy Hash: aa0da92cfa729e7b463ea34877c22c1356415004d9146ad12f0be3975fae11a5
Instruction Fuzzy Hash: 6701D431700606AFDB188F14D896EA8B7EAFB95324F14853ED59687201D771BC918F90

Function 005CFAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 005CFADE
GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000F5), ref: 005CFAFE

Strings

.\crypto\bio\bss_file.c, xrefs: 005CFAF9, 005CFB13

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast__fread_nolock
String ID: .\crypto\bio\bss_file.c
API String ID: 3734711595-2413717009
Opcode ID: a787cb074b95558af0c6f5935656389331f6166925055b479a4413018ef931a6
Instruction ID: 7210e333456efc48996897be572f7be97198195392cb549292290d7d971ab9f2
Opcode Fuzzy Hash: a787cb074b95558af0c6f5935656389331f6166925055b479a4413018ef931a6
Instruction Fuzzy Hash: BCF0C2317843017AEA2027B9BC0AF9B7B86ABC8B20F054539F645E61C2DEA0DC418A61

Function 005C1B30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 005C1B56

Strings

localhost, xrefs: 005C1B30, 005C1B55
critical,, xrefs: 005C1B50

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: critical,$localhost
API String ID: 909875538-1331461735
Opcode ID: 67ac906207eff87648a9dc462932dd146545a1d03de973f787834eda1ba771b2
Instruction ID: ed307c7808a7af2c5ef5348237a3649584f3bba807b1782fbf0bf81296412a3f
Opcode Fuzzy Hash: 67ac906207eff87648a9dc462932dd146545a1d03de973f787834eda1ba771b2
Instruction Fuzzy Hash: 42F04C65A04A210FEB1019356C10B767F59AF62378F0880ADEC89D7203F512DD0386D4

Function 005CDD10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 005CDD76

Part of subcall function 005C3AB0: _raise.LIBCMT ref: 005C3AC8

Strings

.\crypto\evp\digest.c, xrefs: 005CDD28
ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 005CDD1E

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset_raise
String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
API String ID: 1484197835-3867593797
Opcode ID: b4762e0cf7c7b7204e06ef2ced42736c95aff710fc7b1eefc6fcbfc758d60916
Instruction ID: 99ab932563320ca763e73fb4d6eace68de9abb0a9649d7b2214a04379e73585c
Opcode Fuzzy Hash: b4762e0cf7c7b7204e06ef2ced42736c95aff710fc7b1eefc6fcbfc758d60916
Instruction Fuzzy Hash: 7C012C35A002019FD320DF48EC42E557BE6AF98300F19846DF589D7252D762DD55CB95

Function 005AFAF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AFB0F

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

iod->ssl != NULL, xrefs: 005AFB0A
src\nsock_ssl.c, xrefs: 005AFB05

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: iod->ssl != NULL$src\nsock_ssl.c
API String ID: 1832359313-4110589646
Opcode ID: e0c0552c565f4c0d93129db9a515c8a09a4f8ae67737f0441312083fba9b3fe5
Instruction ID: 7bf78ebf79fc572d750713c1e18d9adc7c0afa010f4b6b67f2317e596d6934df
Opcode Fuzzy Hash: e0c0552c565f4c0d93129db9a515c8a09a4f8ae67737f0441312083fba9b3fe5
Instruction Fuzzy Hash: D2F08272E41704A7DA5026E4FD13BD77B9A9F11359F040039F84D91163F762F92483A5

Function 005B2120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 005B212B

Part of subcall function 0066ADA6: __FF_MSGBANNER.LIBCMT ref: 0066ADBD
Part of subcall function 0066ADA6: __NMSG_WRITE.LIBCMT ref: 0066ADC4
Part of subcall function 0066ADA6: RtlAllocateHeap.NTDLL(00C70000,00000000,00000001,00000000,00000000,00000000,?,00676835,?,?,?,00000000,?,00676ABC,00000018,007257C8), ref: 0066ADE9

Strings

Malloc Failed! Probably out of space., xrefs: 005B2143
Tried to malloc negative amount of memory!!!, xrefs: 005B2139

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AllocateHeap_malloc
String ID: Malloc Failed! Probably out of space.$Tried to malloc negative amount of memory!!!
API String ID: 501242067-3875994925
Opcode ID: 5facf1b1a6d18fcc44329cdae0f120e6c9d8cb1f30b78058b91b1d577a78a3c7
Instruction ID: 0589a3fa802ac67232d52dd13666579230c48a39faa16edb8c2bd50442e3d30d
Opcode Fuzzy Hash: 5facf1b1a6d18fcc44329cdae0f120e6c9d8cb1f30b78058b91b1d577a78a3c7
Instruction Fuzzy Hash: 6FE01265B0030E279A1439A9AC06B9A3F8E6D40754F044025BF0CC6611E621FA50D5B6

Function 005AE860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AE895

Strings

nse->iod->ssl != NULL && (nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ || nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE), xrefs: 005AE890
src\nsock_core.c, xrefs: 005AE88B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: nse->iod->ssl != NULL && (nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ || nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE)$src\nsock_core.c
API String ID: 3993402318-3611603316
Opcode ID: f9cd3b67db24b4de7f2bd1b069c1386b6d4fc9890960cd27cbe7c2f99228aa29
Instruction ID: 806eae6215cb6577ea2e48a28728e47ef52749fde603d413a030a5269eca6c0d
Opcode Fuzzy Hash: f9cd3b67db24b4de7f2bd1b069c1386b6d4fc9890960cd27cbe7c2f99228aa29
Instruction Fuzzy Hash: 05F0E536940305ABDA306798AC47FDE7F9BFB02324F4808A6F90D57291E2356994C7A3

Function 005AFD80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AFDAC

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_event.c, xrefs: 005AFDA2
type < NSE_TYPE_MAX, xrefs: 005AFDA7

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: src\nsock_event.c$type < NSE_TYPE_MAX
API String ID: 1832359313-1007903493
Opcode ID: 9a2f326d8f1421973715cf40ef85056c9e1336b01468af6c9f82eaab2e6644c1
Instruction ID: 110d3f305b81bafe0221b537db2bf640bd3940e2031afe4002ea57f094dde786
Opcode Fuzzy Hash: 9a2f326d8f1421973715cf40ef85056c9e1336b01468af6c9f82eaab2e6644c1
Instruction Fuzzy Hash: 4DE06572A0060AABC710DF55E801BC9F7D9FB41774F018227E92C67290E371A624CFD1

Function 005B3A57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_wprintf.LIBCMT ref: 005B3A77
_wprintf.LIBCMT ref: 005B3A8A

Strings

%08lX , xrefs: 005B3A72

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _wprintf
String ID: %08lX
API String ID: 2738768116-2061277246
Opcode ID: 81a17aa808f2f8fcbd94b98e17405a596d95983aada5e509194867620134a8f3
Instruction ID: 4e5cca67fb3fff752892b4dd3655fe0890587c60d6eedc77aab10a9a58c7f4bc
Opcode Fuzzy Hash: 81a17aa808f2f8fcbd94b98e17405a596d95983aada5e509194867620134a8f3
Instruction Fuzzy Hash: 7FE0C2F3D4410483CB509A88AC427A4BE83BBD0331F350127D8CB72300B171A7D8899B

Function 005B3A67 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_wprintf.LIBCMT ref: 005B3A77
_wprintf.LIBCMT ref: 005B3A8A

Strings

%08lX , xrefs: 005B3A72

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _wprintf
String ID: %08lX
API String ID: 2738768116-2061277246
Opcode ID: 0bf8ba32123214bfa46fcc56514c4b62bba5594a5216f5454970ad1f83ffc677
Instruction ID: b2cd0619cbb8a7a3d09ff1a7db4ae046e17843d931860ba1fa4a5777c9929c31
Opcode Fuzzy Hash: 0bf8ba32123214bfa46fcc56514c4b62bba5594a5216f5454970ad1f83ffc677
Instruction Fuzzy Hash: 3FD012F2D4454456CB619A84AC46A547A43B7D4321F250167D88A75200B17156948997

Function 005ACBF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 005ACC01
__vfwprintf_p.LIBCMT ref: 005ACC19

Part of subcall function 0066C01D: _vfprintf_helper.LIBCMT ref: 0066C030

Strings

NCAT DEBUG: , xrefs: 005ACBF3

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __vfwprintf_p_fprintf_vfprintf_helper
String ID: NCAT DEBUG:
API String ID: 323383941-280926245
Opcode ID: e00aad4bd1a7cf155db9a72d358eb2b662c775f919ab41decb708531bbf07557
Instruction ID: e9d63f3ea493ef34b09efc80567067bd326cf96b06c3d4a16e6dd7bd346500df
Opcode Fuzzy Hash: e00aad4bd1a7cf155db9a72d358eb2b662c775f919ab41decb708531bbf07557
Instruction Fuzzy Hash: 1BD0C7F3C4024877DB8177F1DC03959765F49143D0B044425F848CA251FA72E55545A9

Function 00668118 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

__isalnum_l.LIBCMT ref: 0066813C

Strings

V([, xrefs: 00668139, 00668124
PLq, xrefs: 00668127

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __isalnum_l
String ID: PLq$V([
API String ID: 201179438-3826546972
Opcode ID: d3c74e6945361b654fb27aa87ec52ead4767c38016650026ec44ed3b7ec6a5db
Instruction ID: 1920767e2133b4ad19fc9f9ae81593e6ccf39a55c599d7fc6ad7ba778f5707a0
Opcode Fuzzy Hash: d3c74e6945361b654fb27aa87ec52ead4767c38016650026ec44ed3b7ec6a5db
Instruction Fuzzy Hash: A1D05E321586089EEB109B00EC02FA837E9A700729F50902AF84C0E5F0DF79A9A1CA48

Function 006682AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

__isspace_l.LIBCMT ref: 006682CF

Strings

84[, xrefs: 006682CC, 006682B9
PLq, xrefs: 006682BC

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __isspace_l
String ID: 84[$PLq
API String ID: 1989754883-4008368208
Opcode ID: 8420f04f7b3d103a2640ecbb66724fe6d4dd6bdef259ea5a2a851cc11c5cdabd
Instruction ID: eabd31f0bcc826c82d322ed23b1898dcf3a4dc723a4577779d438c02bec7808e
Opcode Fuzzy Hash: 8420f04f7b3d103a2640ecbb66724fe6d4dd6bdef259ea5a2a851cc11c5cdabd
Instruction Fuzzy Hash: 58D05E321546089EDB505B90EC12B7833A9E740726F10842AF84C0F1B1DF39E9A1DA98

Function 00668282 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__ispunct_l.LIBCMT ref: 006682A4

Strings

PLq, xrefs: 00668291
p([, xrefs: 006682A1, 0066828E

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __ispunct_l
String ID: PLq$p([
API String ID: 2282263995-3637789518
Opcode ID: 89997f37862c7d2d0a9b5f01849a275e975044bc3e93d3f9096737b80219e2ec
Instruction ID: 756c32c0f6cc1dc09a99f049bbb94c10b82b17461261cc643cdfe0ccfc59f1b5
Opcode Fuzzy Hash: 89997f37862c7d2d0a9b5f01849a275e975044bc3e93d3f9096737b80219e2ec
Instruction Fuzzy Hash: 01D05E321186089EEB506B45EC02B7833EAA700726F10841AF94C0E1F1DF79A9B08A88

Function 005A6360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005A6398

Strings

ncat_listen.c, xrefs: 005A638E
count <= INT_MAX, xrefs: 005A6393

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: count <= INT_MAX$ncat_listen.c
API String ID: 3993402318-993100143
Opcode ID: 0dc5943fc64d3e39d33788646ef7d4f3a538dd2e5e2c4bdbef672c31ed2fbc04
Instruction ID: 8a9df44bc26895ec09287b81e2e2b69147bfc3daef92c7c22f4c77cbbf33b53f
Opcode Fuzzy Hash: 0dc5943fc64d3e39d33788646ef7d4f3a538dd2e5e2c4bdbef672c31ed2fbc04
Instruction Fuzzy Hash: 7AD01272E412209EEA50AB2CBC1574577946745726F058616F430732E2EA741C464B89

Function 0059F460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0059F470

Strings

iY, xrefs: 0059F463, 0059F46A
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 0059F46B

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$iY
API String ID: 601868998-1673437976
Opcode ID: 8b6fa8ce0aa3bd57e7f009726dbf699627d5c7bff0956324b66e708b72ca572e
Instruction ID: 67b315489f7eb1c03b77f6b256897bb89cdc47fe6b92e548aaa5455562bae2c8
Opcode Fuzzy Hash: 8b6fa8ce0aa3bd57e7f009726dbf699627d5c7bff0956324b66e708b72ca572e
Instruction Fuzzy Hash: 6ED0123175420916EF1055A9FC41B7337CD5B0474CF080035BC0CC5241E555ED5086A1

Function 0059F4F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0059F500

Strings

0123456789, xrefs: 0059F4FB
yY, xrefs: 0059F4F3, 0059F4FA

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: 0123456789$yY
API String ID: 601868998-4189420551
Opcode ID: 264c28870c5ed286dca3f3d1159b16132d0f48dd59df22766c3344d0663500ce
Instruction ID: 1d177d230b313ca9c0202a54215a35711153d26c8991884d539af083a6064835
Opcode Fuzzy Hash: 264c28870c5ed286dca3f3d1159b16132d0f48dd59df22766c3344d0663500ce
Instruction Fuzzy Hash: 3ED0123175420916EF2059A9FD41B6237CD5B0074CF090035BC0CC6282F551FD5081A1

Function 005AF6C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF6DA

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF6D0
nsockiod, xrefs: 005AF6D5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: 81ebb184e0a091dc3788fdf86fc60088ed84852ec8dd29fc6bcc6974edcd7435
Instruction ID: ee87d7d316cf7c7d31b2b8f2164f50d85a821122959f694d9d8feeda3c3d600e
Opcode Fuzzy Hash: 81ebb184e0a091dc3788fdf86fc60088ed84852ec8dd29fc6bcc6974edcd7435
Instruction Fuzzy Hash: 62D0C733E94324B7C6105D94A842DC97799DB51B60F064066FD1C67341D671AA1047D5

Function 005AF350 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF36A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF360
nsockiod, xrefs: 005AF365

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: a5cdc5aea84ad1244e0bdd3dc0a8da4e8f964b9e9112d7cefae064b0dbe153f5
Instruction ID: 5c1196ba90aca0c367184160be8e6d5f602090fd1af22481fb34593c32c61bdf
Opcode Fuzzy Hash: a5cdc5aea84ad1244e0bdd3dc0a8da4e8f964b9e9112d7cefae064b0dbe153f5
Instruction Fuzzy Hash: 45D01233E90324B3CA205998AC42ECA779D9B51BA1F064066F90C67740D291AD1047D5

Function 005AF320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF33A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF330
nsockiod, xrefs: 005AF335

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: 218b5d197be473043f8eeab096a632bb0a737e3923f52fdad390326b3141ba7c
Instruction ID: df3a41ab098e047d514c1fa8ae3c2a1b058fbedc313e4b3d72cce3e0466ca8d7
Opcode Fuzzy Hash: 218b5d197be473043f8eeab096a632bb0a737e3923f52fdad390326b3141ba7c
Instruction Fuzzy Hash: A5D01233F94324B3CA115989AC42DC9778D9B55B61F064066FA4C77340D391AD1007D5

Function 005AF3C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF3DA

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF3D0
nsockiod, xrefs: 005AF3D5

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: dd9fcaa08c7497d6daada950b326c1bf37276cad829cdbb637d08da734683b23
Instruction ID: 13ed1b379ce4e638bd34e5f134afeedfbce34f552957fb69e29a8595de942ac9
Opcode Fuzzy Hash: dd9fcaa08c7497d6daada950b326c1bf37276cad829cdbb637d08da734683b23
Instruction Fuzzy Hash: ADD01233E90324B3CA105998FC82DC9778D9B51B61F064066F91C67340E691AF1007D5

Function 005AF3F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF40A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF400
nsockiod, xrefs: 005AF405

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: 149f3075c34019fb282fb50479ea7472f8863f2df825833b98ff18df9fcb2cbf
Instruction ID: 627bf013b3c8c02181d1e2736d19b9e62bc29b8bae23361ff87e58ae60edca44
Opcode Fuzzy Hash: 149f3075c34019fb282fb50479ea7472f8863f2df825833b98ff18df9fcb2cbf
Instruction Fuzzy Hash: C8D01233E90328B3C9106989BC42DC677CD9B55B60F064066F94877341D391AE5047D9

Function 005AF380 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 005AF39A

Part of subcall function 00667226: GetModuleHandleExW.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 006672EB
Part of subcall function 00667226: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00667317

Strings

src\nsock_iod.c, xrefs: 005AF390
nsockiod, xrefs: 005AF395

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName__wassert
String ID: nsockiod$src\nsock_iod.c
API String ID: 1832359313-3535210527
Opcode ID: 1ce5e5c0c1255f8395d0ca29ebbde75a9dc52fc73fc9136fd3442513d015c594
Instruction ID: ba4e04f478f52654125d9660b2e517799bb5aee5570daf68ad3626a3c4575e67
Opcode Fuzzy Hash: 1ce5e5c0c1255f8395d0ca29ebbde75a9dc52fc73fc9136fd3442513d015c594
Instruction Fuzzy Hash: 37C01233E90224B7CA106989BC42DC5778D9B61B60B064166F94867341D691AE1007E5

Function 005A5420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 005A5425

Strings

COMSPEC, xrefs: 005A5420
cmd.exe, xrefs: 005A542D

Memory Dump Source

Source File: 00000000.00000002.1689009471.000000000059D000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true

Associated: 00000000.00000002.1688994590.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689009471.0000000000581000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.00000000006D6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689105622.0000000000725000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689149893.0000000000726000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689163508.0000000000727000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689178763.000000000072D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689192768.000000000072F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689207110.0000000000735000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1689220902.0000000000738000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __wgetenv
String ID: COMSPEC$cmd.exe
API String ID: 1112669753-2256226045
Opcode ID: 6c3d7bf8792eebf55a10d30c4b7f5626e8e24905e099be4143162d2175f142c2
Instruction ID: 53ad5cda290e01cb4a771215d7410c21335e5497249a632df59ff182097edcca
Opcode Fuzzy Hash: 6c3d7bf8792eebf55a10d30c4b7f5626e8e24905e099be4143162d2175f142c2
Instruction Fuzzy Hash: 84B012D0F403015F6B4876B50C2A51620C70D95642714007DE807C3340FD05DD1E0303

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: SecuriteInfo.com.TROJ_FR.26501A77.11990.exePID: 6240, Parent PID: 2580

Windows Analysis Report
SecuriteInfo.com.TROJ_FR.26501A77.11990.exe

Function 005AC4E0 Relevance: 30.3, APIs: 11, Strings: 6, Instructions: 525
networkCOMMON

Function 0066D83D Relevance: 10.6, APIs: 7, Instructions: 120
timeCOMMON

Function 005AD030 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
networkCOMMON

Function 0067F05C Relevance: 3.0, APIs: 2, Instructions: 17
COMMONLIBRARYCODE

Function 00669253 Relevance: 3.0, APIs: 2, Instructions: 7
COMMONLIBRARYCODE

Function 00669685 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON