Edit tour

Windows Analysis Report
nHOMA2CalculatorWindowsSetup.exe

Overview

General Information

Sample name:	nHOMA2CalculatorWindowsSetup.exe
Analysis ID:	1538232
MD5:	f89876113397eab218fb197d549903ac
SHA1:	23bc6f72adccb9f5577ff939b8501e488fd8834b
SHA256:	3308fbc9f79869fdda63dc3d911b1c300518db7a04fe4e0591307b3f29094350
Tags:	exeuser-Porcupine
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

nHOMA2CalculatorWindowsSetup.exe (PID: 5812 cmdline: "C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe" MD5: F89876113397EAB218FB197D549903AC)

nHOMA2CalculatorWindowsSetup.tmp (PID: 1548 cmdline: "C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp" /SL5="$203BC,1934643,407552,C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe" MD5: 2703D25D95D502EC71ADE55C81145A03)

regsvr32.exe (PID: 1616 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\HOMACore.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

HOMA2 Calculator.exe (PID: 3472 cmdline: "C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe" MD5: E017A16D1C8F66C4383C585C3FD8C629)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: nHOMA2CalculatorWindowsSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-N1UTF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-TOAGV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA Calculator.url	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMA Calculator_is1

Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

File opened: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\MSVCR100.dll

Jump to behavior

Source:	Binary string: msvcp100.i386.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006156000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3344575468.000000006FD01000.00000020.00000001.01000000.0000000C.sdmp, is-42761.tmp.2.dr
Source:	Binary string: msvcr100.i386.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006156000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, HOMA2 Calculator.exe, 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, is-PSQK4.tmp.2.dr
Source:	Binary string: c:\DevelBuildSlave\QuickStableVS\build\REALbasic\REALbasic Visual Studio\Release\GUIStubWin32.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000005F00000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmp, HOMA2 Calculator.exe, 00000005.00000000.2325387948.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmp, is-VCAJS.tmp.2.dr
Source:	Binary string: c:\DevelBuildSlave\QuickStableVS\build\REALbasic\REALbasic Visual Studio\Release\RBGUIFrameworkWin32.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000626F000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3344272135.000000006CA8A000.00000002.00000001.01000000.0000000B.sdmp, is-AUQQQ.tmp.2.dr

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D0CBB _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D0CBB
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CCC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	5_2_6C8CCC23
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D088A _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D088A
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CC8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	5_2_6C8CC8FD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CE0BD _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,	5_2_6C8CE0BD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8981A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8981A1
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CFF0E _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CFF0E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF9DD _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF9DD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CDBC0 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,	5_2_6C8CDBC0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF593 _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF593
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CD687 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,	5_2_6C8CD687
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D110C _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D110C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF169 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF169

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 4x nop then push esi		5_2_6C87F680
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 4x nop then or byte ptr [edi], dh		5_2_6C887270

Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesigng20
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt04
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2336713810.000000000238C000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2105859466.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2331970959.000000000240C000.00000004.00001000.00020000.00000000.sdmp, HOMA Calculator.url.2.dr	String found in binary or memory: http://www.dtu.ox.ac.uk/HOMACalculator
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2336713810.000000000238C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dtu.ox.ac.uk/HOMACalculatorA
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2102987099.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2105859466.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dtu.ox.ac.uk/HOMACalculatorLhttp://www.dtu.ox.ac.uk/HOMACalculatorLhttp://www.dtu.ox.ac.u
Source: is-N1UTF.tmp.2.dr, is-VCAJS.tmp.2.dr	String found in binary or memory: http://www.dtu.ox.ac.uk/homa
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-TOAGV.tmp.2.dr	String found in binary or memory: http://www.dtu.ox.ac.uk/homa#
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-TOAGV.tmp.2.dr	String found in binary or memory: http://www.dtu.ox.ac.uk/homa#email:
Source: is-VCAJS.tmp.2.dr	String found in binary or memory: http://www.dtu.ox.ac.uk/homaTextAlign
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2104076746.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2103494922.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000000.2104897484.0000000000401000.00000020.00000001.01000000.00000004.sdmp, nHOMA2CalculatorWindowsSetup.tmp.0.dr, is-47NV3.tmp.2.dr	String found in binary or memory: http://www.innosetup.com/
Source: nHOMA2CalculatorWindowsSetup.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2104076746.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2103494922.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000000.2104897484.0000000000401000.00000020.00000001.01000000.00000004.sdmp, nHOMA2CalculatorWindowsSetup.tmp.0.dr, is-47NV3.tmp.2.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006454000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-N1UTF.tmp.2.dr, is-TOAGV.tmp.2.dr	String found in binary or memory: https://www.globalsign.com/repository/03

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

File created: C:\Windows\SysWOW64\is-JO0HR.tmp

Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_00FC1000	5_2_00FC1000
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8BECCD	5_2_6C8BECCD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C888F83	5_2_6C888F83
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C90083D	5_2_6C90083D
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8A0919	5_2_6C8A0919
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C886B28	5_2_6C886B28
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8E245B	5_2_6C8E245B
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C89457E	5_2_6C89457E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C88867F	5_2_6C88867F
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C91672F	5_2_6C91672F
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8EE765	5_2_6C8EE765
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CE0BD	5_2_6C8CE0BD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C886018	5_2_6C886018
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8721F0	5_2_6C8721F0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C908140	5_2_6C908140
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C88A2A7	5_2_6C88A2A7
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8E42FB	5_2_6C8E42FB
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8843A6	5_2_6C8843A6
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8863C9	5_2_6C8863C9
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CA3DD	5_2_6C8CA3DD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C901C17	5_2_6C901C17
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C885C2C	5_2_6C885C2C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C885C30	5_2_6C885C30
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C883DD0	5_2_6C883DD0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C889D65	5_2_6C889D65
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C903888	5_2_6C903888
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8EF82E	5_2_6C8EF82E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8E9945	5_2_6C8E9945
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C911A00	5_2_6C911A00
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C883A1C	5_2_6C883A1C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C917A5A	5_2_6C917A5A
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CDBC0	5_2_6C8CDBC0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8ED45A	5_2_6C8ED45A
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CD687	5_2_6C8CD687
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C919659	5_2_6C919659
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C90D674	5_2_6C90D674
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8EB79B	5_2_6C8EB79B
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8897A0	5_2_6C8897A0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C887093	5_2_6C887093
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8871A3	5_2_6C8871A3
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C89911E	5_2_6C89911E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8E52E5	5_2_6C8E52E5
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C91923E	5_2_6C91923E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C887270	5_2_6C887270
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8E3332	5_2_6C8E3332

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: String function: 6C880C80 appears 153 times
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: String function: 6C880C67 appears 76 times
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: String function: 6C88B046 appears 63 times
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: String function: 6C88A51F appears 39 times

Source: nHOMA2CalculatorWindowsSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: nHOMA2CalculatorWindowsSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-47NV3.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-47NV3.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2104076746.000000007FE36000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs nHOMA2CalculatorWindowsSetup.exe
Source: nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2103494922.000000000264A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs nHOMA2CalculatorWindowsSetup.exe

Source: nHOMA2CalculatorWindowsSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean5.winEXE@7/26@0/0

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8CD543 _getdiskfree,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_memset,GetDiskFreeSpaceA,GetLastError,_errno,

5_2_6C8CD543

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_00FC1000 _memset,FindResourceW,LoadResource,LockResource,__strdup,_memset,MultiByteToWideChar,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,SetDllDirectoryW,SetDllDirectoryW,_free,_memset,MultiByteToWideChar,LoadLibraryW,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,LoadLibraryA,GetProcAddress,

5_2_00FC1000

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

File created: C:\Program Files\HOMA Calculator v2.2.3

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe

File created: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp

Jump to behavior

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: nHOMA2CalculatorWindowsSetup.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe

File read: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe "C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe"
Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp "C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp" /SL5="$203BC,1934643,407552,C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\HOMACore.dll"
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe "C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe"
Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp "C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp" /SL5="$203BC,1934643,407552,C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\HOMACore.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe "C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe"	Jump to behavior

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: homacore.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msvcp100.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: HOMA Calculator v2.2.3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe
Source: HOMA Calculator v2.2.3 (Excel).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator.xls
Source: HOMA Calculator v2.2.3 Validation (Excel).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator Validation.xls
Source: HOMA Calculator on the Web.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\HOMA Calculator v2.2.3\HOMA Calculator.url
Source: Uninstall HOMA Calculator.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\HOMA Calculator v2.2.3\unins000.exe

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Automated click: Install

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Window detected: Number of UI elements: 14

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-N1UTF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\is-TOAGV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Directory created: C:\Program Files\HOMA Calculator v2.2.3\HOMA Calculator.url	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMA Calculator_is1

Jump to behavior

Source: nHOMA2CalculatorWindowsSetup.exe

Static file information: File size 2338251 > 1048576

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

File opened: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\MSVCR100.dll

Jump to behavior

Source:	Binary string: msvcp100.i386.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006156000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3344575468.000000006FD01000.00000020.00000001.01000000.0000000C.sdmp, is-42761.tmp.2.dr
Source:	Binary string: msvcr100.i386.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000006156000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, HOMA2 Calculator.exe, 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, is-PSQK4.tmp.2.dr
Source:	Binary string: c:\DevelBuildSlave\QuickStableVS\build\REALbasic\REALbasic Visual Studio\Release\GUIStubWin32.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.0000000005F00000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmp, HOMA2 Calculator.exe, 00000005.00000000.2325387948.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmp, is-VCAJS.tmp.2.dr
Source:	Binary string: c:\DevelBuildSlave\QuickStableVS\build\REALbasic\REALbasic Visual Studio\Release\RBGUIFrameworkWin32.pdb source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000626F000.00000004.00001000.00020000.00000000.sdmp, HOMA2 Calculator.exe, 00000005.00000002.3344272135.000000006CA8A000.00000002.00000001.01000000.0000000B.sdmp, is-AUQQQ.tmp.2.dr

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

5_2_00FC1000

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\HOMACore.dll"

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_00FC2DC5 push ecx; ret	5_2_00FC2DD8
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C880CC5 push ecx; ret	5_2_6C880CD8
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C872D88 push eax; ret	5_2_6C872DA6
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C89A6AA push EF3FEFD4h; iretd	5_2_6C89A6B1
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C899CD8 pushad ; iretd	5_2_6C899CE6
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C88B658 push ecx; ret	5_2_6C88B66B

Source: is-PSQK4.tmp.2.dr

Static PE information: section name: .text entropy: 6.9169969425576285

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcr100.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcp100.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	File created: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\RBGUIFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Windows\SysWOW64\is-JO0HR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Windows\SysWOW64\HOMACore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Program Files\HOMA Calculator v2.2.3\unins000.exe (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Windows\SysWOW64\is-JO0HR.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\Windows\SysWOW64\HOMACore.dll (copy)			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 (Excel).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 Validation (Excel).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator on the Web.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\Uninstall HOMA Calculator.lnk	Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8CA3DD GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,

5_2_6C8CA3DD

Source: C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\RBGUIFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-JO0HR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Dropped PE file which has not been started: C:\Program Files\HOMA Calculator v2.2.3\unins000.exe (copy)	Jump to dropped file

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

API coverage: 1.5 %

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D0CBB _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D0CBB
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CCC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	5_2_6C8CCC23
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D088A _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D088A
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CC8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	5_2_6C8CC8FD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CE0BD _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,	5_2_6C8CE0BD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8981A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8981A1
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CFF0E _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CFF0E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF9DD _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF9DD
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CDBC0 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,	5_2_6C8CDBC0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF593 _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF593
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CD687 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,	5_2_6C8CD687
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8D110C _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8D110C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8CF169 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	5_2_6C8CF169

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8F6BA4 _resetstkoflw,VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,

5_2_6C8F6BA4

Source: HOMA2 Calculator.exe, 00000005.00000002.3342404932.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: HOMA2 Calculator.exe, 00000005.00000002.3342404932.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

API call chain: ExitProcess graph end node

graph_5-70721

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_00FC13E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_00FC13E0

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8F6BA4 VirtualProtect ?,-00000001,00000104,?

5_2_6C8F6BA4

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

5_2_00FC1000

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8F9B6F __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,_errno,_errno,__setmode_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__doserrno,_errno,__lseeki64_nolock,_get_osfhandle,SetEndOfFile,_errno,__doserrno,GetLastError,__lseeki64_nolock,

5_2_6C8F9B6F

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_00FC13E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00FC13E0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_00FC18A6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00FC18A6
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8FAD2C _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,	5_2_6C8FAD2C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8807A7 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	5_2_6C8807A7
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: 5_2_6C8FC097 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	5_2_6C8FC097

Source: nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000626F000.00000004.00001000.00020000.00000000.sdmp, is-AUQQQ.tmp.2.dr	Binary or memory string: menuShutdownSHELL_TRAYWND
Source: HOMA2 Calculator.exe, 00000005.00000002.3344272135.000000006CA8A000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: lmenuShutdownSHELL_TRAYWND

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,	5_2_6C8FEF5C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,	5_2_6C8874D0
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,	5_2_6C88750C
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,	5_2_6C88767A
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	5_2_6C8FF003
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,_stricmp,GetLocaleInfoA,_stricmp,_strnicmp,_strlen,GetLocaleInfoA,_stricmp,_strlen,_stricmp,_TestDefaultLanguage,	5_2_6C8FF05E
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	5_2_6C8FF2EF
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,	5_2_6C8852E4
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,_stricmp,_TestDefaultLanguage,	5_2_6C8FF22F
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,	5_2_6C887270
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,	5_2_6C8873B4
Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	5_2_6C8FF356

Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_00FC2F6F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

5_2_00FC2F6F

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8962FC _lock,__tzname,_get_timezone,_get_daylight,_get_dstbias,___lc_codepage_func,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__timezone,__daylight,__dstbias,strcmp,free,_strlen,_malloc_crt,_strlen,strcpy_s,__invoke_watson,free,strncpy_s,atol,atol,atol,strncpy_s,__timezone,__daylight,

5_2_6C8962FC

Source: C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe

Code function: 5_2_6C8BBE38 GetSystemInfo,_memset,GetVersionExW,Concurrency::unsupported_os::unsupported_os,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,Concurrency::unsupported_os::unsupported_os,GetModuleHandleW,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,GetLastError,GetLastError,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,malloc,std::exception::exception,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,free,GetLastError,GetLastError,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,malloc,std::exception::exception,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,free,Concurrency::unsupported_os::unsupported_os,

5_2_6C8BBE38

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	23 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Registry Run Keys / Startup Folder	2 Process Injection	1 Disable or Modify Tools	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	2 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	NTDS	2 System Owner/User Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Regsvr32	Cached Domain Credentials	35 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
nHOMA2CalculatorWindowsSetup.exe	5%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\RBGUIFramework.dll (copy)	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcp100.dll (copy)	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcr100.dll (copy)	0%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe (copy)	7%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp	7%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp	7%	ReversingLabs
C:\Program Files\HOMA Calculator v2.2.3\unins000.exe (copy)	7%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp	7%	ReversingLabs
C:\Windows\SysWOW64\HOMACore.dll (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\is-JO0HR.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.remobjects.com/ps	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.innosetup.com/	nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2104076746.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2103494922.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000000.2104897484.0000000000401000.00000020.00000001.01000000.00000004.sdmp, nHOMA2CalculatorWindowsSetup.tmp.0.dr, is-47NV3.tmp.2.dr	false	URL Reputation: safe	unknown
http://www.dtu.ox.ac.uk/homa#	nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-TOAGV.tmp.2.dr	false		unknown
http://www.dtu.ox.ac.uk/HOMACalculatorLhttp://www.dtu.ox.ac.uk/HOMACalculatorLhttp://www.dtu.ox.ac.u	nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2102987099.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2105859466.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.dtu.ox.ac.uk/homa	is-N1UTF.tmp.2.dr, is-VCAJS.tmp.2.dr	false		unknown
http://www.dtu.ox.ac.uk/homa#email:	nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2327406689.000000000643C000.00000004.00001000.00020000.00000000.sdmp, is-TOAGV.tmp.2.dr	false		unknown
http://www.remobjects.com/ps	nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2104076746.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2103494922.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000000.2104897484.0000000000401000.00000020.00000001.01000000.00000004.sdmp, nHOMA2CalculatorWindowsSetup.tmp.0.dr, is-47NV3.tmp.2.dr	false	URL Reputation: safe	unknown
http://www.dtu.ox.ac.uk/HOMACalculator	nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2336713810.000000000238C000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2105859466.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, nHOMA2CalculatorWindowsSetup.tmp, 00000002.00000003.2331970959.000000000240C000.00000004.00001000.00020000.00000000.sdmp, HOMA Calculator.url.2.dr	false		unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	nHOMA2CalculatorWindowsSetup.exe	false		unknown
http://www.dtu.ox.ac.uk/HOMACalculatorA	nHOMA2CalculatorWindowsSetup.exe, 00000000.00000003.2336713810.000000000238C000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.dtu.ox.ac.uk/homaTextAlign	is-VCAJS.tmp.2.dr	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538232
Start date and time:	2024-10-20 21:01:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	nHOMA2CalculatorWindowsSetup.exe
Detection:	CLEAN
Classification:	clean5.winEXE@7/26@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 7 Number of non-executed functions: 427
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: nHOMA2CalculatorWindowsSetup.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp	8CRB0iJuy1.dll	Get hash	malicious	DanaBot	Browse
	8CRB0iJuy1.dll	Get hash	malicious	DanaBot	Browse
	3vS3F5eukR.exe	Get hash	malicious	Unknown	Browse
	3vS3F5eukR.exe	Get hash	malicious	Unknown	Browse
	eWIIsxIoe5.exe	Get hash	malicious	Unknown	Browse
	eWIIsxIoe5.exe	Get hash	malicious	Unknown	Browse
	sEcCIwFKPc.exe	Get hash	malicious	Unknown	Browse
	sEcCIwFKPc.exe	Get hash	malicious	Unknown	Browse
	Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe	Get hash	malicious	Unknown	Browse
	PPN Service Tool V2.10.00_20220923.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files\HOMA Calculator v2.2.3\HOMA Calculator.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.dtu.ox.ac.uk/HOMACalculator>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64
Entropy (8bit):	4.741729296672176
Encrypted:	false
SSDEEP:	3:HRAbABGQYm/0S4VdwFkmEtKBn:HRYFVm/r4VKezOn
MD5:	BC757328FBACD4A2F07A7697213CE9B1
SHA1:	007D46B043E6076B35A3A73444F8BE71E8929E73
SHA-256:	D42254E795D527CDEDA069831AA84DDD90A0FEE20D2BB51D861E2CFF2DC3D0DE
SHA-512:	25697D06CD4C10196B1F6FD4432443791331C2439B51C56737A2FB8305983AEF9BED488526CFED7E48FAF4F3B0A881D5A062800C64AE6E29091805A40CCA376C
Malicious:	false
Reputation:	low
Preview:	[InternetShortcut]..URL=http://www.dtu.ox.ac.uk/HOMACalculator..

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\RBGUIFramework.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1848320
Entropy (8bit):	6.7432555985692435
Encrypted:	false
SSDEEP:	49152:PBPigQxM2PzpWMnVk15kVWUqFdGpguBbW+s/TYYuGfezmAd539aG:PBPiJu1HFdtuB
MD5:	4D4F8135729A66286733B3963986C077
SHA1:	1724E58B84201F61F671F6B76A1C9FE56653BBE5
SHA-256:	D46748677D12742B983085D8AFC7712F4F7098C3BFCA932C779654DFBF3367EA
SHA-512:	CC41BBC6FBA64CFA24F016947D83838208840131B077B16F7DE604EE95326A14927D42CB3EA2B58B1783361BEDBF33105F2AA5986D8B347DE487EC5BCC7EB17B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O...O...O..c.e..O..9W..O..9a..O...7y..O...7~..O..~X...O...7n..O...O..M..9c..O..9V..O..9R..N..9f..O..9`..O..Rich.O..................PE..L.....zR.........."!................V.....................................................@..........................A..Tt..l...h...................................................................................................................text..._........................... ..`.rdata..d...........................@..@.data...............................@....reloc...............<..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	421200
Entropy (8bit):	6.59808962341698
Encrypted:	false
SSDEEP:	12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
MD5:	03E9314004F504A14A61C3D364B62F66
SHA1:	0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
SHA-256:	A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
SHA-512:	2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 8CRB0iJuy1.dll, Detection: malicious, Browse Filename: 8CRB0iJuy1.dll, Detection: malicious, Browse Filename: 3vS3F5eukR.exe, Detection: malicious, Browse Filename: 3vS3F5eukR.exe, Detection: malicious, Browse Filename: eWIIsxIoe5.exe, Detection: malicious, Browse Filename: eWIIsxIoe5.exe, Detection: malicious, Browse Filename: sEcCIwFKPc.exe, Detection: malicious, Browse Filename: sEcCIwFKPc.exe, Detection: malicious, Browse Filename: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe, Detection: malicious, Browse Filename: PPN Service Tool V2.10.00_20220923.msi, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1848320
Entropy (8bit):	6.7432555985692435
Encrypted:	false
SSDEEP:	49152:PBPigQxM2PzpWMnVk15kVWUqFdGpguBbW+s/TYYuGfezmAd539aG:PBPiJu1HFdtuB
MD5:	4D4F8135729A66286733B3963986C077
SHA1:	1724E58B84201F61F671F6B76A1C9FE56653BBE5
SHA-256:	D46748677D12742B983085D8AFC7712F4F7098C3BFCA932C779654DFBF3367EA
SHA-512:	CC41BBC6FBA64CFA24F016947D83838208840131B077B16F7DE604EE95326A14927D42CB3EA2B58B1783361BEDBF33105F2AA5986D8B347DE487EC5BCC7EB17B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O...O...O..c.e..O..9W..O..9a..O...7y..O...7~..O..~X...O...7n..O...O..M..9c..O..9V..O..9R..N..9f..O..9`..O..Rich.O..................PE..L.....zR.........."!................V.....................................................@..........................A..Tt..l...h...................................................................................................................text..._........................... ..`.rdata..d...........................@..@.data...............................@....reloc...............<..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	770384
Entropy (8bit):	6.908020029901359
Encrypted:	false
SSDEEP:	12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
MD5:	67EC459E42D3081DD8FD34356F7CAFC1
SHA1:	1738050616169D5B17B5ADAC3FF0370B8C642734
SHA-256:	1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
SHA-512:	9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..\|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...\|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcp100.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	421200
Entropy (8bit):	6.59808962341698
Encrypted:	false
SSDEEP:	12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
MD5:	03E9314004F504A14A61C3D364B62F66
SHA1:	0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
SHA-256:	A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
SHA-512:	2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcr100.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	770384
Entropy (8bit):	6.908020029901359
Encrypted:	false
SSDEEP:	12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
MD5:	67EC459E42D3081DD8FD34356F7CAFC1
SHA1:	1738050616169D5B17B5ADAC3FF0370B8C642734
SHA-256:	1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
SHA-512:	9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..\|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...\|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2451091
Entropy (8bit):	5.974986593274922
Encrypted:	false
SSDEEP:	24576:oCtK8Huk1uOjBeEJx/WSWyaPSmdPoHL8xIpA1D4FiwLIiuJnO6QLqoWQsblUFjOu:/g1gJQS5GRqF
MD5:	E017A16D1C8F66C4383C585C3FD8C629
SHA1:	7ED7E28ED931A14C49C65661E9D85F3B70BC2BAF
SHA-256:	EF379292614A23ECD1F9A5CEA3C5F9DF7D104B0D9B3E464E10A354B12446D310
SHA-512:	AD3F59080BE4D9969B21C2FE55A2A0543CE3FF43FAB5715DB4D0A35ABB283BE7235BAB11AAE443C9D1E70069822F8F72DA30DE44A0EC96DA1235B281D68988CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?fE.?fE.?fE.I.E.?fE.I.E.?fE.I.E.?fE.G.E.?fE.?gE.?fE.I.E.?fE.I.E.?fE.I.E.?fERich.?fE........................PE..L...e.zR.........."......J...................`....@..........................`............@..................................{..<............................P......0a..............................(y..@............`...............................text....I.......J.................. ..`.rdata..T!...`..."...N..............@..@.data................p..............@....rsrc................\|..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator Validation.xls (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Diabetes Trials Unit, Last Saved By: vegregory, Name of Creating Application: Microsoft Macintosh Excel, Last Printed: Tue Oct 1 12:08:56 2013, Create Time/Date: Wed May 14 10:30:17 2003, Last Saved Time/Date: Tue Dec 17 11:43:01 2013, Security: 0
Category:	dropped
Size (bytes):	484352
Entropy (8bit):	4.669230713462755
Encrypted:	false
SSDEEP:	6144:rxEtjPOtioVjDGUU1qfDlavx+W/IE18lFxqgt6U52LmoyGdDxKHCJHN8v/2Wj4i/:jULZy27t8H2itbEQ
MD5:	3B5DB63D1F0B800C6BC21DE84A645E02
SHA1:	42C2C9F5036221955E9D2379005107CC90964DA4
SHA-256:	23F499B333056E02B7320676977E1BA3715727CDF22C88293B5F9EA57B6ADF77
SHA-512:	83E6F86D674E0856BC253BE1DD31F69118A84452A5D910EEED09455E2704027E5DFA6B9E44B71B5B4E98FE85FB5C3ED88DE13A1C27B0A89550420FBBD41FC9B0
Malicious:	false
Preview:	......................>...................................Y...................b.......d.......f...................................................................................................................................................................................................................................................................................................................................................................................................................................X....................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...c.......d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator.xls (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Diabetes Trials Unit, Last Saved By: vegregory, Name of Creating Application: Microsoft Macintosh Excel, Last Printed: Thu Jun 3 10:15:20 2004, Create Time/Date: Wed May 14 10:30:17 2003, Last Saved Time/Date: Tue Dec 17 11:43:14 2013, Security: 0
Category:	dropped
Size (bytes):	69120
Entropy (8bit):	4.905119825579193
Encrypted:	false
SSDEEP:	1536:NRxEtjPOtioVjDGUU1qfDlaGGx+cL/IEt/D9dlOAGte9OO9UGps:PxEtjPOtioVjDGUU1qfDlaGGx+cL/IE+
MD5:	5D537B9B8DE399D605DD5F90ED0274C8
SHA1:	0F34B93DABE6AAE121F3C9394DDD53595275FB0B
SHA-256:	1FA1FD95DE10971B51CFC975EBCD8ACE579D5651A4BC89F25FCF4D8CAF4D678B
SHA-512:	1B7B9622119AA0BB6689DA31DEE3C47B647AF07444A620C80FB6106D830D4561892444FFB23192FCB0317F029D0B5C550161D95E8D81827F3A8F00E882AEE2CE
Malicious:	false
Preview:	......................>...................................7...................y...................................................................................................................................................................................................................................................................................................................................................................................................................................................6....................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5.......>...^...9...:...;...<...=...?...X...T...A...L...C...D...E...F...G...H...I...J...K...@...M...N...O...P...Q...R...S.......U...V...W...Y...]...Z...[...\..._...d...q...`...a...b...c...e...n...f...g...h...i...j...k...l...m...o...w...p...r.......s...t...u...v...x...............

C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1481417
Entropy (8bit):	6.334218973634393
Encrypted:	false
SSDEEP:	24576:54VN4kkKF3hDXq8xeidJLvkU99kkkkJE58dlX3IiAtp3Nq3E/HoQYx96HtlYx9E9:CT90guMXEdqwHkUHoi
MD5:	DF3CE4F2359684D422140F1562BC973D
SHA1:	67251A1E39AAA6D6CB78D800457A50C51A9216C0
SHA-256:	B68644D189D47B405FC7251DA4733FE7417AD2D0096AE03657D7429D6BA69AB0
SHA-512:	A9A0B19F5456F8EAD161164016A919C8C4FF811ABB4B35A1B53BB0856DBE09359EAD1FC1E9472778468F086E60B438324D72FD5E8133426094355497332492C4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....,.Q.....................f....................@..............................................@...............................7..................................................................................t................................text...t........................... ..`.itext.. ........................... ..`.data...00.......2..................@....bss.....a...@...........................idata...7.......8..................@....tls....<............F...................rdata...............F..............@..@.rsrc................H..............@..@....................................@..@........................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\is-N1UTF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Diabetes Trials Unit, Last Saved By: vegregory, Name of Creating Application: Microsoft Macintosh Excel, Last Printed: Thu Jun 3 10:15:20 2004, Create Time/Date: Wed May 14 10:30:17 2003, Last Saved Time/Date: Tue Dec 17 11:43:14 2013, Security: 0
Category:	dropped
Size (bytes):	69120
Entropy (8bit):	4.905119825579193
Encrypted:	false
SSDEEP:	1536:NRxEtjPOtioVjDGUU1qfDlaGGx+cL/IEt/D9dlOAGte9OO9UGps:PxEtjPOtioVjDGUU1qfDlaGGx+cL/IE+
MD5:	5D537B9B8DE399D605DD5F90ED0274C8
SHA1:	0F34B93DABE6AAE121F3C9394DDD53595275FB0B
SHA-256:	1FA1FD95DE10971B51CFC975EBCD8ACE579D5651A4BC89F25FCF4D8CAF4D678B
SHA-512:	1B7B9622119AA0BB6689DA31DEE3C47B647AF07444A620C80FB6106D830D4561892444FFB23192FCB0317F029D0B5C550161D95E8D81827F3A8F00E882AEE2CE
Malicious:	false
Preview:	......................>...................................7...................y...................................................................................................................................................................................................................................................................................................................................................................................................................................................6....................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5.......>...^...9...:...;...<...=...?...X...T...A...L...C...D...E...F...G...H...I...J...K...@...M...N...O...P...Q...R...S.......U...V...W...Y...]...Z...[...\..._...d...q...`...a...b...c...e...n...f...g...h...i...j...k...l...m...o...w...p...r.......s...t...u...v...x...............

C:\Program Files\HOMA Calculator v2.2.3\is-TOAGV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Diabetes Trials Unit, Last Saved By: vegregory, Name of Creating Application: Microsoft Macintosh Excel, Last Printed: Tue Oct 1 12:08:56 2013, Create Time/Date: Wed May 14 10:30:17 2003, Last Saved Time/Date: Tue Dec 17 11:43:01 2013, Security: 0
Category:	dropped
Size (bytes):	484352
Entropy (8bit):	4.669230713462755
Encrypted:	false
SSDEEP:	6144:rxEtjPOtioVjDGUU1qfDlavx+W/IE18lFxqgt6U52LmoyGdDxKHCJHN8v/2Wj4i/:jULZy27t8H2itbEQ
MD5:	3B5DB63D1F0B800C6BC21DE84A645E02
SHA1:	42C2C9F5036221955E9D2379005107CC90964DA4
SHA-256:	23F499B333056E02B7320676977E1BA3715727CDF22C88293B5F9EA57B6ADF77
SHA-512:	83E6F86D674E0856BC253BE1DD31F69118A84452A5D910EEED09455E2704027E5DFA6B9E44B71B5B4E98FE85FB5C3ED88DE13A1C27B0A89550420FBBD41FC9B0
Malicious:	false
Preview:	......................>...................................Y...................b.......d.......f...................................................................................................................................................................................................................................................................................................................................................................................................................................X....................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...c.......d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2451091
Entropy (8bit):	5.974986593274922
Encrypted:	false
SSDEEP:	24576:oCtK8Huk1uOjBeEJx/WSWyaPSmdPoHL8xIpA1D4FiwLIiuJnO6QLqoWQsblUFjOu:/g1gJQS5GRqF
MD5:	E017A16D1C8F66C4383C585C3FD8C629
SHA1:	7ED7E28ED931A14C49C65661E9D85F3B70BC2BAF
SHA-256:	EF379292614A23ECD1F9A5CEA3C5F9DF7D104B0D9B3E464E10A354B12446D310
SHA-512:	AD3F59080BE4D9969B21C2FE55A2A0543CE3FF43FAB5715DB4D0A35ABB283BE7235BAB11AAE443C9D1E70069822F8F72DA30DE44A0EC96DA1235B281D68988CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?fE.?fE.?fE.I.E.?fE.I.E.?fE.I.E.?fE.G.E.?fE.?gE.?fE.I.E.?fE.I.E.?fE.I.E.?fERich.?fE........................PE..L...e.zR.........."......J...................`....@..........................`............@..................................{..<............................P......0a..............................(y..@............`...............................text....I.......J.................. ..`.rdata..T!...`..."...N..............@..@.data................p..............@....rsrc................\|..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\HOMA Calculator v2.2.3\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	InnoSetup Log 64-bit HOMA Calculator, version 0x418, 8059 bytes, 562258\37\user\, C:\Program Files\HOMA Calculator v2.2.3\37
Category:	dropped
Size (bytes):	8059
Entropy (8bit):	3.610448044791127
Encrypted:	false
SSDEEP:	96:OdCv2ffc1AGlEDA4MZAe2LB9T16XHwRzUQWH/apadafakOIFCqC5CqdCqC/C8dCg:OFff7fDSmvi3pHo
MD5:	067D093644353C912E15BBB236FCA922
SHA1:	26950089B402C93B0C2EE6F8FD1C05CE5F4085F7
SHA-256:	6552EC34E289423229C4983164DBAB36C21D8463D27462C2C724E8C04126A61F
SHA-512:	959D19A0DF114DA5024CACBEE62DD4570353E84CBA2E75F5E585B49D7388FA55B65C2F6E54132CA06221BDD53987C88F6ED9945A6172F7063703F03350392285
Malicious:	false
Preview:	Inno Setup Uninstall Log (b) 64-bit.............................HOMA Calculator.................................................................................................................HOMA Calculator.....................................................................................................................$...{...%.................................................................................................................#...........U...............5.6.2.2.5.8......e.n.g.i.n.e.e.r......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3....................... ..............IFPS....................................................................................................................................................................BOOLEAN......................!MAIN....-1..IS64BITINSTALLMODE................C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3..j...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f

C:\Program Files\HOMA Calculator v2.2.3\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1481417
Entropy (8bit):	6.334218973634393
Encrypted:	false
SSDEEP:	24576:54VN4kkKF3hDXq8xeidJLvkU99kkkkJE58dlX3IiAtp3Nq3E/HoQYx96HtlYx9E9:CT90guMXEdqwHkUHoi
MD5:	DF3CE4F2359684D422140F1562BC973D
SHA1:	67251A1E39AAA6D6CB78D800457A50C51A9216C0
SHA-256:	B68644D189D47B405FC7251DA4733FE7417AD2D0096AE03657D7429D6BA69AB0
SHA-512:	A9A0B19F5456F8EAD161164016A919C8C4FF811ABB4B35A1B53BB0856DBE09359EAD1FC1E9472778468F086E60B438324D72FD5E8133426094355497332492C4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....,.Q.....................f....................@..............................................@...............................7..................................................................................t................................text...t........................... ..`.itext.. ........................... ..`.data...00.......2..................@....bss.....a...@...........................idata...7.......8..................@....tls....<............F...................rdata...............F..............@..@.rsrc................H..............@..@....................................@..@........................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator on the Web.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	717
Entropy (8bit):	3.0375241729531046
Encrypted:	false
SSDEEP:	6:4xtCl0/w0Ml//A9LY/dlrt4lX6K/H/llkzuLkbdlrd9H7X39LF0bdlrd9H//:8wl040kXXdpOX6KVCtbdpdpIbdpd1
MD5:	91C51EEAC9CF8D7635D1698999A8885B
SHA1:	A0048F6A39D00162B64586CCBDEEC1805FB60126
SHA-256:	3FC82E74378A781143FDE6C347BD2DCFF79E12ED1BA33E042A3C85E419970767
SHA-512:	B6464C9EA4087EC89D650B670435EC60405647D716FAC194010B540CCEA97B08C2CF892BA5CDB7E0B33B757CCEEBFECCF978DCB23316E794B11E9D4ED0F4B2EF
Malicious:	false
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.......1...........HOMA Calculator v2.2.3..^............................................H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3...&.z.2...........HOMA Calculator.url.X............................................H.O.M.A. .C.a.l.c.u.l.a.t.o.r...u.r.l..."...J.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r...u.r.l.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.....

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 (Excel).lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 20 18:02:21 2024, mtime=Sun Oct 20 18:02:21 2024, atime=Tue Dec 17 14:43:14 2013, length=69120, window=hide
Category:	dropped
Size (bytes):	1006
Entropy (8bit):	4.510389234843017
Encrypted:	false
SSDEEP:	12:8mel/s9YXHo1h9ehacdpF48H1qMKP+p1KjAmYbdpdpGbdpd8DhmV:8m6/Po0pdv1qLWAAPdzpidz81m
MD5:	0D49A3D3A231DCC975540D6113B37B50
SHA1:	952E72156CDB457B86840FDD8FE1946BA6319114
SHA-256:	257780AF8A866092BFC568EB346514F578F3E4A4C768589240E6BE8D09B1F15D
SHA-512:	4FA07064281EDB51DA5A743DAA428045D039335D7D913A6492FBD9D9E97DF8ED77529CC236A078D73A20967AA08DDB7ECAF4E573300C49BC38F914F76D8F1A41
Malicious:	false
Preview:	L..................F.... ...<..."#..<..."#....g.>................................P.O. .:i.....+00.../C:\.....................1.....TYK...PROGRA~1..t......O.ITYK.....B...............J.....N...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....x.1.....TYK...HOMACA~1.3..^......TYK.TYK.....W......................3.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.....t.2......Cg} .HOMA2C~1.XLS..X......TYK.TYK.....d.........................H.O.M.A.2.C.a.l.c.u.l.a.t.o.r...x.l.s.......j...............-.......i............t.\|.....C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator.xls..J.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.\.H.O.M.A.2.C.a.l.c.u.l.a.t.o.r...x.l.s.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.`.......X.......562258...........hT..CrF.f4... .K...Jc...-...-$..hT..CrF.f4... .K...Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?..........

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 Validation (Excel).lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 20 18:02:21 2024, mtime=Sun Oct 20 18:02:21 2024, atime=Tue Dec 17 14:43:00 2013, length=484352, window=hide
Category:	dropped
Size (bytes):	1061
Entropy (8bit):	4.533535959934583
Encrypted:	false
SSDEEP:	12:8mHFs1/YXHo1h9ehacdpF48H1qMKPs0y7yLHAjAl7xNobdpdp5zbdpd8hrmV:8mHmOo0pdv1qLUSUA1xedzpBdz8Zm
MD5:	093A8370945A1E0165F655751B7CD5DB
SHA1:	ACD1D07D6957281618CE9BF4F08606B49A1F9A23
SHA-256:	B3F40EADCE3F227A34BAE84958B4B54C8BC5107BF66978587F49CED663D20781
SHA-512:	5D817C6AD7ED4219C6308A1EB6AA2B0DBC18CD797F09437235A7EE24D49A52A49170E2DEF4BA7D8F7311F86175DDFCEFA118B97A7A47D32D11CE7819104A8A60
Malicious:	false
Preview:	L..................F.... ....X.."#....."#...Z..>....d...........................P.O. .:i.....+00.../C:\.....................1.....TYK...PROGRA~1..t......O.ITYK.....B...............J.....N...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....x.1.....TYK...HOMACA~1.3..^......TYK.TYK.....W......................3.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.......2..d...C`} .HOMA2C~2.XLS..n......TYK.TYK.....e.........................H.O.M.A.2.C.a.l.c.u.l.a.t.o.r. .V.a.l.i.d.a.t.i.o.n...x.l.s.......u...............-.......t............t.\|.....C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator Validation.xls..U.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.\.H.O.M.A.2.C.a.l.c.u.l.a.t.o.r. .V.a.l.i.d.a.t.i.o.n...x.l.s.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.`.......X.......562258...........hT..CrF.f4... .U...Jc...-...-$..hT..CrF.f4... .U...Jc...-...-$.E.......9...

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 20 18:02:21 2024, mtime=Sun Oct 20 18:02:21 2024, atime=Thu Dec 5 13:28:42 2013, length=2451091, window=hide
Category:	dropped
Size (bytes):	1011
Entropy (8bit):	4.551982565885238
Encrypted:	false
SSDEEP:	12:8mVrq5RYXIh9BtnKjbdpF48H1qMKPQ3gwgtYjAzNDebdpdp2obdpd8JDmV:8mK1ibdv1qLGg8ARWdzp28dz8pm
MD5:	C46871EB72E8D3EC1E1CA7644942024F
SHA1:	DC520920106E72D19B8E77E4D7BD281EDB200AE2
SHA-256:	1FB8EFC1771276AB27006E37E13DF69394502708AC4F831E2271BBE69F967F26
SHA-512:	CE87741BD05AFEC7443F531224CD4236AB697DDEDF8A7D004A8E1B6E5399D17B992DFF22CCA1BDF82398F4F56B9D58F22E220DB2E66AF717C190C067843EF197
Malicious:	false
Preview:	L..................F.... ...0.6."#....\."#.....K.....f%..........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.IEW.5....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....x.1.....TYK...HOMACA~1.3..^......TYK.TYK.....W......................3.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.....v.2..f%..C.s .HOMA2C~1.EXE..Z......TYK.TYK.....Z.........................H.O.M.A.2. .C.a.l.c.u.l.a.t.o.r...e.x.e.......k...............-.......j............t.\|.....C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe..K.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.\.H.O.M.A.2. .C.a.l.c.u.l.a.t.o.r...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.`.......X.......562258...........hT..CrF.f4... .-...Jc...-...-$..hT..CrF.f4... .-...Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?.....

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\Uninstall HOMA Calculator.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 20 18:02:20 2024, mtime=Sun Oct 20 18:02:20 2024, atime=Sun Oct 20 18:02:01 2024, length=1481417, window=hide
Category:	dropped
Size (bytes):	971
Entropy (8bit):	4.570646314775607
Encrypted:	false
SSDEEP:	12:8mNE7YXHo1h9ehacdpF48H1qMKPYFZ4OHqGOjALDL7Rkbdpd0Wbdpd8VPmV:8mzo0pdv1qLwF3K1A/L7Rwdz0Sdz8Rm
MD5:	5AEBE9C90F62573C4AC89D70A4CBC1F9
SHA1:	17AB2206AAF6857D17EDF902719E873CAB6065FA
SHA-256:	76226FB4B1CB0D52B8D8A254A39D4B8967F0E9BBFDFB6924BD00EDA9505E84C0
SHA-512:	04ACEA8DACA85167F6D8FD32839C058916F0A6C32BD26F09AC904F1E710CA942A1447502D3B30C33E5A63B2873F070944F09BAE28EFA2D76CFCE06C50A3B7946
Malicious:	false
Preview:	L..................F.... ...iq(."#..iq(."#...5.."#..............................P.O. .:i.....+00.../C:\.....................1.....TYK...PROGRA~1..t......O.ITYK.....B...............J.....N...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....x.1.....TYK...HOMACA~1.3..^......TYK.TYK.....W......................3.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.....f.2....TYA. .unins000.exe..J......TYK.TYK.....Y.....................b.Y.u.n.i.n.s.0.0.0...e.x.e.......c...............-.......b............t.\|.....C:\Program Files\HOMA Calculator v2.2.3\unins000.exe..C.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.\.u.n.i.n.s.0.0.0...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.O.M.A. .C.a.l.c.u.l.a.t.o.r. .v.2...2...3.`.......X.......562258...........hT..CrF.f4... .i...Jc...-...-$..hT..CrF.f4... .i...Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.289297026665552
Encrypted:	false
SSDEEP:	48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc
MD5:	C8871EFD8AF2CF4D9D42D1FF8FADBF89
SHA1:	D0EACD5322C036554D509C7566F0BCC7607209BD
SHA-256:	E4FC574A01B272C2D0AED0EC813F6D75212E2A15A5F5C417129DD65D69768F40
SHA-512:	2735BB610060F749E26ACD86F2DF2B8A05F2BDD3DCCF3E4B2946EBB21BA0805FB492C474B1EEB2C5B8BF1A421F7C1B8728245F649C644F4A9ECC5BD8770A16F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....HP..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp

Download File

Process:	C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1458688
Entropy (8bit):	6.353878555914344
Encrypted:	false
SSDEEP:	24576:h4VN4kkKF3hDXq8xeidJLvkU99kkkkJE58dlX3IiAtp3Nq3E/HoQYx96HtlYx9EG:qT90guMXEdqwHkUHoD
MD5:	2703D25D95D502EC71ADE55C81145A03
SHA1:	251AD391F81D78383C3E8A656CA7FFF464D21822
SHA-256:	7107DE2DCD8AC439737D069B7111A52EECCD501E77CBAA1EF5DE9538434BC104
SHA-512:	D171A450C3F2A2E78D87EB652FFFC52C0011C213546F8A7857D9E20C4AFD0EAD53ABD265599985C3E328F4747D47AC65C99E28115C758A318A1DA7525A47439F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....,.Q.....................f....................@..............................................@...............................7..................................................................................t................................text...t........................... ..`.itext.. ........................... ..`.data...00.......2..................@....bss.....a...@...........................idata...7.......8..................@....tls....<............F...................rdata...............F..............@..@.rsrc................H..............@..@....................................@..@........................................................................................................................................

C:\Windows\SysWOW64\HOMACore.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	282624
Entropy (8bit):	5.634157218054538
Encrypted:	false
SSDEEP:	6144:5V7amW0cAirt938u5AO9O73c/9jUweuAmlQB:5V7DSpt8u5eQ/9jJ
MD5:	F9A7715D195327E6990004F78B5E348D
SHA1:	A2E6A63633C563792D872621A8C39FD1075A0ED4
SHA-256:	F95C717BBA02DA5BDE1E8E16B7192D71EF664850311BE2B7C3ED4C2C66C5CFA1
SHA-512:	BB2EA8A5548CC512965616680DEC7D273380207ED40B0BC8175D6A642D910B958B6A652F255116338DB164BA49673DDD541863A8F8E8CB2964E32FD59A051378
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r.a...2...2...2..I2...2..}2...2.kT2...2.kD2...2...2...2..\|2...2..L2...2..M2...2..J2...2Rich...2................PE..L....p.Q...........!.................................................................k....@..........................7......D/..x....P.......................p..........................................@............................................text...?........................... ..`.rdata..\|...........................@..@.data........@.......(..............@....rsrc........P......................@..@.reloc..p!...p..."..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\is-JO0HR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	282624
Entropy (8bit):	5.634157218054538
Encrypted:	false
SSDEEP:	6144:5V7amW0cAirt938u5AO9O73c/9jUweuAmlQB:5V7DSpt8u5eQ/9jJ
MD5:	F9A7715D195327E6990004F78B5E348D
SHA1:	A2E6A63633C563792D872621A8C39FD1075A0ED4
SHA-256:	F95C717BBA02DA5BDE1E8E16B7192D71EF664850311BE2B7C3ED4C2C66C5CFA1
SHA-512:	BB2EA8A5548CC512965616680DEC7D273380207ED40B0BC8175D6A642D910B958B6A652F255116338DB164BA49673DDD541863A8F8E8CB2964E32FD59A051378
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r.a...2...2...2..I2...2..}2...2.kT2...2.kD2...2...2...2..\|2...2..L2...2..M2...2..J2...2Rich...2................PE..L....p.Q...........!.................................................................k....@..........................7......D/..x....P.......................p..........................................@............................................text...?........................... ..`.rdata..\|...........................@..@.data........@.......(..............@....rsrc........P......................@..@.reloc..p!...p..."..................@..B........................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.8149190604946845
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	nHOMA2CalculatorWindowsSetup.exe
File size:	2'338'251 bytes
MD5:	f89876113397eab218fb197d549903ac
SHA1:	23bc6f72adccb9f5577ff939b8501e488fd8834b
SHA256:	3308fbc9f79869fdda63dc3d911b1c300518db7a04fe4e0591307b3f29094350
SHA512:	2d7b96391495b4b5a0febc3035e2fc3bcfa10cd4c482df5d59a68545ed5a3e0d55434cff8a0ffb3522cbf290a9756cd3f6ba9d140f59d04f3363b39e73d9af6b
SSDEEP:	49152:2XZrb6pbEI2o8QkLVCCI/OwPoyDb6Rpyktxo08oB0JT3F:AF6p0HTLVm1F6vyL0HBu3F
TLSH:	74B5AB26E692C525F97096FEC5E264FC0A257E30CFB642075FECBE2D33B47425829612
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	bdace9e969698755

Static PE Info

General

Entrypoint:	0x4113bc
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x51092C84 [Wed Jan 30 14:21:56 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	48aa5c8931746a9655524f67b25a47ef

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 0041002Ch
call 00007F534CB2AF0Dh
xor eax, eax
push ebp
push 00411A9Eh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 00411A5Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [00415B48h]
call 00007F534CB3353Bh
call 00007F534CB3308Ah
cmp byte ptr [00412ADCh], 00000000h
je 00007F534CB35D2Eh
call 00007F534CB33650h
xor eax, eax
call 00007F534CB28FA5h
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F534CB30107h
mov edx, dword ptr [ebp-14h]
mov eax, 00418650h
call 00007F534CB2957Ah
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [00418650h]
mov dl, 01h
mov eax, dword ptr [0040BF3Ch]
call 00007F534CB309F2h
mov dword ptr [00418654h], eax
xor edx, edx
push ebp
push 00411A06h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F534CB335AEh
mov dword ptr [0041865Ch], eax
mov eax, dword ptr [0041865Ch]
cmp dword ptr [eax+0Ch], 01h
jne 00007F534CB35D6Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19000	0xdd0	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0x51624	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1b000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x192fc	0x20c	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf12c	0xf200	3a126e478661f20816f9d9285615f98e	False	0.550910382231405	data	6.391482648256754	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x11000	0xb44	0xc00	ba48b9b17b3dd8b92da3bd93f20ddb34	False	0.5930989583333334	data	5.732070848969494	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x12000	0xc88	0xe00	d7fd5f4b562d7961758f3d6a8c834fd0	False	0.24832589285714285	data	2.246312806661135	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x13000	0x56b4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x19000	0xdd0	0xe00	93d91a2b90e60bd758fc0c4908856ae1	False	0.36439732142857145	data	4.97188203376719	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1a000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1b000	0x18	0x200	3dffc444ccc131c9dcee18db49ee6403	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0x51624	0x51800	39b347088fece1ecdb11f649b74f76bb	False	0.11235860812883436	data	5.256977703275042	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1c4ac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.267590618336887
RT_ICON	0x1d354	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.3316787003610108
RT_ICON	0x1dbfc	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.38078034682080925
RT_ICON	0x1e164	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 0	English	United States	0.08913143178388615
RT_ICON	0x6018c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.2936721991701245
RT_ICON	0x62734	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.3808630393996248
RT_ICON	0x637dc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.5904255319148937
RT_STRING	0x63c44	0x68	data			0.6538461538461539
RT_STRING	0x63cac	0xd4	data			0.5283018867924528
RT_STRING	0x63d80	0xa4	data			0.6524390243902439
RT_STRING	0x63e24	0x2ac	data			0.45614035087719296
RT_STRING	0x640d0	0x34c	data			0.4218009478672986
RT_STRING	0x6441c	0x294	data			0.4106060606060606
RT_RCDATA	0x646b0	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x6c998	0x10	data			1.5
RT_RCDATA	0x6c9a8	0x150	data			0.8333333333333334
RT_RCDATA	0x6caf8	0x2c	data			1.1818181818181819
RT_GROUP_ICON	0x6cb24	0x68	data	English	United States	0.6826923076923077
RT_VERSION	0x6cb8c	0x4f4	data	English	United States	0.2752365930599369
RT_MANIFEST	0x6d080	0x5a4	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.42590027700831024

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	GetKeyboardType, LoadStringW, MessageBoxA, CharNextW
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
comctl32.dll	InitCommonControls
kernel32.dll	Sleep
advapi32.dll	AdjustTokenPrivileges

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	15:02:01
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe"
Imagebase:	0x400000
File size:	2'338'251 bytes
MD5 hash:	F89876113397EAB218FB197D549903AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:02:01
Start date:	20/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-EVEH9.tmp\nHOMA2CalculatorWindowsSetup.tmp" /SL5="$203BC,1934643,407552,C:\Users\user\Desktop\nHOMA2CalculatorWindowsSetup.exe"
Imagebase:	0x400000
File size:	1'458'688 bytes
MD5 hash:	2703D25D95D502EC71ADE55C81145A03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 7%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:02:21
Start date:	20/10/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\HOMACore.dll"
Imagebase:	0x970000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	15:02:23
Start date:	20/10/2024
Path:	C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe"
Imagebase:	0xfc0000
File size:	2'451'091 bytes
MD5 hash:	E017A16D1C8F66C4383C585C3FD8C629
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.7%
Total number of Nodes:	308
Total number of Limit Nodes:	14

Executed Functions

Function 00FC1000 Relevance: 51.0, APIs: 20, Strings: 9, Instructions: 276
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00FC104A
FindResourceW.KERNEL32(?,000007DB,BAKED), ref: 00FC105D
LoadResource.KERNEL32(?,00000000,?,000007DB,BAKED), ref: 00FC106D
LockResource.KERNEL32(00000000,?,?,00000000,?,000007DB,BAKED), ref: 00FC107D
__strdup.LIBCMT ref: 00FC1099
_memset.LIBCMT ref: 00FC10D7
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00000200,?,?,?,?,?,BAKED), ref: 00FC10F5
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,BAKED), ref: 00FC1131
_wcsrchr.LIBCMT ref: 00FC1144
SetDllDirectoryW.KERNEL32(00FC78A4), ref: 00FC11C3
SetDllDirectoryW.KERNEL32(?), ref: 00FC11CC
_free.LIBCMT ref: 00FC11CF
_memset.LIBCMT ref: 00FC11ED
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00000200,?,?,?,BAKED), ref: 00FC1211
LoadLibraryW.KERNEL32(?,?,?,?,BAKED), ref: 00FC1241
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,BAKED), ref: 00FC1264
_wcsrchr.LIBCMT ref: 00FC127B
SetDllDirectoryW.KERNEL32(?), ref: 00FC12C5
LoadLibraryA.KERNEL32(RBGUIFramework.DLL,?,?,?,?,?,BAKED), ref: 00FC12D0
GetProcAddress.KERNEL32(00000000,MainExport), ref: 00FC12E2

Strings

Failed converting UTF8 to UTF16, xrefs: 00FC1107, 00FC1223
Failed to locate Framework DLL, xrefs: 00FC1336
MainExport, xrefs: 00FC12DC
RBGUIFramework.DLL, xrefs: 00FC12CB
Can't find baked resource, xrefs: 00FC1368
Can't load baked resource, xrefs: 00FC134D
Could not find the main entrypoint in Framework DLL, xrefs: 00FC1317
Libs, xrefs: 00FC12A2
BAKED, xrefs: 00FC1052

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: DirectoryLoadResource_memset$ByteCharFileLibraryModuleMultiNameWide_wcsrchr$AddressFindLockProc__strdup_free
String ID: BAKED$Can't find baked resource$Can't load baked resource$Could not find the main entrypoint in Framework DLL$Failed converting UTF8 to UTF16$Failed to locate Framework DLL$Libs$MainExport$RBGUIFramework.DLL
API String ID: 1762174379-3009242903
Opcode ID: 8ba0496f978cee0eddf567d4f64e3c75a81287a0eff29625c74e791484a141ea
Instruction ID: 01427bb80dd2929678e906f45fe93184ce5018abb1ff783ff17c27e8562fadb0
Opcode Fuzzy Hash: 8ba0496f978cee0eddf567d4f64e3c75a81287a0eff29625c74e791484a141ea
Instruction Fuzzy Hash: 78910871A002199BDB20EF64DE47FEAB3B8FF45310F14429DE90997282EB748A54EB50

Function 6C8802C1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCR100(?), ref: 6C8802CC

Part of subcall function 6C880233: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7), ref: 6C880263

_callnewh.MSVCR100(?), ref: 6C8AF2B0
std::exception::exception.LIBCMT(?,00000001), ref: 6C8AF2E7
atexit.MSVCR100(6C91FC34,?,00000001), ref: 6C8AF2F7
std::exception::exception.LIBCMT(6C927580), ref: 6C8AF301
_CxxThrowException.MSVCR100(?,6C88BDD8,6C927580), ref: 6C8AF312
_errno.MSVCR100 ref: 6C8AF321
_errno.MSVCR100 ref: 6C8AF32E

Strings

bad allocation, xrefs: 6C8AF2E0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errnostd::exception::exception$AllocateExceptionHeapThrow_callnewhatexitmalloc
String ID: bad allocation
API String ID: 903262172-2104205924
Opcode ID: be8f0e9a2f50cc3ea98f14f38bc244c42973d6b4458e135b59bde1ac53a39114
Instruction ID: 768757602211eff23b2d14f76bb9fde6effd05659067899dcfddd7919dde48fd
Opcode Fuzzy Hash: be8f0e9a2f50cc3ea98f14f38bc244c42973d6b4458e135b59bde1ac53a39114
Instruction Fuzzy Hash: 9601C835507249ABCF21DB59CF01AED76746F81248B240C69D810E6E80DB71CA49DB90

Function 6C880233 Relevance: 12.1, APIs: 8, Instructions: 60
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7), ref: 6C880263
__FF_MSGBANNER.LIBCMT ref: 6C8AF22F
__NMSG_WRITE.LIBCMT ref: 6C8AF236
_callnewh.MSVCR100(00000001,00000001,00000000,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001), ref: 6C8AF255
_callnewh.MSVCR100(00000001,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8AF278
_errno.MSVCR100(00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9), ref: 6C8AF27E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _callnewh$AllocateHeap_errno
String ID:
API String ID: 4160251224-0
Opcode ID: 5a1b4eeaf0990f75b9f57ca75d6bed2ba6c3eaff969225803c8a1233152784aa
Instruction ID: ffa6cf615227d83824f87a6ece445594d671c41622c35fde0c6e6c5e38ecf0a6
Opcode Fuzzy Hash: 5a1b4eeaf0990f75b9f57ca75d6bed2ba6c3eaff969225803c8a1233152784aa
Instruction Fuzzy Hash: 5B01FE353477819AEB322B7D9E40B653658EB93359F200C39E424CAE80DF70C4468771

Function 00FC1380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC1000: _memset.LIBCMT ref: 00FC104A
Part of subcall function 00FC1000: FindResourceW.KERNEL32(?,000007DB,BAKED), ref: 00FC105D
Part of subcall function 00FC1000: LoadResource.KERNEL32(?,00000000,?,000007DB,BAKED), ref: 00FC106D
Part of subcall function 00FC1000: LockResource.KERNEL32(00000000,?,?,00000000,?,000007DB,BAKED), ref: 00FC107D
Part of subcall function 00FC1000: __strdup.LIBCMT ref: 00FC1099
Part of subcall function 00FC1000: _memset.LIBCMT ref: 00FC10D7
Part of subcall function 00FC1000: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00000200,?,?,?,?,?,BAKED), ref: 00FC10F5

GetUserDefaultLCID.KERNEL32(?,?,?,?,?), ref: 00FC13B4
MessageBoxA.USER32(00000000,?,Runtime Error,00000010), ref: 00FC13CE

Strings

Runtime Error, xrefs: 00FC13C6

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: Resource$_memset$ByteCharDefaultFindLoadLockMessageMultiUserWide__strdup
String ID: Runtime Error
API String ID: 2367427710-410593801
Opcode ID: 9d8fcce92efbec150d706942dc965991721302721cbc6d4bdd668518b0b940b8
Instruction ID: 02e621a6656a5998977cab23fd1ecab0c6949a417bb3b0333e8419b3ec300b68
Opcode Fuzzy Hash: 9d8fcce92efbec150d706942dc965991721302721cbc6d4bdd668518b0b940b8
Instruction Fuzzy Hash: 61F03C76A4010DBBCB00DE88DD42FEA776CAB49311F004159FD0597281E671AE65D7E1

Function 6C880B4E Relevance: 4.6, APIs: 3, Instructions: 54
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C881EF7,00000001,?,00000000,00000000,00000000,?,6C8A75BC,00000001,00000214), ref: 6C880B8D
_errno.MSVCR100(?,6C881EF7,00000001,?,00000000,00000000,00000000,?,6C8A75BC,00000001,00000214), ref: 6C8AF3DF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AllocateHeap_errno
String ID:
API String ID: 242259997-0
Opcode ID: cb91db38ed1e1ebb9450f860211ba88de011b1960d3d35fb9faf325e53a45f88
Instruction ID: 5acf98c25095f78584044619d687cfa603c796001a76388eebfa9de003e6f66e
Opcode Fuzzy Hash: cb91db38ed1e1ebb9450f860211ba88de011b1960d3d35fb9faf325e53a45f88
Instruction Fuzzy Hash: AA019631313255ABEB345E69CA94F6B3794AB5271CF114D29E825CBD90DB70D8418750

Function 6C88014E Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,6C8A7602,00000000), ref: 6C880164
_errno.MSVCR100(00000000,?,6C8A7602,00000000), ref: 6C8AF291
GetLastError.KERNEL32(00000000,?,6C8A7602,00000000), ref: 6C8AF298

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorFreeHeapLast_errno
String ID:
API String ID: 1236692823-0
Opcode ID: 8f3b5a7af90d7300b6cf2aff81507b7c22f2a3e593c1598e83d3169925655915
Instruction ID: 301b454b277c4b54592d010a9d2357e6580fa3dccafd5022a93864e2d80167a4
Opcode Fuzzy Hash: 8f3b5a7af90d7300b6cf2aff81507b7c22f2a3e593c1598e83d3169925655915
Instruction Fuzzy Hash: 08E04F39147255A7DF226EB89908BD93BEABB01358F204824F5088AD91EB34C441DB94

Function 6C880282 Relevance: 3.0, APIs: 2, Instructions: 28
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6C880B4E: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C881EF7,00000001,?,00000000,00000000,00000000,?,6C8A75BC,00000001,00000214), ref: 6C880B8D

_errno.MSVCR100 ref: 6C8AF321
_errno.MSVCR100 ref: 6C8AF32E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$AllocateHeap
String ID:
API String ID: 502529563-0
Opcode ID: 59cb27ea9d8d6645d9979283835a8e101466ad3f80cfe5023e5b6175215a5409
Instruction ID: 0baf79df239de481b58a552a064ba4db8285bf2782061e2610bf7377d87cc1c4
Opcode Fuzzy Hash: 59cb27ea9d8d6645d9979283835a8e101466ad3f80cfe5023e5b6175215a5409
Instruction Fuzzy Hash: 15E06531903258BFDF219A958F00ADD7668EB42658F200864AC1097A04EB71CF04DB90

Non-executed Functions

Function 6C8CA3DD Relevance: 98.2, APIs: 38, Strings: 18, Instructions: 204
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CreateUmsCompletionList,00000000,00000114,00000000,?,?,?,?,6C8BBFE9), ref: 6C8CA3F9
GetProcAddress.KERNEL32(00000000), ref: 6C8CA402
GetLastError.KERNEL32(?,?,?,?,6C8BBFE9), ref: 6C8CA408
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,6C8BBFE9), ref: 6C8CA420
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,?,?,?,6C8BBFE9), ref: 6C8CA42E
GetModuleHandleW.KERNEL32(kernel32.dll,DequeueUmsCompletionListItems,?,?,?,?,6C8BBFE9), ref: 6C8CA447
GetProcAddress.KERNEL32(00000000), ref: 6C8CA44A
GetLastError.KERNEL32(?,?,?,?,6C8BBFE9), ref: 6C8CA450
GetModuleHandleW.KERNEL32(kernel32.dll,GetUmsCompletionListEvent,?,?,?,?,6C8BBFE9), ref: 6C8CA470
GetProcAddress.KERNEL32(00000000), ref: 6C8CA473
GetModuleHandleW.KERNEL32(kernel32.dll,ExecuteUmsThread,?,?,?,?,6C8BBFE9), ref: 6C8CA48D
GetProcAddress.KERNEL32(00000000), ref: 6C8CA490
GetModuleHandleW.KERNEL32(kernel32.dll,UmsThreadYield,?,?,?,?,6C8BBFE9), ref: 6C8CA4AA
GetProcAddress.KERNEL32(00000000), ref: 6C8CA4AD
GetModuleHandleW.KERNEL32(kernel32.dll,DeleteUmsCompletionList,?,?,?,?,6C8BBFE9), ref: 6C8CA4C7
GetProcAddress.KERNEL32(00000000), ref: 6C8CA4CA
GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentUmsThread,?,?,?,?,6C8BBFE9), ref: 6C8CA4E4
GetProcAddress.KERNEL32(00000000), ref: 6C8CA4E7
GetModuleHandleW.KERNEL32(kernel32.dll,GetNextUmsListItem,?,?,?,?,6C8BBFE9), ref: 6C8CA505
GetProcAddress.KERNEL32(00000000), ref: 6C8CA508
GetModuleHandleW.KERNEL32(kernel32.dll,QueryUmsThreadInformation,?,?,?,?,6C8BBFE9), ref: 6C8CA526
GetProcAddress.KERNEL32(00000000), ref: 6C8CA529
GetModuleHandleW.KERNEL32(kernel32.dll,SetUmsThreadInformation,?,?,?,?,6C8BBFE9), ref: 6C8CA547
GetProcAddress.KERNEL32(00000000), ref: 6C8CA54A
GetModuleHandleW.KERNEL32(kernel32.dll,DeleteUmsThreadContext,?,?,?,?,6C8BBFE9), ref: 6C8CA568
GetProcAddress.KERNEL32(00000000), ref: 6C8CA56B
GetModuleHandleW.KERNEL32(kernel32.dll,CreateUmsThreadContext,?,?,?,?,6C8BBFE9), ref: 6C8CA589
GetProcAddress.KERNEL32(00000000), ref: 6C8CA58C
GetModuleHandleW.KERNEL32(kernel32.dll,EnterUmsSchedulingMode,?,?,?,?,6C8BBFE9), ref: 6C8CA5AA
GetProcAddress.KERNEL32(00000000), ref: 6C8CA5AD
GetModuleHandleW.KERNEL32(kernel32.dll,CreateRemoteThreadEx,?,?,?,?,6C8BBFE9), ref: 6C8CA5CB
GetProcAddress.KERNEL32(00000000), ref: 6C8CA5CE
GetModuleHandleW.KERNEL32(kernel32.dll,InitializeProcThreadAttributeList,?,?,?,?,6C8BBFE9), ref: 6C8CA5EC
GetProcAddress.KERNEL32(00000000), ref: 6C8CA5EF
GetModuleHandleW.KERNEL32(kernel32.dll,UpdateProcThreadAttribute,?,?,?,?,6C8BBFE9), ref: 6C8CA60D
GetProcAddress.KERNEL32(00000000), ref: 6C8CA610
GetModuleHandleW.KERNEL32(kernel32.dll,DeleteProcThreadAttributeList,?,?,?,?,6C8BBFE9), ref: 6C8CA62E
GetProcAddress.KERNEL32(00000000), ref: 6C8CA631

Strings

QueryUmsThreadInformation, xrefs: 6C8CA518
CreateUmsCompletionList, xrefs: 6C8CA3EE
InitializeProcThreadAttributeList, xrefs: 6C8CA5DE
GetUmsCompletionListEvent, xrefs: 6C8CA462
CreateRemoteThreadEx, xrefs: 6C8CA5BD
DequeueUmsCompletionListItems, xrefs: 6C8CA439
GetNextUmsListItem, xrefs: 6C8CA4F7
UmsThreadYield, xrefs: 6C8CA49C
GetCurrentUmsThread, xrefs: 6C8CA4D6
EnterUmsSchedulingMode, xrefs: 6C8CA59C
UpdateProcThreadAttribute, xrefs: 6C8CA5FF
DeleteProcThreadAttributeList, xrefs: 6C8CA620
DeleteUmsCompletionList, xrefs: 6C8CA4B9
DeleteUmsThreadContext, xrefs: 6C8CA55A
SetUmsThreadInformation, xrefs: 6C8CA539
kernel32.dll, xrefs: 6C8CA3F3, 6C8CA3F8, 6C8CA440, 6C8CA469, 6C8CA486, 6C8CA4A3, 6C8CA4C0, 6C8CA4DD, 6C8CA4FE, 6C8CA51F, 6C8CA540, 6C8CA561, 6C8CA582, 6C8CA5A3, 6C8CA5C4, 6C8CA5E5, 6C8CA606, 6C8CA627
ExecuteUmsThread, xrefs: 6C8CA47F
CreateUmsThreadContext, xrefs: 6C8CA57B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AddressHandleModuleProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThrow
String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
API String ID: 1483908321-2643937717
Opcode ID: 70dd5d73c0beb738a7bb814d838233a8d73ef89d0a64a6b9a2f406a9524fc4dc
Instruction ID: 70725acea83c40773ffe4e75f552b1b079998f4f27b896a35340396e0a56722d
Opcode Fuzzy Hash: 70dd5d73c0beb738a7bb814d838233a8d73ef89d0a64a6b9a2f406a9524fc4dc
Instruction Fuzzy Hash: 165194B5B253096ADF34AB768E59C7B3EBCBB865843200C2EA45AC3644DE3DC400DF61

Function 6C89457E Relevance: 90.4, APIs: 37, Strings: 14, Instructions: 1146COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getThisType.LIBCMT ref: 6C8946C4
DName::operator+.LIBCMT ref: 6C89470A
DName::operator+.LIBCMT ref: 6C89474D
DName::operator+.LIBCMT ref: 6C8947DD
DName::DName.LIBCMT ref: 6C8951AA
DName::operator+.LIBCMT ref: 6C8951B1

Strings

`local static destructor helper', xrefs: 6C8AE314
private: , xrefs: 6C8AE578
virtual , xrefs: 6C8AE50D
`vtordisp{, xrefs: 6C8AE17A
public: , xrefs: 6C8AE61C
`template static data member constructor helper', xrefs: 6C8AE36A
`adjustor{, xrefs: 6C8AE1B2
`template static data member destructor helper', xrefs: 6C8AE3BD
static , xrefs: 6C8951A2
[thunk]:, xrefs: 6C8AE659
`vtordispex{, xrefs: 6C8AE0EE
protected: , xrefs: 6C8AE5CB
}' , xrefs: 6C8ADF02, 6C8AE1C8
extern "C" , xrefs: 6C8AE686

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$Decorator::getNameName::ThisType
String ID: [thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
API String ID: 3431685421-3028518216
Opcode ID: d593fe828cd558ccb148575e3f50ba424d6859e82a1f91fa0bb24d3f83997fd3
Instruction ID: 31989aefdb152de869bc52d53f8c2928027fc6c83e84833fc6f0fe24c29f6b1f
Opcode Fuzzy Hash: d593fe828cd558ccb148575e3f50ba424d6859e82a1f91fa0bb24d3f83997fd3
Instruction Fuzzy Hash: E7826172E511199BDF24CAECCA80BED77B5AF85308F144D3AE511E7A80EB38D946CB50

Function 6C8BBE38 Relevance: 61.6, APIs: 31, Strings: 4, Instructions: 336
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,00000000,00000000,00000000), ref: 6C8BBE5C
_memset.LIBCMT(?,00000000,00000114), ref: 6C8BBE85
GetVersionExW.KERNEL32(?), ref: 6C8BBE96
GetLastError.KERNEL32 ref: 6C8BC07B
GetLastError.KERNEL32 ref: 6C8BC082
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BC097
malloc.MSVCR100 ref: 6C8BC0B0
std::exception::exception.LIBCMT ref: 6C8BC0D2
GetLastError.KERNEL32 ref: 6C8BC0F5
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BC10A
free.MSVCR100(?), ref: 6C8BC178
GetLastError.KERNEL32 ref: 6C8BC1A4
GetLastError.KERNEL32 ref: 6C8BC1AB
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BC1BD
malloc.MSVCR100 ref: 6C8BC1D6
std::exception::exception.LIBCMT ref: 6C8BC1F8
GetLastError.KERNEL32 ref: 6C8BC21E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BC230
free.MSVCR100(?), ref: 6C8BC2BB
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8BBEAA

Part of subcall function 6C8B80CA: std::exception::exception.LIBCMT(6C8BC2E6,00000114,?), ref: 6C8B80DE

_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8BBEB9
GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformationEx), ref: 6C8BBEFE
GetProcAddress.KERNEL32(00000000), ref: 6C8BBF05
GetLastError.KERNEL32 ref: 6C8BBF17
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BBF30
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8BBF4D
GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation,?,6C91FEB4,00000000), ref: 6C8BC02D
GetProcAddress.KERNEL32(00000000), ref: 6C8BC034
GetLastError.KERNEL32 ref: 6C8BC040
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BC059
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8BC2E1

Strings

GetLogicalProcessorInformationEx, xrefs: 6C8BBEF4
bad allocation, xrefs: 6C8BC0CA, 6C8BC1F0
GetLogicalProcessorInformation, xrefs: 6C8BC023
kernel32.dll, xrefs: 6C8BBEF9, 6C8BC028

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error$Concurrency::unsupported_os::unsupported_osstd::exception::exception$AddressHandleModuleProcfreemalloc$ExceptionInfoSystemThrowVersion_memset
String ID: GetLogicalProcessorInformation$GetLogicalProcessorInformationEx$bad allocation$kernel32.dll
API String ID: 1988720266-1310109495
Opcode ID: c64340d7613f7317e138eef32e4b9d368d42c7bc0e775fc1723bb70786b06235
Instruction ID: a5be23de4fcbe991cecf44fffb07aa357bbe3782d2036a3a98e33045191c6093
Opcode Fuzzy Hash: c64340d7613f7317e138eef32e4b9d368d42c7bc0e775fc1723bb70786b06235
Instruction Fuzzy Hash: 98C1F3716186459BD730DF59CAC5A6A77F4BB86328F204D2EE084F2F41D738CA48CB92

Function 6C8981A1 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcspbrk.LIBCMT(?,6C897D1C), ref: 6C8981E3
_getdrive.MSVCR100 ref: 6C8981FD

Part of subcall function 6C8980BC: GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,?), ref: 6C8980EF

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6C898214
_wcspbrk.LIBCMT(?,./\), ref: 6C898235

Part of subcall function 6C898163: _errno.MSVCR100(?,?,?,6C898259,?,?,00000104,?), ref: 6C89816A
Part of subcall function 6C898163: _errno.MSVCR100(?,?,?,6C898259,?,?,00000104,?), ref: 6C898171
Part of subcall function 6C898163: _wfullpath.MSVCR100(?,?,?,?,?,?,6C898259,?,?,00000104,?), ref: 6C898182
Part of subcall function 6C898163: _errno.MSVCR100 ref: 6C89818C

_wcslen.LIBCMT(00000000), ref: 6C898263
_errno.MSVCR100 ref: 6C89828B
__doserrno.MSVCR100 ref: 6C898295
__doserrno.MSVCR100 ref: 6C8A7CB4
_errno.MSVCR100 ref: 6C8A7CBB
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A7CC6
towlower.MSVCR100(00000000), ref: 6C8A7CE3
GetDriveTypeW.KERNEL32(00000000), ref: 6C8A7CF5
free.MSVCR100(?), ref: 6C8A7D12
___loctotime64_t.LIBCMT ref: 6C8A7D45
free.MSVCR100(?), ref: 6C8A7D72

Part of subcall function 6C89813D: _wcslen.LIBCMT(00000000,6C898277), ref: 6C898140

_wsopen_s.MSVCR100(000000FF,?,00000000,00000040,00000000), ref: 6C8A7DA8
__fstat64i32.LIBCMT(000000FF,?), ref: 6C8A7DCC
_close.MSVCR100(000000FF,000000FF,?), ref: 6C8A7DD9
FindClose.KERNEL32(?), ref: 6C8A7FAA
___wdtoxmode.LIBCMT ref: 6C8A7FB7
GetLastError.KERNEL32 ref: 6C8A8009
__dosmaperr.LIBCMT(00000000), ref: 6C8A8010
FindClose.KERNEL32(?), ref: 6C8A801C

Strings

./\, xrefs: 6C898229

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$Find$Close__doserrno_wcslen_wcspbrkfree$CurrentDirectoryDriveErrorFileFirstLastType___loctotime64_t___wdtoxmode__dosmaperr__fstat64i32_close_getdrive_invalid_parameter_noinfo_wfullpath_wsopen_stowlower
String ID: ./\
API String ID: 679355030-3176372042
Opcode ID: 8d9372a9ee19e10bd7d87928856b4cefddcb04eba2627c01d0f5c3aa5ebf4604
Instruction ID: 4759b8248e2d7fbe6299411ac843b7a8dd08d696f715faecab2f99d2d2b24957
Opcode Fuzzy Hash: 8d9372a9ee19e10bd7d87928856b4cefddcb04eba2627c01d0f5c3aa5ebf4604
Instruction Fuzzy Hash: 4EC1DAB1905529EECB309FA9CD446E9B3F8BF09318F1006ABE15CD2940E7349AC5DF65

Function 6C8962FC Relevance: 40.8, APIs: 27, Instructions: 271stringtimeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(00000007,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C89631E

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

__tzname.MSVCR100(6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C896327
_get_timezone.MSVCR100(?,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C896333
_get_daylight.MSVCR100(6C89693D,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C896345
_get_dstbias.MSVCR100(00000008,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C896357
___lc_codepage_func.MSVCR100(6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C896365

Part of subcall function 6C892214: _strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892232
Part of subcall function 6C892214: _strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892241
Part of subcall function 6C892214: __fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C89225D

GetTimeZoneInformation.KERNEL32(6C924DF0,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8963AC
WideCharToMultiByte.KERNEL32(00000000,00000000,6C924DF4,00000000,?,0000003F,00000000,?), ref: 6C89642A
WideCharToMultiByte.KERNEL32(000000FF,00000000,6C924E48,000000FF,?,0000003F,00000000,?), ref: 6C89645D
__timezone.MSVCR100 ref: 6C896483
__daylight.MSVCR100 ref: 6C89648D
__dstbias.MSVCR100 ref: 6C896497
strcmp.MSVCR100(00000000,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A99C9
free.MSVCR100(00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A99E2
_strlen.LIBCMT(00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A99E9
_malloc_crt.MSVCR100(00000001,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A99F0
_strlen.LIBCMT(00000000,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A9A06
strcpy_s.MSVCR100(00000001,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A9A14
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A9A29
free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,6C8964C0,0000002C,6C89650A,6C896528,00000008,6C89693D), ref: 6C8A9A2F
strncpy_s.MSVCR100(?,00000040,00000000,00000003), ref: 6C8A9A4A
atol.MSVCR100(-00000003), ref: 6C8A9A67

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _strlen$ByteCharMultiWidefree$CriticalEnterInformationSectionTimeZone___lc_codepage_func__daylight__dstbias__fassign__invoke_watson__timezone__tzname_get_daylight_get_dstbias_get_timezone_lock_malloc_crtatolstrcmpstrcpy_sstrncpy_s
String ID:
API String ID: 3174396702-0
Opcode ID: b851a36f53663e202eeaeb987584ba0f8b9b9ce7093d776fa0686770739b0b28
Instruction ID: ab41190746691c6fb1e8be43acc58d6ecdd2a73c2a9efdb3d74c0d96e05e9ab7
Opcode Fuzzy Hash: b851a36f53663e202eeaeb987584ba0f8b9b9ce7093d776fa0686770739b0b28
Instruction Fuzzy Hash: 1D91C1719092159FDF20AFEDCA80ADDBBB5BF0A318B24083AE154E7A50D7359946CF60

Function 6C887270 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 491COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.MSVCR100(00000083,00000001,000000BC,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C887278
GetUserDefaultLCID.KERNEL32(00000083,00000001,000000BC,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C8872CC
IsValidCodePage.KERNEL32(00000000,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C88731E
IsValidLocale.KERNEL32(?,00000001,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C887331
GetLocaleInfoA.KERNEL32(?,00001001,?,00000040,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C88737B
GetLocaleInfoA.KERNEL32(?,00001002,?,00000040,00000000,00000000,00000005), ref: 6C88738F
_itoa_s.MSVCR100(00000010,?,00000010,0000000A), ref: 6C8873A0
_TranslateName.LIBCMT ref: 6C8B17C8

Strings

Norwegian-Nynorsk, xrefs: 6C8B1867

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Locale$InfoValid$CodeDefaultNamePageTranslateUser_getptd_itoa_s
String ID: Norwegian-Nynorsk
API String ID: 3958957854-461349085
Opcode ID: 78601538d987ea3885e477b79135be1c2a80c2cfac67280a7855269cf4d4087b
Instruction ID: e149ff2b3c13c00b4c9923af173f32267d955efc5973c8f749b1fb32530acece
Opcode Fuzzy Hash: 78601538d987ea3885e477b79135be1c2a80c2cfac67280a7855269cf4d4087b
Instruction Fuzzy Hash: 0BF197301497885FE7228F688DD4AEA3F64EF03348F0508EEDD919B993D624D957C7A2

Function 6C88767A Relevance: 18.2, APIs: 12, Instructions: 160stringCOMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000002,?,?,00000000), ref: 6C887435
free.MSVCR100(?,?,?,00000000), ref: 6C887456
_calloc_crt.MSVCR100(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C88763F
strncpy_s.MSVCR100(00000000,00000000,00000000,-00000001), ref: 6C887659
GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876C4
_calloc_crt.MSVCR100(00000000,00000002,?,?,00000000), ref: 6C8876D3
GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876EC
free.MSVCR100(00000000), ref: 6C8B06E1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: InfoLocale$_calloc_crtfree$strncpy_s
String ID:
API String ID: 2432546303-0
Opcode ID: 567a11197a92769b7ec675cf84d83bf3fdba221b2cc06e42cc8008a4527bc04d
Instruction ID: e52d365cd467f5461218b6ae2ebcb30ebdfce52e1163d743d43b16587c2cb9b9
Opcode Fuzzy Hash: 567a11197a92769b7ec675cf84d83bf3fdba221b2cc06e42cc8008a4527bc04d
Instruction Fuzzy Hash: 4C51B77160325AAFEF309F298E40BAB3BB8BF01358F104865F914A6A40DB31CC54DF61

Function 6C8873B4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,20001004,00000005,00000002,?,?,6C8872F5,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C8873D5
strcmp.MSVCR100(00000000,ACP,?,?,6C8872F5,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C892C1C
strcmp.MSVCR100(00000000,OCP,?,?,6C8872F5,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C8B176C
GetLocaleInfoW.KERNEL32(?,2000000B,00000005,00000002,?,?,6C8872F5,?,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C8B1785

Strings

OCP, xrefs: 6C8B1766
ACP, xrefs: 6C892C16

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: InfoLocalestrcmp
String ID: ACP$OCP
API String ID: 3191669094-711371036
Opcode ID: d4306a62e50d8f5312bd5270b8cc85070bc7516e8248895fc6ff77c042c6cc92
Instruction ID: 155db9d786adc9d662a1201fea27543345cb5635dabc2de462e0dd1c8304069d
Opcode Fuzzy Hash: d4306a62e50d8f5312bd5270b8cc85070bc7516e8248895fc6ff77c042c6cc92
Instruction Fuzzy Hash: AE01B93171661AFAE7318B699B49B9E33B89F0235CF340C25F911F6D80EB34D6409759

Function 6C88A2A7 Relevance: 12.2, APIs: 8, Instructions: 225COMMONLIBRARYCODE

Download Yara Rule

APIs

wcsncpy_s.MSVCR100(?,000000FF,?,00000000,?,?,?,?,?,6C88A24E,?,?,?,?,?,?), ref: 6C88A3A2
wcsncpy_s.MSVCR100(?,000000FF,?,?,?,?,?,?,?,6C88A24E,?,?,?,?,?,?), ref: 6C8B1272
wcsncpy_s.MSVCR100(?,000000FF,00000000,?,?,?,?,?,?,6C88A24E,?,?,?,?,?,?), ref: 6C8B129B
wcsncpy_s.MSVCR100(?,000000FF,?,?,?,?,?,?,?,6C88A24E,?,?,?,?,?,?), ref: 6C8B12B8
_errno.MSVCR100(?,?,?,?,?,6C88A24E,?,?,?,?,?,?,?,?,?), ref: 6C8B1321
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,6C88A24E,?,?,?,?,?,?,?,?,?), ref: 6C8B132B
_errno.MSVCR100(?,?,?,?,?,6C88A24E,?,?,?,?,?,?,?,?,?), ref: 6C8B133C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: wcsncpy_s$_errno$_invalid_parameter_noinfo
String ID:
API String ID: 2268458229-0
Opcode ID: c1f5240053b108a06b6e3bafab692a3026b47fb90539e20584dc0318cf0e9ea9
Instruction ID: 9a82387722c61a9b0e203dd7d7d5f9ce2c136c7887a4e1c93db5f48e56cfa503
Opcode Fuzzy Hash: c1f5240053b108a06b6e3bafab692a3026b47fb90539e20584dc0318cf0e9ea9
Instruction Fuzzy Hash: 2E71D631906206DBDF38CE1D8A400D936B6EB95319B758E3EE924A7ED0F3B1C8818781

Function 6C8843A6 Relevance: 12.2, APIs: 8, Instructions: 223COMMON

Download Yara Rule

APIs

wcsncpy_s.MSVCR100(?,?,?,00000000), ref: 6C8844B2
wcsncpy_s.MSVCR100(?,?,00000000,?), ref: 6C8844D9
wcsncpy_s.MSVCR100(?,00000003,?,00000002), ref: 6C88452E
wcsncpy_s.MSVCR100(?,?,?,?), ref: 6C884562
_errno.MSVCR100 ref: 6C8B13A1
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B13AB
_errno.MSVCR100 ref: 6C8B13BC

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: wcsncpy_s$_errno$_invalid_parameter_noinfo
String ID:
API String ID: 2268458229-0
Opcode ID: 482527dddfd8eb0907e252b437bd19494a6dfea260ba71937d5eb1d190559979
Instruction ID: f6a6e58faf3da03d0824a3ec6538779268448451a4d09bacfb3aaa6a3dbd8d36
Opcode Fuzzy Hash: 482527dddfd8eb0907e252b437bd19494a6dfea260ba71937d5eb1d190559979
Instruction Fuzzy Hash: 6471953294721ADB9F388E198A504AE36A9FFE830CB758D36E81497E50F375C891C791

Function 6C8807A7 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C8FC14C
_crt_debugger_hook.MSVCR100(00000001), ref: 6C8FC159
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C8FC161
UnhandledExceptionFilter.KERNEL32(6C8FC198), ref: 6C8FC16C
_crt_debugger_hook.MSVCR100(00000001), ref: 6C8FC17D
GetCurrentProcess.KERNEL32(C0000409), ref: 6C8FC188
TerminateProcess.KERNEL32(00000000), ref: 6C8FC18F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID:
API String ID: 3369434319-0
Opcode ID: e5c7fed9e794039b556320074158891912dedf03367f780dc6fb40a8fc9a76ef
Instruction ID: 339dfe61e8a0343d969cec70216852112c9ea49b56a7426a534403b73785c791
Opcode Fuzzy Hash: e5c7fed9e794039b556320074158891912dedf03367f780dc6fb40a8fc9a76ef
Instruction Fuzzy Hash: 262112B872A200DFCF61DF2CC549E483BB4BB0A304F201169E488A3B50E7789581CF66

Function 6C8FC097 Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C8FC14C
_crt_debugger_hook.MSVCR100(00000001), ref: 6C8FC159
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C8FC161
UnhandledExceptionFilter.KERNEL32(6C8FC198), ref: 6C8FC16C
_crt_debugger_hook.MSVCR100(00000001), ref: 6C8FC17D
GetCurrentProcess.KERNEL32(C0000409), ref: 6C8FC188
TerminateProcess.KERNEL32(00000000), ref: 6C8FC18F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID:
API String ID: 3369434319-0
Opcode ID: 4693068bfcaefc3676fb24211673cf0b9d4f02869792b4e64f561557897f3498
Instruction ID: 607b1102cd8f88c9217182f18e01ddbeb77f47a91d3b6712347014db73d8ed3c
Opcode Fuzzy Hash: 4693068bfcaefc3676fb24211673cf0b9d4f02869792b4e64f561557897f3498
Instruction Fuzzy Hash: 7421F0B8B2A300DFDB21DF2CD549A487BB4BB1A304F20516AE488A7750E7789581CF66

Function 6C88750C Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000080,?,?,00000000), ref: 6C88753C
GetLocaleInfoW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 6C88758E
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000,?,?,00000000), ref: 6C8875AC
_freea_s.MSVCR100(00000000,?,?,00000000), ref: 6C8875B5
malloc.MSVCR100(00000008,?,?,00000000), ref: 6C8B1418

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: InfoLocale$ByteCharMultiWide_freea_smalloc
String ID:
API String ID: 221122905-0
Opcode ID: 0d7988d09113b3945360f487bdf9fb15af870d95117a64e2995ef1c424044461
Instruction ID: 4f298aa5ede5ab7f3342648e22d0137fc50a96433bce848c6ed729b24105842b
Opcode Fuzzy Hash: 0d7988d09113b3945360f487bdf9fb15af870d95117a64e2995ef1c424044461
Instruction Fuzzy Hash: 39218231702118AFDF218F69DD8499F7BB9EF897647204925F52996A90D730C910CAA0

Function 6C8852E4 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(76228410,?,?,6C88726E,?,0000000A,00000000), ref: 6C8A78BE
_invalid_parameter_noinfo.MSVCR100(76228410,?,?,6C88726E,?,0000000A,00000000), ref: 6C8A78C8
_errno.MSVCR100(0000009C,76228410,?,?,6C88726E,?,0000000A,00000000), ref: 6C8A78D4
_invalid_parameter_noinfo.MSVCR100(0000009C,76228410,?,?,6C88726E,?,0000000A,00000000), ref: 6C8A78DE
_errno.MSVCR100(0000009C,76228410,?,?,6C88726E,?,0000000A,00000000), ref: 6C8A78EA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: 55d666dd8a699c4ebf395b86ab4b46f2912cd88d49c6b26b25ca133e50ddebef
Instruction ID: a2c16dc9f058c20b44d46da77e40867fd4d6fb780949081051fabc10bbb4f1a9
Opcode Fuzzy Hash: 55d666dd8a699c4ebf395b86ab4b46f2912cd88d49c6b26b25ca133e50ddebef
Instruction Fuzzy Hash: 1B21973014A3DD8FE33A0E6C86D039D7B45AB43704F24497ED1824BE42E3B08447D762

Function 00FC13E0 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00FC17D9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FC17EE
UnhandledExceptionFilter.KERNEL32(00FC614C), ref: 00FC17F9
GetCurrentProcess.KERNEL32(C0000409), ref: 00FC1815
TerminateProcess.KERNEL32(00000000), ref: 00FC181C

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: c49072741a140be4495f4e9fae54447cfab32f71adf12c91fed56d68d2e93472
Instruction ID: c63f54363f664e0ddc82f59e141e8c68b0f91649f2493e10f69e29c6d7db8231
Opcode Fuzzy Hash: c49072741a140be4495f4e9fae54447cfab32f71adf12c91fed56d68d2e93472
Instruction Fuzzy Hash: DA21C0B594820EDBC710DF68FB8BE943BE0BB88314F10545AE50993361EBF45A84EF49

Function 6C8CCC23 Relevance: 7.5, APIs: 5, Instructions: 47fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc_crt.MSVCR100(00000354,?,?,6C8CCD28,?,00000000,-00000002,6C924BD8), ref: 6C8CCC3D

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

FindClose.KERNEL32(?,?,?,6C8CCD28,?,00000000,-00000002,6C924BD8), ref: 6C8CCC5A
FindFirstFileExW.KERNEL32(-00000002,00000000,00000000,00000000,00000000,?,?,6C8CCD28,?,00000000,-00000002,6C924BD8), ref: 6C8CCC73
FindNextFileW.KERNEL32(?,?,6C8CCD28,?,00000000,-00000002,6C924BD8), ref: 6C8CCC9A
FindClose.KERNEL32(?,6C8CCD28,?,00000000,-00000002,6C924BD8), ref: 6C8CCCAA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Find$CloseFile$FirstNext_malloc_crtmalloc
String ID:
API String ID: 1203757345-0
Opcode ID: 8ae93927c418062f6fe40c3110a01d61cb62cdf4184a5c9779fa3ccd42a0abff
Instruction ID: d388f5d9603a2e42e86a668789ba403b4214165cd1d8a7cf7988b48a552dbd49
Opcode Fuzzy Hash: 8ae93927c418062f6fe40c3110a01d61cb62cdf4184a5c9779fa3ccd42a0abff
Instruction Fuzzy Hash: DE01403171D920ABCF327F2DCA4954A3E7AE7067693218D35F449E2952D234C581DBE2

Function 6C8874D0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000080,?,?,00000000), ref: 6C88753C
GetLocaleInfoW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 6C88758E
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000,?,?,00000000), ref: 6C8875AC
_freea_s.MSVCR100(00000000,?,?,00000000), ref: 6C8875B5
malloc.MSVCR100(00000008,?,?,00000000), ref: 6C8B1418

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: InfoLocale$ByteCharMultiWide_freea_smalloc
String ID:
API String ID: 221122905-0
Opcode ID: a2df3338607f65eadf073bb5f2f19403edddade49385c170909c7551f9e9e770
Instruction ID: 80665f9b1a9498c29ad3dfc055ef9e47d3dcc68cd134a2a5a539ef154af92cbe
Opcode Fuzzy Hash: a2df3338607f65eadf073bb5f2f19403edddade49385c170909c7551f9e9e770
Instruction Fuzzy Hash: 53310331606218EFCF21DF68DD808AE7FB5EF89728B20496DF41897AA5D731C911CB91

Function 6C889D65 Relevance: 3.4, APIs: 2, Instructions: 398COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000), ref: 6C88997A
_invalid_parameter_noinfo.MSVCR100(00000000), ref: 6C889985

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 22eb11deae15242ca14299500fa4d25c19fb800f10e28c5df778358d7178587e
Instruction ID: fdc7f70b6663d490da48d475241e35d47bbc493d96c1eea23bdf6c12b52d7d3f
Opcode Fuzzy Hash: 22eb11deae15242ca14299500fa4d25c19fb800f10e28c5df778358d7178587e
Instruction Fuzzy Hash: 53F16771D06219CFDB24CFA9C6802DDBBF1FF49319F25892AE415ABA84E7358881CF54

Function 6C88867F Relevance: 3.4, APIs: 2, Instructions: 391COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?), ref: 6C888439
_invalid_parameter_noinfo.MSVCR100(?,?), ref: 6C888444

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: b4f148478a261823d2c6ed1807e8a9042bd4fafd02ba1ca4299470f3ae6e3e74
Instruction ID: dbc9f88d909e9b1ebd723c2a312b721cc10461c9c96be14ae80649a2ecba2d2d
Opcode Fuzzy Hash: b4f148478a261823d2c6ed1807e8a9042bd4fafd02ba1ca4299470f3ae6e3e74
Instruction Fuzzy Hash: F8E16771D06219CFDB24CFA8CA402DDB7B1FF49318F64892BD416ABA84E7349846CF55

Function 6C8BECCD Relevance: 2.7, Strings: 2, Instructions: 248COMMON

Download Yara Rule

Strings

$, xrefs: 6C8BEE15
$, xrefs: 6C8BEFBD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID: $$$
API String ID: 0-233714265
Opcode ID: 6cd348a5dd217ca1178e9f3aee923514d3b097b204b1d317a7db7ec938d5a87d
Instruction ID: acde93fe118ceba54c4c07933fc35dc2eb18f909cff83fd4a14d494637ea1bcc
Opcode Fuzzy Hash: 6cd348a5dd217ca1178e9f3aee923514d3b097b204b1d317a7db7ec938d5a87d
Instruction Fuzzy Hash: ABA13870A043229FC325CF19C69091ABBF5FF88704F158AAEE48557B16C730E845CBD2

Function 6C8A0919 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4469d33775efc610c90d5a54e6f23c45139d592197a1da0ac59c99da674671
Instruction ID: b290d5dff72031c69355fd0a639a5d85dae50cf97287f6ddc27820daa422f6ab
Opcode Fuzzy Hash: 1d4469d33775efc610c90d5a54e6f23c45139d592197a1da0ac59c99da674671
Instruction Fuzzy Hash: 1F323622E29F414DDB335575D92232A7258AFE73C9F11E737E82AB5D95EF28C0834140

Function 6C89911E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1167bf62cfa16f65470bf873ac451dad6487e8f6fab60f80fcfc4b7aeb88dbb2
Instruction ID: 1974615b27c978ad16970bf938abce29ae8b7fb360c214dbc69e6bdddba96266
Opcode Fuzzy Hash: 1167bf62cfa16f65470bf873ac451dad6487e8f6fab60f80fcfc4b7aeb88dbb2
Instruction Fuzzy Hash: 37B1D220E2AF504DD63399398871336B66C6FBB2DAF51D72BFC1674D62EB2185838180

Function 6C8897A0 Relevance: 1.8, Strings: 1, Instructions: 525COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 6C8B200B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 116461b6af9e50d81152eee52f47bf0be144d35f4887ade5b78a80316187e95c
Instruction ID: 97187f15ac8fd7fe75a95891d8496cde84863048c68fafea88c1df56acf7897a
Opcode Fuzzy Hash: 116461b6af9e50d81152eee52f47bf0be144d35f4887ade5b78a80316187e95c
Instruction Fuzzy Hash: 0E12E632E116198BDF14CF6CD9402ECB7B2FF89325F258A69D922BBB80D3746905CB50

Function 6C888F83 Relevance: 1.8, Strings: 1, Instructions: 521COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 6C8B23AD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 649c3fabf059fada63081b0a27b495fd08c04900252d2e4fc3f76839b3e46b2a
Instruction ID: 31fdbfcd1ce4898a36877f058f96057d6bdd8dde62607a48aa12ab0f839c7789
Opcode Fuzzy Hash: 649c3fabf059fada63081b0a27b495fd08c04900252d2e4fc3f76839b3e46b2a
Instruction Fuzzy Hash: DD12D532E105198BEF18CF68D9442ECB7B2FBCD324F258A69C921B7B94D3796905CB50

Function 6C883A1C Relevance: 1.4, Strings: 1, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

Strings

N@, xrefs: 6C883A2C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID: N@
API String ID: 0-1509896676
Opcode ID: 3e3bb3f6aa99e6c93c60c160689f60ed24c4f13bccc066950e67d947502959b0
Instruction ID: 61abd47fc9be88342ad740338fe198a705a95a792bdc7559201867c8e2e2d60a
Opcode Fuzzy Hash: 3e3bb3f6aa99e6c93c60c160689f60ed24c4f13bccc066950e67d947502959b0
Instruction Fuzzy Hash: 24718DB19063059FCB18CF49C59469ABBF2FFC4304F1AC9AED8195BB62C7B59944CB80

Function 6C887093 Relevance: .5, Instructions: 489COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0457e82fd6c26bbbf88f5e8785c30622a8b84df1404d1978d4972abcb9b9b02
Instruction ID: b8507550f664575f9a8fc7674f02939e94bed745dbfb33383834534368831077
Opcode Fuzzy Hash: a0457e82fd6c26bbbf88f5e8785c30622a8b84df1404d1978d4972abcb9b9b02
Instruction Fuzzy Hash: 4D02B533E5F6B24B8B324EF906901167AB09E0165831F8BE9FDD13FD96C612DD0696E0

Function 6C886B28 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20665719b90fda382b7dba19209d3c1194d380e10678068e0748481d20890efb
Instruction ID: f9faf792ae79e3238f472448daab1aedeb73c4651306fada1649e561d07170fb
Opcode Fuzzy Hash: 20665719b90fda382b7dba19209d3c1194d380e10678068e0748481d20890efb
Instruction Fuzzy Hash: 3EC19473D5F5B3058732456E4A2822FEE72AE81A4932FC7E4ECD03FD89D6226D1295D0

Function 6C8863C9 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed5cff0a01813fafd6711d61a0486e130f7fe0afc5bf565b8a4de2ace2313daf
Instruction ID: fafcd14b77efd0c47f09a4a74d8d7c6cde23e613488efcbd882d98b785c964ee
Opcode Fuzzy Hash: ed5cff0a01813fafd6711d61a0486e130f7fe0afc5bf565b8a4de2ace2313daf
Instruction Fuzzy Hash: 48C1B573D5F5B3458736456E0A2822FEE716E81A4832FC7E4ECE03FD99C6226D0695D0

Function 6C886018 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ff91678c8d92d41be6310db0eb9c6bc50971a2ee7ef9d0176f89187fc71a1c
Instruction ID: d92991961ba1c9bc4fc264d1b2532160b87fe5bf80858a3e46881fba7606333e
Opcode Fuzzy Hash: 79ff91678c8d92d41be6310db0eb9c6bc50971a2ee7ef9d0176f89187fc71a1c
Instruction Fuzzy Hash: 63B1B773E1F4B3458736456E0A1822FEE726E8164832FC7E9ECD03FD89C6226D0696D0

Function 6C885C2C Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca823542d434767dfc454d6fbc13c8e7faacc0d065e19854960558e85646c42
Instruction ID: 390b4329d844de3dc5228a4c8bd9b6636ef17e5827868a1fc611362bd3969d6d
Opcode Fuzzy Hash: 7ca823542d434767dfc454d6fbc13c8e7faacc0d065e19854960558e85646c42
Instruction Fuzzy Hash: C9318033D4B6728B8B774EA5469050ABB319A00B6835F8BD9EC913FD56C721EC079AD0

Function 6C885C30 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9608d96c399e9c37f84ed254327b0fedbb7739ff5be0a46279c7efa50d4c7723
Instruction ID: cd93f0728b7d41fe70cf79659936595476d4f30ec0472e4ea259cf4c99dfb23b
Opcode Fuzzy Hash: 9608d96c399e9c37f84ed254327b0fedbb7739ff5be0a46279c7efa50d4c7723
Instruction Fuzzy Hash: 2B317033D4B6728B8B774EA54690506BB319A00B6835F8BD8FC913FD56C721EC079AE0

Function 6C8871A3 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55036ecb0fcb64df517c6a349dcdd9159f9398ee6ae62d10c5fb27a1f95ba203
Instruction ID: 5c992faee9a73fa971befa768b54fd2aeed5bf5eecc4b4912f2027fde669b6c7
Opcode Fuzzy Hash: 55036ecb0fcb64df517c6a349dcdd9159f9398ee6ae62d10c5fb27a1f95ba203
Instruction Fuzzy Hash: 83316433E1B4724AC7328659865851EE772AF81B5C36AC7E5FC802FD58D722AC4396D0

Function 6C8721F0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: fac4d9cd1db54d94de5ac07bad1f285dbc677adc86eeda26988e639e907f4a7e
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 15112977222042C3D270856DD6FC7AEE395FAD63287394B6DC0614BE54F12BE0459520

Function 6C87F680 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4cba1f9ec7cf9bc3b294aaf59b00a3e3eb590f9ccc61d483349e8552aee5ba0
Instruction ID: 02b93dd43f4ec1ea8e74a15e8ee9bcfdc8717f50b1e5c9e16038fefa6d97f7e9
Opcode Fuzzy Hash: a4cba1f9ec7cf9bc3b294aaf59b00a3e3eb590f9ccc61d483349e8552aee5ba0
Instruction Fuzzy Hash: D9D0EA4685F3D40FD3279A305C692A5FF369E57015B1AB6E7C1D2EF4B3C189980AC32A

Function 6C8933B8 Relevance: 54.6, APIs: 30, Strings: 1, Instructions: 367COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcslen.LIBCMT(?,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?,00000000), ref: 6C89340B
_calloc_crt.MSVCR100(00000002,00000002,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?,00000000), ref: 6C893438
_wdupenv_s.MSVCR100(00000000,00000000,?,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?), ref: 6C893455
_wcslen.LIBCMT(?,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?,00000000), ref: 6C893469
_wcslen.LIBCMT(00000000,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?,00000000), ref: 6C89347D
wcscpy_s.MSVCR100(?,?,00000000,00000000,00000000,00000000,00000000,00000000,6C924F80,00000000), ref: 6C8934B4
_wcslen.LIBCMT(?,?,?,?,00000000,00000000,00000000,00000000,00000000,6C924F80,00000000), ref: 6C8934C6
wcscpy_s.MSVCR100(?,?,00000000,00000000,00000000,00000000,00000000,00000000,6C924F80,00000000), ref: 6C8934EA
_wcslen.LIBCMT(?,?,?,?,00000000,00000000,00000000,00000000,00000000,6C924F80,00000000), ref: 6C8934FC

Strings

SystemRoot, xrefs: 6C8933E5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _wcslen$wcscpy_s$_calloc_crt_wdupenv_s
String ID: SystemRoot
API String ID: 2825862306-2034820756
Opcode ID: 06940a7ad6ce6de4e2a377b5580fa4820db09b20c323ca8cab785a1b50eeefed
Instruction ID: 3eba151c4420d76b2c287228c8364d50920f16c83cfab17cc3bb8efd53f18f7f
Opcode Fuzzy Hash: 06940a7ad6ce6de4e2a377b5580fa4820db09b20c323ca8cab785a1b50eeefed
Instruction Fuzzy Hash: 8FD1B271905254DFDF20DFA9DA80ADDB7F5EF08318F14492EE845A7B40DB35A846CB60

Function 6C88DD9D Relevance: 47.5, APIs: 9, Strings: 18, Instructions: 277COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6C88DCE4
DName::DName.LIBCMT ref: 6C88E26D
DName::operator+.LIBCMT ref: 6C88E274
DName::operator+.LIBCMT ref: 6C88F2B9

Strings

<unknown>, xrefs: 6C891D74
__int8, xrefs: 6C88DBDF
const, xrefs: 6C88DCA2
__w64 , xrefs: 6C88DBF6
volatile, xrefs: 6C88DCCA
signed , xrefs: 6C891D60
wchar_t, xrefs: 6C88E22E
UNKNOWN, xrefs: 6C891D6A
__int32, xrefs: 6C88DC2A
double, xrefs: 6C88DDE4
volatile, xrefs: 6C88DCB8
__int64, xrefs: 6C891D44
long , xrefs: 6C891E22
void, xrefs: 6C891D86
bool, xrefs: 6C88F7AA
__int128, xrefs: 6C88DC34
unsigned , xrefs: 6C88E265
__int16, xrefs: 6C88DC20

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::operator+
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$const$double$long $signed $unsigned $void$volatile$wchar_t
API String ID: 742485988-1531502760
Opcode ID: 35a9e9a7c05722da76f769b1fd44a84b898f5bcf4dcb718e7fb0a065b158fc41
Instruction ID: 6a99d9832e08ecab6a1a04decc2f944c907fdb889ef06910345123890955c3b9
Opcode Fuzzy Hash: 35a9e9a7c05722da76f769b1fd44a84b898f5bcf4dcb718e7fb0a065b158fc41
Instruction Fuzzy Hash: B691D07590B14BABCF34DE98CB80AED7778AF16355F204E67F420E6E91C7308A048B50

Function 6C89022F Relevance: 47.0, APIs: 31, Instructions: 498fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C8900E5
_isatty.MSVCR100(?,?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002), ref: 6C8902BE
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE), ref: 6C8902EF
__doserrno.MSVCR100(00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?), ref: 6C8AFD95
_errno.MSVCR100(00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?), ref: 6C8AFD9C
_invalid_parameter_noinfo.MSVCR100(00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?), ref: 6C8AFDA7
__doserrno.MSVCR100(?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0), ref: 6C8AFDC2
_errno.MSVCR100(?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0), ref: 6C8AFDCA
_invalid_parameter_noinfo.MSVCR100(?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0), ref: 6C8AFDD5
__lseeki64_nolock.LIBCMT ref: 6C8AFDE6
_getptd.MSVCR100(?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0), ref: 6C8AFE00
GetConsoleMode.KERNEL32(?,?,?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002), ref: 6C8AFE1E
GetConsoleCP.KERNEL32(?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?), ref: 6C8AFE3E
isleadbyte.MSVCR100(00000000), ref: 6C8AFEAE
__fassign.LIBCMT(?,?,00000002), ref: 6C8AFED8
__fassign.LIBCMT(?,?,00000001), ref: 6C8AFEFC
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6C8AFF2E
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6C8AFF57
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C8AFFB0
_putwch_nolock.MSVCR100(?), ref: 6C8B0013
_putwch_nolock.MSVCR100(0000000D), ref: 6C8B0040

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: FileWrite$Console__doserrno__fassign_errno_invalid_parameter_noinfo_putwch_nolock$ByteCharErrorLastModeMultiWide__lseeki64_nolock_getptd_isattyisleadbyte
String ID:
API String ID: 1737003884-0
Opcode ID: 6fcbc833493e4fb4849771c93d00f0681ec2770426f81d0c1a13bbcb40741262
Instruction ID: a668ea3ccb9ed2999ff453d02047f1b2219e81467dfd20a4a718a4ff7a3089ff
Opcode Fuzzy Hash: 6fcbc833493e4fb4849771c93d00f0681ec2770426f81d0c1a13bbcb40741262
Instruction Fuzzy Hash: 77127075B066A89FCB318F58CE84BD977B4BB0A318F1409E9E409E7E81D7709984CF52

Function 6C893687 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8936BF
_errno.MSVCR100 ref: 6C8936C9
_wspawnve.MSVCR100(?,?,?,?), ref: 6C8936DA

Part of subcall function 6C8935D0: wcsrchr.MSVCR100(?,0000005C), ref: 6C89360D
Part of subcall function 6C8935D0: wcsrchr.MSVCR100(?,0000002F,?,0000005C), ref: 6C893617
Part of subcall function 6C8935D0: wcsrchr.MSVCR100(00000000,0000002E), ref: 6C893636
Part of subcall function 6C8935D0: _waccess_s.MSVCR100(?,00000000), ref: 6C89364A

_errno.MSVCR100 ref: 6C8936EE
_errno.MSVCR100 ref: 6C8936F7
_errno.MSVCR100 ref: 6C89371A
_errno.MSVCR100 ref: 6C8A8499
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A84A4
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A84B7
_errno.MSVCR100 ref: 6C8A84C4
wcschr.MSVCR100(?,0000002F), ref: 6C8A84D7
_wdupenv_s.MSVCR100(?,00000000,PATH), ref: 6C8A84F0
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8A850A
_calloc_crt.MSVCR100(00000104,00000002), ref: 6C8A8520
_wcslen.LIBCMT(00000000), ref: 6C8A8549
wcscat_s.MSVCR100(00000000,00000104,6C8B3050), ref: 6C8A8567
_wcslen.LIBCMT(00000000), ref: 6C8A8574
_wcslen.LIBCMT(?,00000000), ref: 6C8A857F
wcscat_s.MSVCR100(00000000,00000104,?), ref: 6C8A859D
_errno.MSVCR100 ref: 6C8A85AD
_wspawnve.MSVCR100(?,00000000,?,?), ref: 6C8A85BE
_errno.MSVCR100 ref: 6C8A85D2
__doserrno.MSVCR100 ref: 6C8A85DC
free.MSVCR100(00000000), ref: 6C8A862B

Strings

PATH, xrefs: 6C8A84E6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_wcslenwcsrchr$_invalid_parameter_noinfo_wspawnvewcscat_s$__doserrno__invoke_watson_calloc_crt_waccess_s_wdupenv_sfreewcschr
String ID: PATH
API String ID: 3726462291-1036084923
Opcode ID: 949df511a97604720414fdb1c3cca2cfe945bed02507162767139fe788d4a4d9
Instruction ID: 5e5c2b8a65112c5a34b18d5feb3ba75bcd4298aba3a6876912977e695cb93888
Opcode Fuzzy Hash: 949df511a97604720414fdb1c3cca2cfe945bed02507162767139fe788d4a4d9
Instruction Fuzzy Hash: D251D571902554AFCF325BAD8F409EE3B75AF0632CB200D36E82497E90FB368D559A61

Function 6C890AC7 Relevance: 42.3, APIs: 28, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C890B2C
_waccess_s.MSVCR100(?,00000000), ref: 6C890B36

Part of subcall function 6C8827B6: GetFileAttributesW.KERNEL32(?), ref: 6C8827D7

_errno.MSVCR100 ref: 6C890B43
_wdupenv_s.MSVCR100(?,00000000,?), ref: 6C890B66

Part of subcall function 6C88FD24: _lock.MSVCR100(00000007,6C88FD98,0000000C), ref: 6C88FD32

_wcslen.LIBCMT(?), ref: 6C890B8B
_errno.MSVCR100(00000000,00000000,00000000), ref: 6C890BAE
_wcslen.LIBCMT(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C890C08
wcscpy_s.MSVCR100(00000000,00000002,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C890C51
_waccess_s.MSVCR100(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C890C68
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C890C8B
wcscpy_s.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C890CA5
free.MSVCR100(?), ref: 6C890CE1
_errno.MSVCR100 ref: 6C8B10C4
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B10CE
_wfullpath.MSVCR100(?,?,?), ref: 6C8B10E7
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8B110D
_wcslen.LIBCMT(?,00000000,00000000,00000000,00000000,00000000), ref: 6C8B1118
_calloc_crt.MSVCR100(00000002,00000002,?,00000000,00000000,00000000,00000000,00000000), ref: 6C8B1124
_errno.MSVCR100(?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C8B113F
_errno.MSVCR100(?,?,?,00000000,00000000,00000000), ref: 6C8B115A
_wcslen.LIBCMT(?,?,?,?,00000000,00000000,00000000), ref: 6C8B116A
_calloc_crt.MSVCR100(00000002,00000002,?,?,?,?,00000000,00000000,00000000), ref: 6C8B1176
_errno.MSVCR100 ref: 6C8B11AF
_errno.MSVCR100 ref: 6C8B11BA
free.MSVCR100(?), ref: 6C8B11CC
free.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C8B11F0
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C8B11F6
free.MSVCR100(?), ref: 6C8B1209

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_wcslenfree$_calloc_crt_waccess_swcscpy_s$AttributesFile__invoke_watson_invalid_parameter_noinfo_lock_wdupenv_s_wfullpath
String ID:
API String ID: 1320518012-0
Opcode ID: be730c78f5aa9adcda6d1e3b4d71e88c7b9367581e231083a1b5ed1a3f34312b
Instruction ID: 2f3563331f89700a0e779daecfdadec948b4c27c41ae11b962ab3c0048daf31c
Opcode Fuzzy Hash: be730c78f5aa9adcda6d1e3b4d71e88c7b9367581e231083a1b5ed1a3f34312b
Instruction Fuzzy Hash: D6918171D422699ADF319F68DE887DD77B5AF09308F1009E5D408EBB60EB30CA858F91

Function 6C895276 Relevance: 40.7, APIs: 20, Strings: 3, Instructions: 455COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C895256
DName::operator+.LIBCMT ref: 6C89525D
DName::operator+.LIBCMT ref: 6C895320
DName::operator=.LIBCMT ref: 6C89536F
DName::operator=.LIBCMT ref: 6C898874
DName::DName.LIBCMT ref: 6C8AD7AA

Strings

operator, xrefs: 6C89524E
`string', xrefs: 6C8AD86D
`anonymous namespace', xrefs: 6C8AD8A4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::Name::operator+Name::operator=
String ID: `anonymous namespace'$`string'$operator
API String ID: 2383713746-815891235
Opcode ID: f298803bdd585405cc65989529d4bd0e79522b7e679ee05a0d79e17ccefd8db5
Instruction ID: 58b6d160dff06126d34e4684a483f38328d3e9267d8d614e67b63baf84c05f0d
Opcode Fuzzy Hash: f298803bdd585405cc65989529d4bd0e79522b7e679ee05a0d79e17ccefd8db5
Instruction Fuzzy Hash: 0502A271909259AFCF24DFE8CA94AEDBBB4BF06704F10097BE411EBA50DB359946CB40

Function 00FC2BFF Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00FC1631), ref: 00FC2C07
__mtterm.LIBCMT ref: 00FC2C13

Part of subcall function 00FC294C: DecodePointer.KERNEL32(00000004,00FC2D75,?,00FC1631), ref: 00FC295D
Part of subcall function 00FC294C: TlsFree.KERNEL32(00000002,00FC2D75,?,00FC1631), ref: 00FC2977
Part of subcall function 00FC294C: DeleteCriticalSection.KERNEL32(00000000,00000000,77375810,?,00FC2D75,?,00FC1631), ref: 00FC3182
Part of subcall function 00FC294C: _free.LIBCMT ref: 00FC3185
Part of subcall function 00FC294C: DeleteCriticalSection.KERNEL32(00000002,77375810,?,00FC2D75,?,00FC1631), ref: 00FC31AC

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00FC2C29
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00FC2C36
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00FC2C43
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00FC2C50
TlsAlloc.KERNEL32(?,00FC1631), ref: 00FC2CA0
TlsSetValue.KERNEL32(00000000,?,00FC1631), ref: 00FC2CBB
__init_pointers.LIBCMT ref: 00FC2CC5
EncodePointer.KERNEL32(?,00FC1631), ref: 00FC2CD6
EncodePointer.KERNEL32(?,00FC1631), ref: 00FC2CE3
EncodePointer.KERNEL32(?,00FC1631), ref: 00FC2CF0
EncodePointer.KERNEL32(?,00FC1631), ref: 00FC2CFD
DecodePointer.KERNEL32(00FC2AD0,?,00FC1631), ref: 00FC2D1E
__calloc_crt.LIBCMT ref: 00FC2D33
DecodePointer.KERNEL32(00000000,?,00FC1631), ref: 00FC2D4D
GetCurrentThreadId.KERNEL32 ref: 00FC2D5F

Strings

FlsGetValue, xrefs: 00FC2C2B
FlsSetValue, xrefs: 00FC2C38
FlsFree, xrefs: 00FC2C45
FlsAlloc, xrefs: 00FC2C23
KERNEL32.DLL, xrefs: 00FC2C02

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3698121176-3819984048
Opcode ID: 2255499ad2471929f40c61afb0cc94aeae4dcde15bac8d337cab28c6916f8b0a
Instruction ID: 45ed7e5b006feaa6be783c076177f685737ffb6e04b88eeefd1c92afd08f44d1
Opcode Fuzzy Hash: 2255499ad2471929f40c61afb0cc94aeae4dcde15bac8d337cab28c6916f8b0a
Instruction Fuzzy Hash: 6631523294431E9EC7509B74AF0BF193AA4FB4876DB18891EE405D32B8DB79A440FF52

Function 6C88B398 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 110libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B3A0
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6C88B3BD
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6C88B3CA
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6C88B3D7
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6C88B3E4
TlsAlloc.KERNEL32(?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B420
TlsSetValue.KERNEL32(00000000,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B43B
__init_pointers.LIBCMT ref: 6C88B445

Part of subcall function 6C88B365: _encoded_null.MSVCR100(7622DFB0,6C88B44A,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B368
Part of subcall function 6C88B365: __initp_misc_winsig.LIBCMT ref: 6C88B388

EncodePointer.KERNEL32(?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B456
EncodePointer.KERNEL32(?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B463
EncodePointer.KERNEL32(?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B470
EncodePointer.KERNEL32(?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B47D
DecodePointer.KERNEL32(?,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B49E
_calloc_crt.MSVCR100(00000001,00000214,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B4B3
DecodePointer.KERNEL32(00000000,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B4CD
_initptd.MSVCR100(00000000,00000000,?,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B4D8

Part of subcall function 6C88215F: GetModuleHandleW.KERNEL32(KERNEL32.DLL,6C882200,00000008,6C8A75E9,00000000,00000000), ref: 6C882170
Part of subcall function 6C88215F: _lock.MSVCR100(0000000D), ref: 6C8821A4
Part of subcall function 6C88215F: InterlockedIncrement.KERNEL32(?), ref: 6C8821B1
Part of subcall function 6C88215F: _lock.MSVCR100(0000000C), ref: 6C8821C5

GetCurrentThreadId.KERNEL32 ref: 6C88B4DF

Strings

KERNEL32.DLL, xrefs: 6C88B39B
FlsFree, xrefs: 6C88B3D9
FlsGetValue, xrefs: 6C88B3BF
FlsAlloc, xrefs: 6C88B3B7
FlsSetValue, xrefs: 6C88B3CC

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$DecodeHandleModule_lock$AllocCurrentIncrementInterlockedThreadValue__init_pointers__initp_misc_winsig_calloc_crt_encoded_null_initptd
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3305441573-3819984048
Opcode ID: face5b2bbf5095cfc5ae21cd9a1ad07c27dccd096ed9900860cc99aaa6e65647
Instruction ID: ada13d5688a0c4f2c0f8c98bafc803dc01978d6eb07765045ce560aee11c4721
Opcode Fuzzy Hash: face5b2bbf5095cfc5ae21cd9a1ad07c27dccd096ed9900860cc99aaa6e65647
Instruction Fuzzy Hash: 6B318231B162619BDF319B79CD48A1B3BB4FB467697300926E5A4C3E90EB78C045DF60

Function 6C8854B9 Relevance: 34.8, APIs: 23, Instructions: 295COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 6C8712D7
free.MSVCR100(?), ref: 6C87131B
_malloc_crt.MSVCR100(00000004), ref: 6C8854FE

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

_calloc_crt.MSVCR100(00000180,00000002,00000004), ref: 6C88550E
_calloc_crt.MSVCR100(00000180,00000001,00000180,00000002,00000004), ref: 6C885519
_calloc_crt.MSVCR100(00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6C885524
_calloc_crt.MSVCR100(00000101,00000001,00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6C885533
GetCPInfo.KERNEL32(?,?), ref: 6C885586
___crtGetStringTypeA.LIBCMT ref: 6C8855CA
__crtLCMapStringA.MSVCR100(00000000,?,00000100,?,000000FF,?,000000FF,?,00000000), ref: 6C8855FD
__crtLCMapStringA.MSVCR100(00000000,?,00000200,?,000000FF,?,000000FF,?,00000000), ref: 6C88562A
memcpy.MSVCR100(?,?,000000FE), ref: 6C885684
memcpy.MSVCR100(?,?,0000007F,?,?,000000FE), ref: 6C885693
memcpy.MSVCR100(?,?,0000007F,?,?,0000007F,?,?,000000FE), ref: 6C8856A5
free.MSVCR100(?), ref: 6C8856FA

Part of subcall function 6C88014E: RtlFreeHeap.NTDLL(00000000,00000000,?,6C8A7602,00000000), ref: 6C880164

free.MSVCR100(?,?), ref: 6C8B0A76
free.MSVCR100(?,?,?), ref: 6C8B0A7E
free.MSVCR100(?,?,?,?), ref: 6C8B0A86

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$_calloc_crt$Stringmemcpy$__crt$DecrementFreeHeapInfoInterlockedType___crt_malloc_crtmalloc
String ID:
API String ID: 3303389740-0
Opcode ID: 4952abbcc3f4e088134eda30b3e70e84782a8863bdc8a6734ba4df31b927db9f
Instruction ID: c02d69579ac509e14d375b3715cc6d658b57db4955d873fc8f52d3a4ba913f15
Opcode Fuzzy Hash: 4952abbcc3f4e088134eda30b3e70e84782a8863bdc8a6734ba4df31b927db9f
Instruction Fuzzy Hash: 9DB16FB1D023459BEB20CFA8CA91BEEBBF5BF09304F100969E456A7E50D735A844CB60

Function 6C8926C3 Relevance: 34.7, APIs: 23, Instructions: 213COMMON

Download Yara Rule

APIs

wcsnlen.MSVCR100(?,00007FFF,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8926ED
wcsnlen.MSVCR100(?,00007FFF,?,00007FFF,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8926F8
_calloc_crt.MSVCR100(00000002,00000002), ref: 6C892717
wcscpy_s.MSVCR100(00000000,00000002,?), ref: 6C89272E
wcscpy_s.MSVCR100(?,00000002,?,00000000,00000002,?), ref: 6C89274B

Part of subcall function 6C89248A: wcschr.MSVCR100(00000000,0000003D,7622DF80,00000000,00F018B0), ref: 6C8924B5
Part of subcall function 6C89248A: free.MSVCR100(?,7622DF80,00000000,00F018B0), ref: 6C892528

WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C892789
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C8927A5
_calloc_crt.MSVCR100(00000000,00000001), ref: 6C8927B2
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C8927CB
_strlen.LIBCMT(00000000), ref: 6C8927DD
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C8927FB
_errno.MSVCR100 ref: 6C892820
_errno.MSVCR100(?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B0FD6
_invalid_parameter_noinfo.MSVCR100(?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B0FE1
wcschr.MSVCR100(?,0000003D,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B0FF1
wcsnlen.MSVCR100(-00000002,00007FFF,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B1015
_wcslen.LIBCMT(?,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B1021
_calloc_crt.MSVCR100(00000001,00000002,?,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B102C
wcscpy_s.MSVCR100(00000000,00000001,?), ref: 6C8B1042
_errno.MSVCR100(?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B104F
_invalid_parameter_noinfo.MSVCR100(?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8B105A
free.MSVCR100(00000000), ref: 6C8B1075
free.MSVCR100(?), ref: 6C8B1097

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide$_calloc_crt_errnofreewcscpy_swcsnlen$_invalid_parameter_noinfowcschr$_strlen_wcslen
String ID:
API String ID: 928254730-0
Opcode ID: bbec2b62aa3a26488209e03f38048d7440391494cc6ee4dd2d9769c53401ce6b
Instruction ID: 7f25f7e382884d179025036204131000416424ff2364fc7dae4741fbc07afecd
Opcode Fuzzy Hash: bbec2b62aa3a26488209e03f38048d7440391494cc6ee4dd2d9769c53401ce6b
Instruction Fuzzy Hash: B751E871507268BACB315BAC8E88DDF3A6CDF46774B204D25F024AAE90EB39C541D6B0

Function 6C8FCFB3 Relevance: 34.7, APIs: 23, Instructions: 201stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FCFC8
_invalid_parameter_noinfo.MSVCR100(?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FCFD3

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_mbschr.MSVCR100(?,0000003D,?,?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FCFE9
_strnlen.LIBCMT(00000001,00007FFF,?,?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FD004
_strlen.LIBCMT(?,?,?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FD010
_calloc_crt.MSVCR100(00000001,00000001,?,?,?,?,00000007,00000007,?,6C8FD1C2,?,00000000,6C8FD1E8,0000000C), ref: 6C8FD01B
strcpy_s.MSVCR100(00000000,00000001,?), ref: 6C8FD031
free.MSVCR100(00000000), ref: 6C8FD18E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_errno_invalid_parameter_invalid_parameter_noinfo_mbschr_strlen_strnlenfreestrcpy_s
String ID:
API String ID: 698896286-0
Opcode ID: b07db2c83a9701018cfca282080a261e485ef4727061087c8d9626abf9091155
Instruction ID: b77958950e4b38f237df71fe560ba78b7842fb4178ad9874284540b3b699efd1
Opcode Fuzzy Hash: b07db2c83a9701018cfca282080a261e485ef4727061087c8d9626abf9091155
Instruction Fuzzy Hash: D951F872405115BBDF315FA88E84DAE7BACDF453A8F200D3BF63497A80DB358986C661

Function 6C897B2C Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

_FindAndUnlinkFrame.MSVCR100(?), ref: 6C897B42

Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C897846
Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C89785A

_getptd.MSVCR100 ref: 6C897B58
_getptd.MSVCR100 ref: 6C897B67
_getptd.MSVCR100 ref: 6C897B78
_getptd.MSVCR100 ref: 6C897B8C
_IsExceptionObjectToBeDestroyed.MSVCR100(?), ref: 6C897B9A

Part of subcall function 6C897C17: _getptd.MSVCR100(?,6C897B9F,?), ref: 6C897C1C

_getptd.MSVCR100(00000001), ref: 6C897BA6
__DestructExceptionObject.MSVCR100(?,00000001), ref: 6C897BB1
_getptd.MSVCR100 ref: 6C897BB8
_getptd.MSVCR100 ref: 6C897BC7
_getptd.MSVCR100 ref: 6C897BD8
_getptd.MSVCR100 ref: 6C897BF6
_getptd.MSVCR100 ref: 6C897C04
_getptd.MSVCR100 ref: 6C8ACA49
_getptd.MSVCR100 ref: 6C8ACA61

Strings

csm, xrefs: 6C897B4C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
String ID: csm
API String ID: 473968603-1018135373
Opcode ID: 7c00eafc30ea7a7b13f024ac2faff1589b0cf6e0009a91ce2b35c0ac754900c2
Instruction ID: 33ef69de0ff77b85f7b03823d6791eb29a11ab46813f6f2d77ac21878a6feb88
Opcode Fuzzy Hash: 7c00eafc30ea7a7b13f024ac2faff1589b0cf6e0009a91ce2b35c0ac754900c2
Instruction Fuzzy Hash: D831EC30207244DFC224EF5DCA44F9537A5AF8122DF968CB5D4588BE72CB329D89CB62

Function 6C8935D0 Relevance: 33.2, APIs: 22, Instructions: 192COMMONLIBRARYCODE

Download Yara Rule

APIs

wcsrchr.MSVCR100(?,0000005C), ref: 6C89360D
wcsrchr.MSVCR100(?,0000002F,?,0000005C), ref: 6C893617
wcsrchr.MSVCR100(00000000,0000002E), ref: 6C893636
_waccess_s.MSVCR100(?,00000000), ref: 6C89364A
_errno.MSVCR100 ref: 6C89367D
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A833A
wcschr.MSVCR100(?,0000003A), ref: 6C8A834A
_wcslen.LIBCMT(?), ref: 6C8A835C
_calloc_crt.MSVCR100(00000003,00000002,?), ref: 6C8A8367
wcscpy_s.MSVCR100(00000000,00000003,6C8B3048), ref: 6C8A837F
wcscat_s.MSVCR100(00000000,00000003,?), ref: 6C8A838E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: wcsrchr$_calloc_crt_errno_invalid_parameter_noinfo_waccess_s_wcslenwcscat_swcschrwcscpy_s
String ID:
API String ID: 255226058-0
Opcode ID: a3efdf9d31581297a82b0d38b93e42b6c48c392c7641cbcdad04662d307a4e88
Instruction ID: 6ed00d8fe85ed394192cf5b690550d48e7e1b47bd5604e1a7904851cb1888ed4
Opcode Fuzzy Hash: a3efdf9d31581297a82b0d38b93e42b6c48c392c7641cbcdad04662d307a4e88
Instruction Fuzzy Hash: B0510571802255BEDB329BAD8F40AEE7778EF01328F100D35E914A7F90EB358E159A60

Function 6C8D254F Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D2567
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D2572

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8D2597
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D25A2

Strings

PATH, xrefs: 6C8D2600

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
String ID: PATH
API String ID: 1328987296-1036084923
Opcode ID: d8f17b4b9b106e52056e1a98f2b662c21417661e9f953197eeb3a873fc873b81
Instruction ID: b9da6ed3750a93466b312b993a6912345e8233361315aea2b4597580b2e6e58e
Opcode Fuzzy Hash: d8f17b4b9b106e52056e1a98f2b662c21417661e9f953197eeb3a873fc873b81
Instruction Fuzzy Hash: 7031E671802644AEDB31AF6D8E849DD7B74BF42378F220E61E43097E90EB359D448B61

Function 6C8F612B Relevance: 30.3, APIs: 20, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6C8F6146

Part of subcall function 6C8F5907: DName::DName.LIBCMT ref: 6C8F591A
Part of subcall function 6C8F5907: DName::operator+.LIBCMT ref: 6C8F5921

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 76f4bf98e185198e3e487115d69f5eddac008b081e0595b375d55f85eaf8ac2e
Instruction ID: beb7f410e26d84b0ca73cd607d0bd60d6543e9565bed4450dc0d2a2109c46270
Opcode Fuzzy Hash: 76f4bf98e185198e3e487115d69f5eddac008b081e0595b375d55f85eaf8ac2e
Instruction Fuzzy Hash: DFD15275901209AFCF21DFA8CA81AEEBBF4BF09344F10496AE551E7B90DB34DA45CB50

Function 6C89248A Relevance: 30.2, APIs: 20, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

wcschr.MSVCR100(00000000,0000003D,7622DF80,00000000,00F018B0), ref: 6C8924B5
free.MSVCR100(?,7622DF80,00000000,00F018B0), ref: 6C892528
_errno.MSVCR100(7622DF80,00000000,00F018B0), ref: 6C8973F0
_errno.MSVCR100(00F018B0), ref: 6C8B1473
_invalid_parameter_noinfo.MSVCR100(00F018B0), ref: 6C8B147E
___mbtow_environ.LIBCMT ref: 6C8B14B0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$___mbtow_environ_invalid_parameter_noinfofreewcschr
String ID:
API String ID: 3080074160-0
Opcode ID: af755c8d4bdbd682ffacdfc3325a1cd7e84745176f8b317d06db775d2fe84595
Instruction ID: 9eee6c0920ba500064bcb7a58959a56949fd696493f62cc9c4a5293615c56845
Opcode Fuzzy Hash: af755c8d4bdbd682ffacdfc3325a1cd7e84745176f8b317d06db775d2fe84595
Instruction Fuzzy Hash: CD71F4B1606114EFDB318F6CCA8059D77B5FB06B18B200D29D452EBF90EB35CA818B80

Function 6C892614 Relevance: 30.2, APIs: 20, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

_mbschr.MSVCR100(00000000,0000003D,00000000,00000000,7622DFF0), ref: 6C89263B

Part of subcall function 6C8925FD: _mbschr_l.MSVCR100(00000000,00000000,00000000,?,6C892640,00000000,0000003D,00000000,00000000,7622DFF0), ref: 6C89260A

free.MSVCR100(00000000,00000000,00000000,7622DFF0), ref: 6C8926A2
_errno.MSVCR100(00000000,00000000,7622DFF0), ref: 6C8926B4
_errno.MSVCR100(7622DFF0), ref: 6C8B1B83
_invalid_parameter_noinfo.MSVCR100(7622DFF0), ref: 6C8B1B8E
___wtomb_environ.LIBCMT ref: 6C8B1BB7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$___wtomb_environ_invalid_parameter_noinfo_mbschr_mbschr_lfree
String ID:
API String ID: 679965329-0
Opcode ID: dd9a7ee6d7649781d3f65285d36ac20b2e8165fe3c774dc0ec03f66f9c3fc75c
Instruction ID: 9ed9a87138ed92885e5d5c294a32bd009526c87c6bee12485fa8ce80f9da95e9
Opcode Fuzzy Hash: dd9a7ee6d7649781d3f65285d36ac20b2e8165fe3c774dc0ec03f66f9c3fc75c
Instruction Fuzzy Hash: 3C61DFB2A09205EFCF31AF6CCA8049D77B4EB41318B210E3DD5A0BBF90EB3499448B51

Function 6C8968DC Relevance: 28.8, APIs: 19, Instructions: 273COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT(?,000000FF,00000024), ref: 6C896905
_get_daylight.MSVCR100(?), ref: 6C896941
_get_dstbias.MSVCR100(?), ref: 6C896953
_get_timezone.MSVCR100(?), ref: 6C896965
_gmtime64_s.MSVCR100(?,?), ref: 6C896999
_errno.MSVCR100 ref: 6C8969BF
_gmtime64_s.MSVCR100(?,?), ref: 6C8969CB
_errno.MSVCR100 ref: 6C8A9DE1
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9DEB
_errno.MSVCR100 ref: 6C8A9DF7
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9E01
_gmtime64_s.MSVCR100(?,?), ref: 6C8A9E3A
__allrem.LIBCMT ref: 6C8A9EA5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8A9EC1
__allrem.LIBCMT ref: 6C8A9ED8
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8A9EF6
__allrem.LIBCMT ref: 6C8A9F0D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __allrem_errno_gmtime64_s$Unothrow_t@std@@@__ehfuncinfo$??2@_invalid_parameter_noinfo$_get_daylight_get_dstbias_get_timezone_memset
String ID:
API String ID: 3568092448-0
Opcode ID: 2410b5a76dea4bebb5b0e4da6521188fea6587f60a2b6088ff022e89c0ac0746
Instruction ID: bb9ab668b93263c3d4fbc48a77340a86a4eaef93e7fc12c60d07c50cefce3cd7
Opcode Fuzzy Hash: 2410b5a76dea4bebb5b0e4da6521188fea6587f60a2b6088ff022e89c0ac0746
Instruction Fuzzy Hash: 2081C471A057059BE7349ABCCE80B9E73E99F86328F184E3AE414D7F80E775E9054790

Function 6C8C97E4 Relevance: 28.7, APIs: 19, Instructions: 201COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6C8C9848
GetLastError.KERNEL32 ref: 6C8C9855
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C986D
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C987B
GetLastError.KERNEL32 ref: 6C8C98A2
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C98BA
GetLastError.KERNEL32 ref: 6C8C98DD
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C98F5
??_U@YAPAXI@Z.MSVCR100(?), ref: 6C8C9931
??_V@YAXPAX@Z.MSVCR100(00000000), ref: 6C8C9953
GetLastError.KERNEL32 ref: 6C8C9959
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C9971
??_V@YAXPAX@Z.MSVCR100(00000000), ref: 6C8C99A4
GetLastError.KERNEL32 ref: 6C8C99AA
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C99C2
GetCurrentProcess.KERNEL32 ref: 6C8C99D4
??_V@YAXPAX@Z.MSVCR100(00000000), ref: 6C8C9A13
GetLastError.KERNEL32 ref: 6C8C9A1E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C9A36

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLast$CreateCurrentEventExceptionProcessThrow
String ID:
API String ID: 1407495742-0
Opcode ID: bb4c2c72de022be99335d4f8a4d645e23c13837e999e948ee82bb4a01fbe237e
Instruction ID: bbdd658e4def802ae91d5a537580cf981c67edef2ea0cc238bdaf86719648911
Opcode Fuzzy Hash: bb4c2c72de022be99335d4f8a4d645e23c13837e999e948ee82bb4a01fbe237e
Instruction Fuzzy Hash: 6B715E716142099FC730DF59CAC5AAABBF8FB49708B60493DE046D6E50D738EA08CF51

Function 6C88F9A4 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 233COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C8AD3AE
DName::DName.LIBCMT ref: 6C8AD3E3
atol.MSVCR100(6C88F99F,6C88F99F,00000010,FFFF0000,00000000,00000000), ref: 6C8AD46D

Strings

., xrefs: 6C8AD360
NULL, xrefs: 6C8AD3A7
`non-type-template-parameter, xrefs: 6C8AD4BF
., xrefs: 6C8AD35A
`template-parameter, xrefs: 6C8AD498

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::$atol
String ID: .$.$NULL$`non-type-template-parameter$`template-parameter
API String ID: 2083219425-3945972591
Opcode ID: 196cef72b09cb35ff3ac50d81015c4e6cf40943e5f3826c4fb22ddc62bf471d5
Instruction ID: 47059172a73bd0bd3c900e909c89aee04d7e2d08808087ec411284bc1d9435bd
Opcode Fuzzy Hash: 196cef72b09cb35ff3ac50d81015c4e6cf40943e5f3826c4fb22ddc62bf471d5
Instruction Fuzzy Hash: 3371A1729062589EDB30DBACCE84BEE7778AF15308F504D6BE445E3E80EF7466498B11

Function 6C8CA890 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 188threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C8C035A: TlsGetValue.KERNEL32(6C8B6185), ref: 6C8C036C

TlsGetValue.KERNEL32 ref: 6C8CA8C1
DebugBreak.KERNEL32 ref: 6C8CA8CB
GetCurrentThreadId.KERNEL32 ref: 6C8CA903
swprintf.LIBCMT(?,00000400,[%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d),00000000), ref: 6C8CA933
_fwprintf.LIBCMT(?), ref: 6C8CA975
fflush.MSVCR100(?), ref: 6C8CA980
OutputDebugStringW.KERNEL32(?), ref: 6C8CA98F
DebugBreak.KERNEL32 ref: 6C8CA995
exit.MSVCR100(000000F8), ref: 6C8CA99D

Strings

[%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6C8CA9A8, 6C8CA922
[%d] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6C8CA949

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Debug$BreakValue$CurrentOutputStringThread_fwprintfexitfflushswprintf
String ID: [%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d)$[%d] %S: !!!!!!!Assert Failed(%S: %d)
API String ID: 1172176910-813932914
Opcode ID: e122c1b193ab591d03263e964343eb9efa68872d8e84b4bda6763b55d009bd09
Instruction ID: 9bb933f5f1604b15e08dfd7170ae4db3407a5fa1fcf64ed70180f0abe72e2216
Opcode Fuzzy Hash: e122c1b193ab591d03263e964343eb9efa68872d8e84b4bda6763b55d009bd09
Instruction Fuzzy Hash: 83516D72A0C3D49FCB22CB748D19A897FB8BF56204B0489DFD485C7592E738D849CB62

Function 6C8BBAE2 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 111memorylibraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BBAE9
InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000020,6C8BBAB4,00000000,6C92462C,0000000C,6C8C018B,AFCD3F0C,?,?), ref: 6C8BBB19
InitializeCriticalSectionAndSpinCount.KERNEL32(?), ref: 6C8BBB58
TlsAlloc.KERNEL32 ref: 6C8BBB62
GetLastError.KERNEL32 ref: 6C8BBB70
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BBB88
_CxxThrowException.MSVCR100(6C88BD3C,6C88BDD8,?,00000001), ref: 6C8BBB96
GetModuleHandleW.KERNEL32(kernel32.dll,FlushProcessWriteBuffers), ref: 6C8BBBA9
GetProcAddress.KERNEL32(00000000), ref: 6C8BBBB0
VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 6C8BBBE3
std::exception::exception.LIBCMT(?,00000001), ref: 6C8BBC03
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C8BBC30
??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8BBC4B

Strings

bad allocation, xrefs: 6C8BBBFC
kernel32.dll, xrefs: 6C8BBBA0
FlushProcessWriteBuffers, xrefs: 6C8BBB9B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AllocCountCriticalInitializeSectionSpin$AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionH_prolog3HandleLastModuleProcThrowVirtualstd::exception::exception
String ID: FlushProcessWriteBuffers$bad allocation$kernel32.dll
API String ID: 2685218194-103648123
Opcode ID: 89d84784d046353cafca711bc45605815ac509a4e91816a6327e388f8c741f70
Instruction ID: 384f9d1d3cef7af890d2da5f0d64029e03e94c86c317cfd37a00a64d76588c64
Opcode Fuzzy Hash: 89d84784d046353cafca711bc45605815ac509a4e91816a6327e388f8c741f70
Instruction Fuzzy Hash: 30415CB0901629EFC721CF69C989A9DBFB8BF09714F10891AE118E6F41D774A154DFE0

Function 6C8FB03A Relevance: 25.7, APIs: 17, Instructions: 163COMMON

Download Yara Rule

APIs

_malloc_crt.MSVCR100(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB0C3
memcpy.MSVCR100(00000000,6C881FA8,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB0DC
_siglookup.LIBCMT ref: 6C8FB0E9
_lock.MSVCR100(00000000,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB137
SetConsoleCtrlHandler.KERNEL32(6C8FAF2B,00000001,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB15A
__doserrno.MSVCR100(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB16F
GetLastError.KERNEL32(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB176
DecodePointer.KERNEL32(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1AA
EncodePointer.KERNEL32(?,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1B8
DecodePointer.KERNEL32(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1CB
EncodePointer.KERNEL32(?,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1D9
DecodePointer.KERNEL32(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1EC
EncodePointer.KERNEL32(?,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB1FA
DecodePointer.KERNEL32(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB20D
EncodePointer.KERNEL32(?,?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB21B
_errno.MSVCR100(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB262
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,6C8FB280,00000010), ref: 6C8FB26D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Pointer$DecodeEncode$ConsoleCtrlErrorHandlerLast__doserrno_errno_invalid_parameter_noinfo_lock_malloc_crt_siglookupmemcpy
String ID:
API String ID: 3925200645-0
Opcode ID: 38edbec41cfcb6850e8a1d3e9a96746460e1ad926c18b8b0d1027d65bb179764
Instruction ID: 4954b826909c7c607c9d72af27c198a90b4b5c62bec8f47840ca2e4d88437c36
Opcode Fuzzy Hash: 38edbec41cfcb6850e8a1d3e9a96746460e1ad926c18b8b0d1027d65bb179764
Instruction Fuzzy Hash: D651AA31902211CFDF325F68CA886BD7671FB0A3DDB344E2AD475A6E54E735C482CA91

Function 6C8B7862 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 247timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_CxxThrowException.MSVCR100(?,6C91FE78), ref: 6C8B78C7

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

std::exception::exception.LIBCMT ref: 6C8B7901
?wait@event@Concurrency@@QAEII@Z.MSVCR100(00000001,AFCD3F0C,00000000,6C8B5CBE,6C8B5C86), ref: 6C8B791C
std::exception::exception.LIBCMT ref: 6C8B78B0

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

std::exception::exception.LIBCMT ref: 6C8B7956
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR100(?,?,00000000,AFCD3F0C,?,00000000,AFCD3F0C,00000000,6C8B5CBE,6C8B5C86), ref: 6C8B79BF

Part of subcall function 6C8BB030: __EH_prolog3.LIBCMT ref: 6C8BB037

?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR100 ref: 6C8B7A30
?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR100 ref: 6C8B7A85
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(00000002,6C8B7DE5,AFCD3F0C,000000FF,00000000,00000020), ref: 6C8B7AEE
CreateTimerQueueTimer.KERNEL32(AFCD3F1C,00000000,6C8B7DE5,AFCD3F0C,000000FF,00000000,00000020), ref: 6C8B7AF9
std::exception::exception.LIBCMT(?,00000001), ref: 6C8B7B15
?Block@Context@Concurrency@@SAXXZ.MSVCR100 ref: 6C8B7B37

Strings

pEvents, xrefs: 6C8B78A8, 6C8B78F9, 6C8B794E
bad allocation, xrefs: 6C8B7B0D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@$std::exception::exception$Timer$?unlock@critical_section@Exception$??0scoped_lock@critical_section@?wait@event@Block@Context@Copy_strCreateH_prolog3QueueQueue@details@RaiseSharedThrowV12@@std::exception::_
String ID: bad allocation$pEvents
API String ID: 3019020058-4135266256
Opcode ID: 630bd7804a2f2a4aca5b7c113bca0ce189703cc42d351b83f257bff0e49eeb1d
Instruction ID: 0968b463252bf5c2b1f8aa9d21f8ca673047b98d7d706de00e5f84926f72238b
Opcode Fuzzy Hash: 630bd7804a2f2a4aca5b7c113bca0ce189703cc42d351b83f257bff0e49eeb1d
Instruction Fuzzy Hash: 5FA13C711083459FC730CF24CA81B9ABBE4BF85318F144E2DE5A5A7B90D731E949CBA2

Function 6C88F334 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 238COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C88F313
DName::operator+.LIBCMT ref: 6C88F31A
DName::operator+.LIBCMT ref: 6C88F3A0
DName::operator+.LIBCMT ref: 6C8AE932

Strings

`anonymous namespace', xrefs: 6C8AEA61

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: `anonymous namespace'
API String ID: 168861036-3062148218
Opcode ID: edc48e3f873d5922122aeebeef2686ee1b2b7084fd582d8a813a9300271ae9fe
Instruction ID: ae0190c7869d8b776b05c7533b5f02e4327db73a135da803b7a195ee4e34fbd8
Opcode Fuzzy Hash: edc48e3f873d5922122aeebeef2686ee1b2b7084fd582d8a813a9300271ae9fe
Instruction Fuzzy Hash: F681A271906249AFDB30DFA8CA40AEDBBF8AF1A308F544C6BE58597E40D734A945CF50

Function 6C8BC337 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 224COMMONLIBRARYCODE

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC371
_memset.LIBCMT(00000000,00000000,00000024,00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC37D
??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,00000024,00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC394
??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,00000000,00000024,00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC3B2
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,6C8BBC2C), ref: 6C8BC3DA
GetProcessAffinityMask.KERNEL32(00000000), ref: 6C8BC3E1
_memset.LIBCMT(00000002,00000000,?,?,?,?,?,?,00000000,?,?,6C8BBC2C), ref: 6C8BC3FD
??_U@YAPAXI@Z.MSVCR100(00000000,00000002,00000000,?,?,?,?,?,?,00000000,?,?,6C8BBC2C), ref: 6C8BC41D
??_U@YAPAXI@Z.MSVCR100(00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC468
_memset.LIBCMT(00000000,00000000,6C8B5C86,00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC479
??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,6C8B5C86,00000000,00000000,?,?,6C8BBC2C), ref: 6C8BC490
free.MSVCR100(?,?,?,?,?,00000000,?,?,6C8BBC2C), ref: 6C8BC5A1

Strings

$, xrefs: 6C8BC513
$, xrefs: 6C8BC582

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memset$Process$AffinityCurrentMaskfree
String ID: $$$
API String ID: 3179535153-233714265
Opcode ID: 49ae71f7ac2473804e93fa43cff2ca2a3652311d84478ff31b91fdf1038b4fb5
Instruction ID: 0af5a8a25673c0a139ff00829c0d3fb62622a00f874ff60398d8f818051a70ce
Opcode Fuzzy Hash: 49ae71f7ac2473804e93fa43cff2ca2a3652311d84478ff31b91fdf1038b4fb5
Instruction Fuzzy Hash: 4081EE70A11614EFDB24DF68C7919A9BBB8FB08314750486AE806FBF42D770EA11CF90

Function 6C8FECDB Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 185stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C880698: GetLastError.KERNEL32(6C873238,?,6C8807BA,6C917F62), ref: 6C88069C
Part of subcall function 6C880698: __set_flsgetvalue.MSVCR100 ref: 6C8806AA
Part of subcall function 6C880698: SetLastError.KERNEL32(00000000), ref: 6C8806BC

_calloc_crt.MSVCR100(00000086,00000001), ref: 6C8FED04
strcpy_s.MSVCR100(?,00000086,00000000,?), ref: 6C8FED2A
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8FED3F
_errno.MSVCR100(?,?,?,6C8FDA01,00000000,?,00000000), ref: 6C8FED96
_invalid_parameter_noinfo.MSVCR100(?,?,?,6C8FDA01,00000000,?,00000000), ref: 6C8FEDA0
__get_sys_err_msg.LIBCMT ref: 6C8FED22

Part of subcall function 6C8FC1AC: __sys_nerr.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1B9
Part of subcall function 6C8FC1AC: __sys_nerr.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1C2
Part of subcall function 6C8FC1AC: __sys_errlist.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1C9

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 6C8FED48, 6C8FECEF, 6C8FED12

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast__sys_nerr$__get_sys_err_msg__invoke_watson__set_flsgetvalue__sys_errlist_calloc_crt_errno_invalid_parameter_noinfostrcpy_s
String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 1851745123-798102604
Opcode ID: abe5706100c250b11ea76f078cc4d1b57adad54e83f319334c10b9a9da326379
Instruction ID: 37b0865c784ae0c1ea9374c70cb3dc51e83d0294b7e4bdbddcaaf5733d9f0f2f
Opcode Fuzzy Hash: abe5706100c250b11ea76f078cc4d1b57adad54e83f319334c10b9a9da326379
Instruction Fuzzy Hash: A24136715062647B9B31AB6D9F848EB7F78EF467E9B240D65F42497E42D720890283F0

Function 6C897B23 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_FindAndUnlinkFrame.MSVCR100(?), ref: 6C897B42

Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C897846
Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C89785A

_getptd.MSVCR100 ref: 6C897B58
_getptd.MSVCR100 ref: 6C897B67
_getptd.MSVCR100 ref: 6C897B78
_getptd.MSVCR100 ref: 6C897B8C
_IsExceptionObjectToBeDestroyed.MSVCR100(?), ref: 6C897B9A

Part of subcall function 6C897C17: _getptd.MSVCR100(?,6C897B9F,?), ref: 6C897C1C

_getptd.MSVCR100(00000001), ref: 6C897BA6
__DestructExceptionObject.MSVCR100(?,00000001), ref: 6C897BB1
_getptd.MSVCR100 ref: 6C897BB8
_getptd.MSVCR100 ref: 6C897BC7
_getptd.MSVCR100 ref: 6C897BD8
_getptd.MSVCR100 ref: 6C897BF6
_getptd.MSVCR100 ref: 6C897C04
_getptd.MSVCR100 ref: 6C8ACA49
_getptd.MSVCR100 ref: 6C8ACA61

Strings

csm, xrefs: 6C897B4C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
String ID: csm
API String ID: 473968603-1018135373
Opcode ID: 9cca86c2941cd4af08384f5c6b5494ac9bd3cf5d52acc6542bd568b01082897a
Instruction ID: bc894fc37a08cc13691b731ae76e7c401bb2dabc6fff4f1afcc4d391d62e8013
Opcode Fuzzy Hash: 9cca86c2941cd4af08384f5c6b5494ac9bd3cf5d52acc6542bd568b01082897a
Instruction Fuzzy Hash: A6212C31206240DFC724EB5DCA44F9577A4AF8132CF568DF9D4588BE62CB319C88CB62

Function 6C8BBD35 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 63libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadGroupAffinity,0000FFFF,?,00000000,?,?,?,?,?,?,?,6C8BC2D2), ref: 6C8BBD51
GetProcAddress.KERNEL32(00000000), ref: 6C8BBD5A
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadGroupAffinity,?,?,?,?,?,?,?,6C8BC2D2), ref: 6C8BBD65
GetProcAddress.KERNEL32(00000000), ref: 6C8BBD68
GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentProcessorNumberEx), ref: 6C8BBD96
GetProcAddress.KERNEL32(00000000), ref: 6C8BBD99
GetLastError.KERNEL32 ref: 6C8BBD9F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BBDB7
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8BBDC5
GetLastError.KERNEL32 ref: 6C8BBDDD

Strings

GetCurrentProcessorNumberEx, xrefs: 6C8BBD85
GetThreadGroupAffinity, xrefs: 6C8BBD5C
kernel32.dll, xrefs: 6C8BBD4B, 6C8BBD50, 6C8BBD61, 6C8BBD8A
SetThreadGroupAffinity, xrefs: 6C8BBD46

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AddressHandleModuleProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThrow
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1483908321-465693683
Opcode ID: 2175e35c3f35e566f44d36292115090ddaeee5f7fb4a153488822a31b8317014
Instruction ID: e71a80dcea6e345ebc460b8dba69819c78f1a616dfb49ff3255d173ff111511f
Opcode Fuzzy Hash: 2175e35c3f35e566f44d36292115090ddaeee5f7fb4a153488822a31b8317014
Instruction Fuzzy Hash: 80118971A14249ABCF309F75CE99EAF3BBCAB45254B140865E401F3B40E638D504DFA0

Function 6C8C7403 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(advapi32.dll,?,6C8C73EA,6C924620,00000004,6C8C7704), ref: 6C8C740B
GetProcAddress.KERNEL32(00000000,RegisterTraceGuidsW), ref: 6C8C7424
GetProcAddress.KERNEL32(00000000,UnregisterTraceGuids), ref: 6C8C7436
GetProcAddress.KERNEL32(00000000,TraceEvent), ref: 6C8C7449
GetProcAddress.KERNEL32(00000000,GetTraceLoggerHandle), ref: 6C8C745C
GetProcAddress.KERNEL32(00000000,GetTraceEnableLevel), ref: 6C8C746F
GetProcAddress.KERNEL32(00000000,GetTraceEnableFlags), ref: 6C8C7482

Strings

TraceEvent, xrefs: 6C8C743E
UnregisterTraceGuids, xrefs: 6C8C742C
RegisterTraceGuidsW, xrefs: 6C8C741E
GetTraceEnableLevel, xrefs: 6C8C7464
GetTraceEnableFlags, xrefs: 6C8C7477
advapi32.dll, xrefs: 6C8C7406
GetTraceLoggerHandle, xrefs: 6C8C7451

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetTraceEnableFlags$GetTraceEnableLevel$GetTraceLoggerHandle$RegisterTraceGuidsW$TraceEvent$UnregisterTraceGuids$advapi32.dll
API String ID: 2238633743-19120757
Opcode ID: 0e078cb0e1a3d77860e9e865c37a2f28b08d55edfd5a68e053c1bd0aeb842145
Instruction ID: 19d5172c748bc9563fc9aaad3cc801d51facc41bf4691901354d288679e2a070
Opcode Fuzzy Hash: 0e078cb0e1a3d77860e9e865c37a2f28b08d55edfd5a68e053c1bd0aeb842145
Instruction Fuzzy Hash: 9E011271B206556F9B289F79DA91C3A7FBCBB49100310482FA51A83740DA78E804DFA1

Function 6C8858A9 Relevance: 24.2, APIs: 16, Instructions: 234stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 6C8857BE
memcmp.MSVCR100(?,000000FE), ref: 6C88587C
_getptd.MSVCR100(00000001,00000000), ref: 6C8858D1
__expandlocale.LIBCMT ref: 6C8858F9

Part of subcall function 6C884CF9: _getptd.MSVCR100(00000000,00000000,00000005), ref: 6C884D2F
Part of subcall function 6C884CF9: strcpy_s.MSVCR100(00000000,00000000,6C884DD8,00000000,00000000,00000005), ref: 6C884D9D

strcmp.MSVCR100(?,?,?,?,?,?,00000001,00000000), ref: 6C885918
_strlen.LIBCMT(?,?,?,?,?,00000001,00000000), ref: 6C88592E
_malloc_crt.MSVCR100(-00000005,?,?,?,?,?,00000001,00000000), ref: 6C88593D

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

memcpy.MSVCR100(?,?,00000006,?,?,?,?,00000001,00000000), ref: 6C88598B
strcpy_s.MSVCR100(?,?,?,?,?,00000006,?,?,?,?,00000001,00000000), ref: 6C8859B4
memcpy.MSVCR100(?,?,00000006,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 6C8859EE
_CRT_RTC_INITW.MSVCR100(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 6C885A1A
InterlockedDecrement.KERNEL32(00000000), ref: 6C885A43
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C8B0C64

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptdmemcpystrcpy_s$DecrementInterlockedStringType___crt__expandlocale__invoke_watson_malloc_crt_strlenmallocmemcmpstrcmp
String ID:
API String ID: 986606718-0
Opcode ID: 8b8467e5a4c6de2d783e59e91e9963cd6cc1d793399180f908b93ec529362d46
Instruction ID: 2098cd0dad72ef5bf243ef3bb514eedec1f53435b7510ca498ebca0fe5e08ffd
Opcode Fuzzy Hash: 8b8467e5a4c6de2d783e59e91e9963cd6cc1d793399180f908b93ec529362d46
Instruction Fuzzy Hash: 0DA10971A022199FDB25CF28CD90BDAB7F5FF49304F1044A9E55EE7A50EB31AA848F50

Function 6C89373E Relevance: 24.2, APIs: 16, Instructions: 198processsynchronizationCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT(?,00000000,00000044,6C924F80,00000000,00000000), ref: 6C893786
_calloc_crt.MSVCR100(?,00000001,6C924F80,00000000,00000000), ref: 6C8937E4
__doserrno.MSVCR100(6C924F80,00000000,00000000), ref: 6C89384A
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000001,00000000,?,00000000,?,?,6C924F80,00000000,00000000), ref: 6C89386E
GetLastError.KERNEL32 ref: 6C893876
free.MSVCR100(?), ref: 6C893881

Part of subcall function 6C88014E: RtlFreeHeap.NTDLL(00000000,00000000,?,6C8A7602,00000000), ref: 6C880164

WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8938A9
GetExitCodeProcess.KERNEL32(?,?), ref: 6C8938B6
CloseHandle.KERNEL32(?), ref: 6C8938C2
CloseHandle.KERNEL32(?), ref: 6C8938C7
__dosmaperr.LIBCMT(00000000), ref: 6C8A82FB
_exit.MSVCR100(00000000), ref: 6C8A8304

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFreeHeapLastObjectSingleWait__doserrno__dosmaperr_calloc_crt_exit_memsetfree
String ID:
API String ID: 2263466040-0
Opcode ID: 5624407f778cc80e968ec1e720a27b70eb98d4c4fc9ac0d203ad47c99212d3b2
Instruction ID: f6c303a2be7905214840ab1d490ebe1ea5adb8b0144b1e21b76823aeb1c4c7c0
Opcode Fuzzy Hash: 5624407f778cc80e968ec1e720a27b70eb98d4c4fc9ac0d203ad47c99212d3b2
Instruction Fuzzy Hash: B5613272904298AFDF319FACCE809DDBBB5EB06318F24497AE015ABA90D731CD45C761

Function 6C882891 Relevance: 24.2, APIs: 16, Instructions: 165COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?), ref: 6C88CBC5
_fileno.MSVCR100(?), ref: 6C88CBD5
_fileno.MSVCR100(?), ref: 6C88CBE5
_fileno.MSVCR100(?,?), ref: 6C88CBF5
_fileno.MSVCR100(?), ref: 6C88CC19
_fileno.MSVCR100(?), ref: 6C88CC29
_fileno.MSVCR100(?), ref: 6C88CC39
_fileno.MSVCR100(?,?), ref: 6C88CC49
isleadbyte.MSVCR100(?), ref: 6C88CC86
__fassign.LIBCMT(?,00000000,00000001), ref: 6C88CC9D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno$__fassignisleadbyte
String ID:
API String ID: 3459433188-0
Opcode ID: cb1fbdbf4919c1b6f39aa59300db5c9729c69b3dc794addd017848ac9b54b346
Instruction ID: 3309b4deea1a83330ed82edc88ef5c864ab5278e0a63f69c8a2515f9bed960ce
Opcode Fuzzy Hash: cb1fbdbf4919c1b6f39aa59300db5c9729c69b3dc794addd017848ac9b54b346
Instruction Fuzzy Hash: 0E5138320179559EC3355B3CDA045A937A49F037387340F2EE4B59BED1DB28DA4A87A4

Function 6C8BFC51 Relevance: 24.1, APIs: 16, Instructions: 111memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BFC58
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z.MSVCR100(?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000,6C924624,?,00000004,6C8C0408,6C924628,0000000C,6C8C0342), ref: 6C8BFC71

Part of subcall function 6C8C20FC: ??2@YAPAXI@Z.MSVCR100(00000024,00000000,?,6C8BFC76,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000,6C924624,?,00000004), ref: 6C8C2106
Part of subcall function 6C8C20FC: memcpy.MSVCR100(00000000,?,00000024,00000024,00000000,?,6C8BFC76,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000), ref: 6C8C2115

Part of subcall function 6C8C1D1A: ??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000,6C924624,?,00000004), ref: 6C8C1D5E
Part of subcall function 6C8C1D1A: _memset.LIBCMT(00000000,00000000,?,00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000), ref: 6C8C1D6E
Part of subcall function 6C8C1D1A: ??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?), ref: 6C8C1D75
Part of subcall function 6C8C1D1A: ??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8C1DA3
Part of subcall function 6C8C1D1A: InitializeSListHead.KERNEL32(?), ref: 6C8C1DB8
Part of subcall function 6C8C1D1A: InitializeSListHead.KERNEL32(?), ref: 6C8C1DBE

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000,6C924624,?,00000004,6C8C0408,6C924628,0000000C), ref: 6C8BFCA1
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFD43
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFD68
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFD71
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFD7A
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFD80

Part of subcall function 6C8C214D: std::exception::exception.LIBCMT(6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8C216C
Part of subcall function 6C8C214D: _CxxThrowException.MSVCR100(?,6C920018,6C8C1FE2), ref: 6C8C2181

?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E), ref: 6C8BFD8D
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000007,00000004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E), ref: 6C8BFD9B

Part of subcall function 6C8BB834: __EH_prolog3.LIBCMT ref: 6C8BB83B

?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000007,00000004,00000000), ref: 6C8BFDAF
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000002,00000007,00000004,00000000), ref: 6C8BFDCC
TlsAlloc.KERNEL32(00000002,00000002,00000007,00000004,00000000), ref: 6C8BFDD7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F,00000000), ref: 6C8BFDE5
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E,?,6C8C558F), ref: 6C8BFDFD
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C8B617E), ref: 6C8BFE0B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policy$Initialize$Concurrency@@Policy@Scheduler$ElementHeadKey@2@@ListValue@$??2@CountCriticalExceptionH_prolog3SectionSpinThrow$AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastV01@@_memsetmemcpystd::exception::exception
String ID:
API String ID: 4135718791-0
Opcode ID: fdaf9fe62805edaa9035d8559af257d9502cf42f5b063cea4ca357650cbe4059
Instruction ID: 33b8775941122d2aaa0323f7eb421fbac2035065685a77aa1b4541c0d5ce9109
Opcode Fuzzy Hash: fdaf9fe62805edaa9035d8559af257d9502cf42f5b063cea4ca357650cbe4059
Instruction Fuzzy Hash: C0512AB5A00A06EBCB18DF79C984BD8FBA4BF08314F50862ED52D97B90D734A564CF90

Function 6C88C737 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

_wsopen_s.MSVCR100(?,?,00000000,?,00000180,00000000,?,?), ref: 6C88C801

Strings

UTF-16LE, xrefs: 6C892CED
UTF-8, xrefs: 6C892CD5
UNICODE, xrefs: 6C892D05
ccs, xrefs: 6C892CA0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _wsopen_s
String ID: UNICODE$UTF-16LE$UTF-8$ccs
API String ID: 2316899696-3573488595
Opcode ID: 9c7178ffd134cc9c32438b8b2045b8c6fffda21a6ebaf26edec41e551eea81a4
Instruction ID: a780d8168d4f4b98131ea3297fe76e1dfc128b36d18efaa2cb4602775b16bf26
Opcode Fuzzy Hash: 9c7178ffd134cc9c32438b8b2045b8c6fffda21a6ebaf26edec41e551eea81a4
Instruction Fuzzy Hash: C7712972C4B20ADEEB306F9DCB457997AF0AB02348F154E37DC54A3E86E7B58A41C641

Function 6C8D3913 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 216COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,00000000), ref: 6C8D3949
_invalid_parameter_noinfo.MSVCR100(?,00000000), ref: 6C8D3954
__fassign.LIBCMT(ccs,?,00000003,?,?,00000000), ref: 6C8D3AC6
__fassign.LIBCMT(?,UTF-8,00000005,?,?,00000000), ref: 6C8D3AF0
__fassign.LIBCMT(?,UTF-16LE,00000008,?,?,?,?,?,00000000), ref: 6C8D3B0F
__fassign.LIBCMT(?,UNICODE,00000007,?,?,?,?,?,?,?,?,00000000), ref: 6C8D3B2E
_errno.MSVCR100(?,?,00000000), ref: 6C8D3B50
_invalid_parameter_noinfo.MSVCR100(?,?,00000000), ref: 6C8D3B5B
__wsopen_s.LIBCMT(?,?,00000109,?,00000180,?,?,00000000), ref: 6C8D3B72

Strings

ccs, xrefs: 6C8D3AC1
UNICODE, xrefs: 6C8D3B28
UTF-8, xrefs: 6C8D3AEA
UTF-16LE, xrefs: 6C8D3B09

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __fassign$_errno_invalid_parameter_noinfo$__wsopen_s
String ID: UNICODE$UTF-16LE$UTF-8$ccs
API String ID: 4135599424-3573488595
Opcode ID: 14550ca827d099388933b7a5b0d349bb51b9c26e48e97fba500b5542f3248260
Instruction ID: cc8d972bf54c4578b91311888aed6d70ae4e073041fb0531e48f08322958c83b
Opcode Fuzzy Hash: 14550ca827d099388933b7a5b0d349bb51b9c26e48e97fba500b5542f3248260
Instruction Fuzzy Hash: E0612A71E49749BEE7304F5A8744799BBB09B06348F274DB9D890A3E81E374BE41CB11

Function 6C8BB87B Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 115libraryloaderCOMMON

Download Yara Rule

APIs

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB88C

Part of subcall function 6C8BB6C7: __EH_prolog3.LIBCMT ref: 6C8BB6CE

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB89A
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB8A8
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB8B2
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB8BC
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8BB8D1
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8BB8E0
GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentProcessorNumber), ref: 6C8BB8EF
GetProcAddress.KERNEL32(00000000), ref: 6C8BB8F6
GetLastError.KERNEL32 ref: 6C8BB900
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BB919

Strings

GetCurrentProcessorNumber, xrefs: 6C8BB8E5
kernel32.dll, xrefs: 6C8BB8EA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Version@$Concurrency@@Manager@1@Resource$AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency::unsupported_os::unsupported_osErrorExceptionH_prolog3HandleLastModuleProcThrow
String ID: GetCurrentProcessorNumber$kernel32.dll
API String ID: 204447691-1711015486
Opcode ID: 4f13bfd271f0474404a3aef74e4fe75252fad63c5a39b57473f978457d494060
Instruction ID: 14b1d0ef7e1fc6d90b72de9e8775c25cf59530c90f4b9ecbefed6550841f85d6
Opcode Fuzzy Hash: 4f13bfd271f0474404a3aef74e4fe75252fad63c5a39b57473f978457d494060
Instruction Fuzzy Hash: BB41F7715082569BC734CF25CAC073EB7E4BF81319F104D2AE4A5E2B42E734E849DBA2

Function 6C8F3EE9 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C8F3EF0
_getptd.MSVCR100(00000004,6C8F486F,?,?,E06D7363,1FFFFFFF,19930522), ref: 6C8F3EF5
?_inconsistency@@YAXXZ.MSVCR100 ref: 6C8F3F03

Part of subcall function 6C8F377C: DecodePointer.KERNEL32(6C8F37B8,00000008,6C8F42DF,6C8F4300,0000000C,6C8F4357,?,?,00000003,00000000,6C8F43B0,00000008,6C8ACB36,?,00000000,00000003), ref: 6C8F378E
Part of subcall function 6C8F377C: ?terminate@@YAXXZ.MSVCR100(?,00000000,00000003,?), ref: 6C8F37AE

?unexpected@@YAXXZ.MSVCR100 ref: 6C8F3F0C
?terminate@@YAXXZ.MSVCR100 ref: 6C8F3F17
_getptd.MSVCR100 ref: 6C8F3F1C
_CxxThrowException.MSVCR100(00000000,00000000), ref: 6C8F3F2E
?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F42
?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F4D
?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F78
?raw_name@type_info@@QBEPBDXZ.MSVCR100(0000005E,?,00000000,?,00000000,00000000), ref: 6C8F3F96
strcmp.MSVCR100(00000000,0000005E,?,00000000,?,00000000,00000000), ref: 6C8F3F9C

Strings

csm, xrefs: 6C8F3F52

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ?_inconsistency@@$?terminate@@_getptd$?raw_name@type_info@@?unexpected@@DecodeExceptionH_prolog3_catchPointerThrowstrcmp
String ID: csm
API String ID: 2156745037-1018135373
Opcode ID: a082554966babccc1746b9f6e56e9df61b9765a031b7d7018ab22f574bac4158
Instruction ID: 4864baf073c3d70e9f0bdcbd228d51888b1ebd49385cc7d46c7ac110f13019e1
Opcode Fuzzy Hash: a082554966babccc1746b9f6e56e9df61b9765a031b7d7018ab22f574bac4158
Instruction Fuzzy Hash: 5B2192765026019BEB309F6C8A00B8973B4DF453A9F254E39D9749BF90C730ED0B8663

Function 6C88A428 Relevance: 22.6, APIs: 15, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

free.MSVCR100(?,6C889233,-0000006C,?,?,6C88A4AB,-0000006C,-0000006C,?,?,6C884ECC,-0000006C), ref: 6C88A48E
free.MSVCR100(?,6C889233,-0000006C,?,?,6C88A4AB,-0000006C,-0000006C,?,?,6C884ECC,-0000006C), ref: 6C896E9C
___free_lconv_mon.LIBCMT ref: 6C896EA7
free.MSVCR100(?,6C889233,-0000006C,?,?,6C88A4AB,-0000006C,-0000006C,?,?,6C884ECC,-0000006C), ref: 6C896EBD
___free_lconv_num.LIBCMT ref: 6C896EC8
free.MSVCR100(?,6C889233,-0000006C,?,?,6C88A4AB,-0000006C,-0000006C,?,?,6C884ECC,-0000006C), ref: 6C896ED5
free.MSVCR100(?,?,6C889233,-0000006C,?,?,6C88A4AB,-0000006C,-0000006C,?,?,6C884ECC,-0000006C), ref: 6C896EE0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$___free_lconv_mon___free_lconv_num
String ID:
API String ID: 2838340673-0
Opcode ID: 80325eb50a141f42d0ccd6af9f4ab668a5865ceca1dc53d7ed6cdfc836cba8ea
Instruction ID: 7eca77616914f73a3c78c1dc933d818294a9c2844ff019b9f07e6f4947ad4db2
Opcode Fuzzy Hash: 80325eb50a141f42d0ccd6af9f4ab668a5865ceca1dc53d7ed6cdfc836cba8ea
Instruction Fuzzy Hash: A9315275147745DFDB305F6DDF84ACB77EAAB01318F200D3AE1599BEA0DB30A8848651

Function 6C887F86 Relevance: 21.3, APIs: 14, Instructions: 349COMMON

Download Yara Rule

APIs

_calloc_crt.MSVCR100(00000001,00000050), ref: 6C887FAC
_malloc_crt.MSVCR100(00000004), ref: 6C887FBF

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

_malloc_crt.MSVCR100(00000004), ref: 6C887FDD

Part of subcall function 6C88767A: GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876C4
Part of subcall function 6C88767A: _calloc_crt.MSVCR100(00000000,00000002,?,?,00000000), ref: 6C8876D3
Part of subcall function 6C88767A: GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876EC

free.MSVCR100(00000000), ref: 6C8B170F
free.MSVCR100(00000000), ref: 6C8B1718
free.MSVCR100(?,00000000), ref: 6C8B1720
___free_lconv_mon.LIBCMT ref: 6C8B1729
free.MSVCR100(00000000,00000000), ref: 6C8B172F
free.MSVCR100(?,00000000,00000000), ref: 6C8B1737
free.MSVCR100(?,?,00000000,00000000), ref: 6C8B173F
free.MSVCR100(?), ref: 6C8B174F
free.MSVCR100(?,?), ref: 6C8B175A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$InfoLocale_calloc_crt_malloc_crt$___free_lconv_monmalloc
String ID:
API String ID: 1432309319-0
Opcode ID: 5cf9005351221fd265780b45aea8d5b6b7af883b85def0c0c034d3f8a66c0930
Instruction ID: ee90b69fb96a271f2de6fd22e1af5060d7c132b2409085ac79b3e6b43ccee4ac
Opcode Fuzzy Hash: 5cf9005351221fd265780b45aea8d5b6b7af883b85def0c0c034d3f8a66c0930
Instruction Fuzzy Hash: F3B186B2A41208AEE720CFA8CD81FEB77FDAB45744F140966FA05DBA85E770D944C750

Function 6C880D61 Relevance: 21.2, APIs: 14, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?), ref: 6C890EDD
_fileno.MSVCR100(?), ref: 6C890EF2
_fileno.MSVCR100(?), ref: 6C890F02
_fileno.MSVCR100(?,?), ref: 6C890F12
_fileno.MSVCR100(?), ref: 6C890F2F
_fileno.MSVCR100(?), ref: 6C890F3F
_fileno.MSVCR100(?), ref: 6C890F4F
_fileno.MSVCR100(?,?), ref: 6C890F5F
_fileno.MSVCR100(?), ref: 6C890F7C
_fileno.MSVCR100(?), ref: 6C890F8C
_fileno.MSVCR100(?), ref: 6C890F9C
_fileno.MSVCR100(?,?), ref: 6C890FAC
__cftof.LIBCMT(?,00000040,00000005,?), ref: 6C890FD2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno$__cftof
String ID:
API String ID: 813615167-0
Opcode ID: f63737a4b025251b524061495564a9bd2d3a5134b1b0a7548c693193b05704c2
Instruction ID: bd97555d4a98575f88eb024e48d6595631284dfbf8c3d4a1204d316c11710d17
Opcode Fuzzy Hash: f63737a4b025251b524061495564a9bd2d3a5134b1b0a7548c693193b05704c2
Instruction Fuzzy Hash: A54117321166549AC7358B3CEE405DD77B8AF4A7283240F29E0B4AFED0DB38DE4AC650

Function 6C8F6716 Relevance: 21.2, APIs: 14, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

__aligned_offset_malloc.LIBCMT(?,?,?), ref: 6C8F6731

Part of subcall function 6C8F6604: _errno.MSVCR100 ref: 6C8F6614
Part of subcall function 6C8F6604: _invalid_parameter_noinfo.MSVCR100 ref: 6C8F661F

__aligned_free.LIBCMT(?), ref: 6C8F6743

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aligned_free__aligned_offset_malloc_errno_invalid_parameter_noinfo
String ID:
API String ID: 2665303786-0
Opcode ID: 1e0e03dcc14da39246652d9cb69321eeb2c700b761024594c27af2c62ae2cf45
Instruction ID: 41a8f9e4edaccbec5af5bf48d239061c0538fa19d22d34b1a9cb25bb80fa1516
Opcode Fuzzy Hash: 1e0e03dcc14da39246652d9cb69321eeb2c700b761024594c27af2c62ae2cf45
Instruction Fuzzy Hash: A051A37190020ADFCF24DF68CA949DDBBB1AF45398B104A3DD825E7740EB31DA45CB50

Function 6C88203F Relevance: 21.1, APIs: 14, Instructions: 108threadCOMMON

Download Yara Rule

APIs

__set_flsgetvalue.MSVCR100(6C8820E0,00000008,6C882116,00000001,?), ref: 6C88206A

Part of subcall function 6C88067B: TlsGetValue.KERNEL32(?,6C8806AF), ref: 6C880684

TlsGetValue.KERNEL32(6C8820E0,00000008,6C882116,00000001,?), ref: 6C88207B
_calloc_crt.MSVCR100(00000001,00000214), ref: 6C88208E
DecodePointer.KERNEL32(00000000), ref: 6C8820AC
_initptd.MSVCR100(00000000,00000000), ref: 6C8820BE

Part of subcall function 6C88215F: GetModuleHandleW.KERNEL32(KERNEL32.DLL,6C882200,00000008,6C8A75E9,00000000,00000000), ref: 6C882170
Part of subcall function 6C88215F: _lock.MSVCR100(0000000D), ref: 6C8821A4
Part of subcall function 6C88215F: InterlockedIncrement.KERNEL32(?), ref: 6C8821B1
Part of subcall function 6C88215F: _lock.MSVCR100(0000000C), ref: 6C8821C5

GetCurrentThreadId.KERNEL32 ref: 6C8820C5
__freeptd.LIBCMT ref: 6C8825B1
__heap_init.LIBCMT ref: 6C88B235
GetCommandLineA.KERNEL32(6C8820E0,00000008,6C882116,00000001,?), ref: 6C88B266
GetCommandLineW.KERNEL32 ref: 6C88B271
__ioterm.LIBCMT ref: 6C8980B2
free.MSVCR100(00000000), ref: 6C8A7485

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CommandLineValue_lock$CurrentDecodeHandleIncrementInterlockedModulePointerThread__freeptd__heap_init__ioterm__set_flsgetvalue_calloc_crt_initptdfree
String ID:
API String ID: 2121586863-0
Opcode ID: 5ae3274cdcd6dc1b4419d242d97a59b8c53b463d54f5eeb1fe93f8465fec8735
Instruction ID: 92cd005c09f5932c4314f4d8a5507f0398c521cf43598a8705658ff9ee7bbbed
Opcode Fuzzy Hash: 5ae3274cdcd6dc1b4419d242d97a59b8c53b463d54f5eeb1fe93f8465fec8735
Instruction Fuzzy Hash: F031C8306576029ADB312BFD4F1C19E36B4AF4235DB304E36D464C6E85EF38C089DA62

Function 6C88F4EC Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 6C88F556
DName::DName.LIBCMT ref: 6C8ADD78

Strings

unknown ecsu', xrefs: 6C8ADD73
enum , xrefs: 6C8ADD45
struct , xrefs: 6C88F5A3
coclass , xrefs: 6C8ADD2A
union , xrefs: 6C891AF1
class , xrefs: 6C88F54E
cointerface , xrefs: 6C8ADD20

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::Name::operator=
String ID: class $coclass $cointerface $enum $struct $union $unknown ecsu'
API String ID: 1765408024-3025788322
Opcode ID: 5fcf5ef3a354926bcfa85f058198acc68880239d7649b41f421a4cefce180ce3
Instruction ID: 0e953543c679ca5bf77433c866bed673c5c4380ec9cc5af03ea332df3e3fce4f
Opcode Fuzzy Hash: 5fcf5ef3a354926bcfa85f058198acc68880239d7649b41f421a4cefce180ce3
Instruction Fuzzy Hash: B1316B32916509AFCB24DF9DCA50AEDB7B4FB59359F104C6AE811E7E80DB30DA05CB50

Function 6C8C012C Relevance: 19.7, APIs: 13, Instructions: 164COMMONLIBRARYCODE

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCR100(00000008,AFCD3F0C,?,?), ref: 6C8C0169

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

?GetProcessorNodeCount@Concurrency@@YAIXZ.MSVCR100(AFCD3F0C,?,?), ref: 6C8C01A4
??_U@YAPAXI@Z.MSVCR100(00000000,AFCD3F0C,?,?), ref: 6C8C01BD
??_U@YAPAXI@Z.MSVCR100(00000000,AFCD3F0C,?,?), ref: 6C8C01D8
_memset.LIBCMT(?,00000000,?,AFCD3F0C,?,?), ref: 6C8C01EC
_memset.LIBCMT(?,00000000,?,AFCD3F0C,?,?), ref: 6C8C01FF
CreateSemaphoreW.KERNEL32(00000000,00000000,7FFFFFFF,00000000,?,?,?,AFCD3F0C,?,?), ref: 6C8C024F
GetLastError.KERNEL32(?,?,?,AFCD3F0C,?,?), ref: 6C8C025F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,AFCD3F0C,?,?), ref: 6C8C0278
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,?,?,AFCD3F0C,?,?), ref: 6C8C0287
??2@YAPAXI@Z.MSVCR100(0000000C,?,?,?,AFCD3F0C,?,?), ref: 6C8C028E
??2@YAPAXI@Z.MSVCR100(00004004,?,?,?,AFCD3F0C,?,?), ref: 6C8C02B0
_memset.LIBCMT(00000000,00000000,00004004,?,?,?,AFCD3F0C,?,?), ref: 6C8C02C1

Part of subcall function 6C8C16DE: _memset.LIBCMT(?,00000000,0000003E,00000000,00000000), ref: 6C8C16FD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memset$??2@$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency@@Count@CreateErrorExceptionLastNodeProcessorSemaphoreThrowmalloc
String ID:
API String ID: 1488694034-0
Opcode ID: 8ba8fdedd1b10ba0b0181f3403b1ce96dccd14513c772b6f7eb61fc1ffe74191
Instruction ID: 0d2762fea6b4f1aabecdab19250ef669cdd7799c2646f752696000920dbde0c9
Opcode Fuzzy Hash: 8ba8fdedd1b10ba0b0181f3403b1ce96dccd14513c772b6f7eb61fc1ffe74191
Instruction Fuzzy Hash: C851C2B16057419FD735CF28C985A6ABBE4FB48354F104E3EE15A87A90EB31E8448B51

Function 6C894F02 Relevance: 19.6, APIs: 13, Instructions: 147stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_strnlen.LIBCMT(?,?,?,?,?,?,?,?), ref: 6C894F26
__crtLCMapStringA.MSVCR100(?,?,00000100,?,000000FF,00000000,00000000,?,00000001,?,?,?,?,?,?), ref: 6C894F5A
__crtLCMapStringA.MSVCR100(?,?,00000100,?,000000FF,00000000,00000000,?,00000001), ref: 6C894FD5
strcpy_s.MSVCR100(?,?,00000000), ref: 6C894FEC
_freea_s.MSVCR100(00000000), ref: 6C894FF9
_errno.MSVCR100(?,?,?,?,?,?), ref: 6C8AC372
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?), ref: 6C8AC37C
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8AC3AD
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8AC3B8
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8AC3C7
malloc.MSVCR100(00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8AC3D1
_errno.MSVCR100(?,?,?,?,?,?,?,?,?,?), ref: 6C8AC3EA
_errno.MSVCR100 ref: 6C8AC3F7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$String__crt$_freea_s_invalid_parameter_noinfo_strnlenmallocstrcpy_s
String ID:
API String ID: 2430913482-0
Opcode ID: 609cb1d0785953016be35295166254db73b4d7549db982a4ed129d5e8eb94a84
Instruction ID: 4d96edb2435f568595ee05acec7acfebf28296cfeeba0ff7f57f248d8a3ff369
Opcode Fuzzy Hash: 609cb1d0785953016be35295166254db73b4d7549db982a4ed129d5e8eb94a84
Instruction Fuzzy Hash: 77414931606245EFEB316FACCE40B9A3FA5EF87314F200969E4159BF91E7728446CB61

Function 6C88CCC4 Relevance: 19.6, APIs: 13, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

wcsnlen.MSVCR100(?,?,?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C88CCE8
_errno.MSVCR100(?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C8AC84E
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C8AC858
___crtLCMapStringW.LIBCMT(?,00000200,?,000000FF,00000000,00000000,?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C8AC875
_errno.MSVCR100(?,?,6C88CD55,?,?,?), ref: 6C8AC886
_errno.MSVCR100(?,?,6C88CD55,?,?,?), ref: 6C8AC891
_errno.MSVCR100(?,?,6C88CD55,?,?,?), ref: 6C8AC8A7
malloc.MSVCR100(00000008,?,?,6C88CD55,?,?,?), ref: 6C8AC8DF
_errno.MSVCR100(?,?,6C88CD55,?,?,?), ref: 6C8AC8FB
___crtLCMapStringW.LIBCMT(?,00000200,?,000000FF,00000000,00000000,?,?,6C88CD55,?,?,?), ref: 6C8AC916
wcscpy_s.MSVCR100(?,?,00000000,?,?,?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C8AC927
_freea_s.MSVCR100(00000000,?,?,?,?,?,?,?,?,6C88CD55,?,?,?), ref: 6C8AC940

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$String___crt$_freea_s_invalid_parameter_noinfomallocwcscpy_swcsnlen
String ID:
API String ID: 4082481270-0
Opcode ID: 0dbafc94385bce6115b1bb879e5d6a94521b27045848da4407f20e126f0bffa3
Instruction ID: efcd0e20e9efcef9cb75d1be911384efc02d579676e1c3b62d23ae85afa8c719
Opcode Fuzzy Hash: 0dbafc94385bce6115b1bb879e5d6a94521b27045848da4407f20e126f0bffa3
Instruction Fuzzy Hash: F9411971606264AFDB347FACCE809AA37A8EF06318B200D3AE414DBF91E7719D458765

Function 6C883BF7 Relevance: 19.6, APIs: 13, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

wcsnlen.MSVCR100(?,?,?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C883C1B
_errno.MSVCR100(?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C8AC5A3
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C8AC5AD
___crtLCMapStringW.LIBCMT(?,00000100,?,000000FF,00000000,00000000,?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C8AC5CA
_errno.MSVCR100(?,?,6C883C95,?,?,?), ref: 6C8AC5DB
_errno.MSVCR100(?,?,6C883C95,?,?,?), ref: 6C8AC5E6
_errno.MSVCR100(?,?,6C883C95,?,?,?), ref: 6C8AC5FC
malloc.MSVCR100(00000008,?,?,6C883C95,?,?,?), ref: 6C8AC634
_errno.MSVCR100(?,?,6C883C95,?,?,?), ref: 6C8AC650
___crtLCMapStringW.LIBCMT(?,00000100,?,000000FF,00000000,00000000,?,?,6C883C95,?,?,?), ref: 6C8AC66B
wcscpy_s.MSVCR100(?,?,00000000,?,?,?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C8AC67C
_freea_s.MSVCR100(00000000,?,?,?,?,?,?,?,?,6C883C95,?,?,?), ref: 6C8AC695

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$String___crt$_freea_s_invalid_parameter_noinfomallocwcscpy_swcsnlen
String ID:
API String ID: 4082481270-0
Opcode ID: 62d42ebd2711f0a48b1d6541f77692a36f8ada5c7cadbc10e66a5ac1847a243e
Instruction ID: a87d9559e5246c581dd92f837271f9695671e53c6581a5fc494ec5dfaee3cc57
Opcode Fuzzy Hash: 62d42ebd2711f0a48b1d6541f77692a36f8ada5c7cadbc10e66a5ac1847a243e
Instruction Fuzzy Hash: F441D471606144AFDB34AFACCE81AAA3BA8EF06318B110D7DE414DBF51EB718D4586A1

Function 6C8849C8 Relevance: 19.6, APIs: 13, Instructions: 140stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc_crt.MSVCR100(00000355,00000000,6C884E81,00000001,00000000,00000000), ref: 6C8849DC

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

Part of subcall function 6C88498E: strcat_s.MSVCR100(6C885C30,6C885C0F,6C885C20,?,00000083,00000083,?,6C885C24,6C885C0F,6C885C30,00000002,6C885C30,6C885C0F,?,00000000,00000000), ref: 6C8849AD

strcat_s.MSVCR100(00000004,00000351,6C88498C,?,?,?,?,?,00000000,6C884E81,00000001,00000000), ref: 6C884A29
strcmp.MSVCR100(00000000,00000010,?,?,?,?,?,?,?,?,00000000,6C884E81,00000001,00000000), ref: 6C884A46
free.MSVCR100(6C884E81,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C884A8D
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C884E81,00000001), ref: 6C8B0BD9
free.MSVCR100(?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C884E81), ref: 6C8B0BE1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: freestrcat_s$__invoke_watson_malloc_crtmallocstrcmp
String ID:
API String ID: 1358975119-0
Opcode ID: 19fce45fb89d9ef82484f2cf207f1c403d1e3f5bd141841e00ca810d98c9871a
Instruction ID: 958e8d4ac67552e4d1d98881375ee4915cf488ffda644ff92a71faed0f31ce90
Opcode Fuzzy Hash: 19fce45fb89d9ef82484f2cf207f1c403d1e3f5bd141841e00ca810d98c9871a
Instruction Fuzzy Hash: 9F419072545705EFDB309F6DDE90A5AB7F9AF8130CB000D38D001ABE61E779E9449B00

Function 6C882423 Relevance: 19.6, APIs: 13, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(0000000D,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C882497

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

InterlockedDecrement.KERNEL32(?), ref: 6C8824A9
_lock.MSVCR100(0000000C,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8824C5
free.MSVCR100(00000000,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8824F9
free.MSVCR100(00000000), ref: 6C8A7615
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7621
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A762D
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7639
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7645
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7651
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A765D
free.MSVCR100(?,6C882508,00000008,6C882592,00000000,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7669
free.MSVCR100(?,?,6C8825B6,00000000,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8A7675

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$_lock$CriticalDecrementEnterInterlockedSection
String ID:
API String ID: 3254847666-0
Opcode ID: 07d13e405088b42e07ee8016addf4a04e43f2a901dc14dcc00a8189425e9f651
Instruction ID: bd41bd88340727ab3c678f280968b649999c37497208235dd73a0fd3786a93e0
Opcode Fuzzy Hash: 07d13e405088b42e07ee8016addf4a04e43f2a901dc14dcc00a8189425e9f651
Instruction Fuzzy Hash: 7D31D4B1687A01DAD7305EBD9B08B4B33A96B02B2CF204D19D4559BE90EB3CD4C59260

Function 6C8929FE Relevance: 19.6, APIs: 13, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameA.KERNEL32(?,?,00000000,?), ref: 6C892A42
GetFullPathNameA.KERNEL32(?,00000000,00000000,00000000), ref: 6C8A7A58
GetLastError.KERNEL32 ref: 6C8A7A5E
__dosmaperr.LIBCMT(00000000), ref: 6C8A7A65
_errno.MSVCR100 ref: 6C8A7A7F
calloc.MSVCR100(?,00000001), ref: 6C8A7A94
_errno.MSVCR100 ref: 6C8A7AA5
_errno.MSVCR100 ref: 6C8A7AB2
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A7ABD
free.MSVCR100(00000000), ref: 6C8A7ACB
_errno.MSVCR100 ref: 6C8A7AD1
free.MSVCR100(00000000), ref: 6C8A7AE8
_getcwd.MSVCR100(?,?), ref: 6C8A7AF9

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$FullNamePathfree$ErrorLast__dosmaperr_getcwd_invalid_parameter_noinfocalloc
String ID:
API String ID: 4002649621-0
Opcode ID: 4d258892e2ac3b7a139b3c8ab5e9f9a73bd7e677f3176ca38709e99e60f79628
Instruction ID: 6c0065174d08378ca42f4a5898509df7ddeeebef723d517036081333e92f1019
Opcode Fuzzy Hash: 4d258892e2ac3b7a139b3c8ab5e9f9a73bd7e677f3176ca38709e99e60f79628
Instruction Fuzzy Hash: 4B21EC31145249BFDB315FECCE80B9E379AEB4136CB110C35E500CBD84EB71A946ABA0

Function 6C881E61 Relevance: 19.6, APIs: 13, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,?), ref: 6C881EA6
GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000), ref: 6C8A7B41
GetLastError.KERNEL32 ref: 6C8A7B47
__dosmaperr.LIBCMT(00000000), ref: 6C8A7B4E
_errno.MSVCR100 ref: 6C8A7B6B
calloc.MSVCR100(?,00000002), ref: 6C8A7B80
_errno.MSVCR100 ref: 6C8A7B91
_errno.MSVCR100 ref: 6C8A7B9E
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A7BA9
free.MSVCR100(00000000), ref: 6C8A7BB7
_errno.MSVCR100 ref: 6C8A7BBD
free.MSVCR100(00000000), ref: 6C8A7BD4
_wgetcwd.MSVCR100(?,?), ref: 6C8A7BE5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$FullNamePathfree$ErrorLast__dosmaperr_invalid_parameter_noinfo_wgetcwdcalloc
String ID:
API String ID: 3145916893-0
Opcode ID: 9da12327d43c442fc0197cd8f30273e146413239342966b088d52b4d1beb9f2d
Instruction ID: a718195d70fd89ace2e849d3e300f7996e794656759e245d140f8d5bdfb2e6ce
Opcode Fuzzy Hash: 9da12327d43c442fc0197cd8f30273e146413239342966b088d52b4d1beb9f2d
Instruction Fuzzy Hash: 962197B1506249BEDB315EE8CE90E9E3769AB4136CF104D35E5118BE84EB70C847A760

Function 6C8FFF22 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,00000016,?,0000002D,00000000,000000A3,?,?,?,?,?,?,?,00000000,?), ref: 6C8FFF3F
_invalid_parameter_noinfo.MSVCR100(?,?,00000016,?,0000002D,00000000,000000A3,?,?,?,?,?,?,?,00000000,?), ref: 6C8FFF49
_errno.MSVCR100(?,?,00000016,?,0000002D,00000000,000000A3,?,?,?,?,?,?,?,00000000,?), ref: 6C8FFF7A
__shift.LIBCMT ref: 6C8FFFA2
strcpy_s.MSVCR100(?,000000FF,e+000,?,?,?,00000016,?), ref: 6C8FFFF6
_memmove.LIBCMT(?,0000000C,00000003,?,00000016,?), ref: 6C90005A
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,00000016,?), ref: 6C90007D
__fltout2.LIBCMT ref: 6C9000B9

Part of subcall function 6C8FFD7F: ___dtold.LIBCMT ref: 6C8FFDA5
Part of subcall function 6C8FFD7F: _$I10_OUTPUT.LIBCMT(?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?,00000000,?,?), ref: 6C8FFDC0
Part of subcall function 6C8FFD7F: strcpy_s.MSVCR100(6C9000BE,?,?,?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?), ref: 6C8FFDE0

_errno.MSVCR100(?,?,?,00000000,?,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C9000C5
_invalid_parameter_noinfo.MSVCR100(?,?,?,00000000,?,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C9000CC

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__fptostr.LIBCMT ref: 6C900117

Strings

e+000, xrefs: 6C900084, 6C8FFFEF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfostrcpy_s$I10____dtold__fltout2__fptostr__invoke_watson__shift_invalid_parameter_memmove
String ID: e+000
API String ID: 2464188683-1027065040
Opcode ID: 4c34109ee5f60de72b898bd59adcfe53fb256e24871cc5b57ce0ceec9aa8985f
Instruction ID: 1f659e605a5a7b9422fc5e4d5f0be3115bc35de0e1b9f3bcd7df154b46640f27
Opcode Fuzzy Hash: 4c34109ee5f60de72b898bd59adcfe53fb256e24871cc5b57ce0ceec9aa8985f
Instruction Fuzzy Hash: 5D516432605385DFDB21CF78C980BDA7BF4EF16368F1889A9E4649BA81D730D845CB50

Function 6C88F805 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C88F89E
DName::DName.LIBCMT ref: 6C88F96F
DName::DName.LIBCMT ref: 6C8AD13B

Strings

`non-type-template-parameter, xrefs: 6C8AD126

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::
String ID: `non-type-template-parameter
API String ID: 1333004437-4247534891
Opcode ID: 95e8450ff9120ce956589e1ebb17e60f1d4efe5809de5e311f0deae7e29ea81a
Instruction ID: c53a8f1c304891a73c1610533ae427818e2f3079daf33846f2b7acad1803d94f
Opcode Fuzzy Hash: 95e8450ff9120ce956589e1ebb17e60f1d4efe5809de5e311f0deae7e29ea81a
Instruction Fuzzy Hash: 6341597190A2599FD720CFACCA80AEA7BB4EB17348F548969D8548BF11E730D807CB40

Function 6C897949 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

__TypeMatch.MSVCR100(00000003,?,00000000), ref: 6C8979C7
_getptd.MSVCR100 ref: 6C8979D7
_getptd.MSVCR100 ref: 6C8ACAFB
_getptd.MSVCR100 ref: 6C8ACB0D
_getptd.MSVCR100 ref: 6C8ACB69
_getptd.MSVCR100 ref: 6C8ACB7B

Strings

RCC, xrefs: 6C8ACACE
MOC, xrefs: 6C8ACAC7
csm, xrefs: 6C897979
csm, xrefs: 6C8ACB3E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$MatchType
String ID: MOC$RCC$csm$csm
API String ID: 965401092-1441736206
Opcode ID: 6b576735584244a2e40a0ad04f2e8cbcfa8abaa534f1e88dcbd532e97dde6d74
Instruction ID: 73c3fdce9bd9931b9cf15f5a1f253981ba462fc0f0475dc3c94483329cbd328d
Opcode Fuzzy Hash: 6b576735584244a2e40a0ad04f2e8cbcfa8abaa534f1e88dcbd532e97dde6d74
Instruction Fuzzy Hash: 8A31E331602204DFCB30DFADC6807A973B8EF41318F284D6AD85587E62D736E946CB52

Function 6C88B58E Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 95COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C88B595
_malloc_crt.MSVCR100(00000054), ref: 6C88B5F2
__ExceptionPtr::__ExceptionPtr.LIBCMT ref: 6C88B611
_Ptr_base.LIBCMT ref: 6C88B63A

Strings

csm, xrefs: 6C88B607, 6C88B60A
bad allocation, xrefs: 6C8A7338

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Exception$H_prolog3_catchPtr::__Ptr_base_malloc_crt
String ID: bad allocation$csm
API String ID: 458220297-2003371537
Opcode ID: 19237832974ef477dd85544736f5f3aabb79c55ee670dc5d76a3ce47535eff35
Instruction ID: 14f479ca2c378e9b1f0c562a46cb29718816bc1f0ac0ef3e9c551cff3ddaf037
Opcode Fuzzy Hash: 19237832974ef477dd85544736f5f3aabb79c55ee670dc5d76a3ce47535eff35
Instruction Fuzzy Hash: E13170B0C02249DECB21CFECCA406EEBBF4AF54304F54482EE405B7B45DB744A499B62

Function 6C881580 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 312COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 6C881A22

Strings

, xrefs: 6C88940D
@, xrefs: 6C881592
', xrefs: 6C881C65
g, xrefs: 6C88129A
, xrefs: 6C881047

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm
String ID: $ $'$@$g
API String ID: 1302938615-1146214397
Opcode ID: 17365672a7582c2f08bc5fd670b816d8eefc90fa5fc639a86642a577bc1413c6
Instruction ID: 673a734d9a9b81deac76c9aaab94d5764d1e398e679e122c5ca083973b4743c1
Opcode Fuzzy Hash: 17365672a7582c2f08bc5fd670b816d8eefc90fa5fc639a86642a577bc1413c6
Instruction Fuzzy Hash: 3DD1ADF190622DCADB308E18CF807C9B7B4AB45308F144AE9D768A7E41DB749EC58F58

Function 6C88EA8B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 245COMMON

Download Yara Rule

APIs

_strlen.LIBCMT(6C8B3090), ref: 6C88EA7E
_get_printf_count_output.MSVCR100 ref: 6C88EAE5
__forcdecpt_l.LIBCMT ref: 6C88EBFE
free.MSVCR100(00000000), ref: 6C88EDE4
__aulldvrm.LIBCMT ref: 6C88EF31

Strings

@, xrefs: 6C88EE7B
g, xrefs: 6C88EC05
@, xrefs: 6C88E90C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm__forcdecpt_l_get_printf_count_output_strlenfree
String ID: @$@$g
API String ID: 1547650701-3810856864
Opcode ID: 2b6ff13a2e1952ddd1bfe148ef05f2b67c1fc6a734e0d2dd51c53a5e4dc2ced4
Instruction ID: b65bf53bc78788122e0a3beff4642faad34221c7306005af226ea8a71a7d7270
Opcode Fuzzy Hash: 2b6ff13a2e1952ddd1bfe148ef05f2b67c1fc6a734e0d2dd51c53a5e4dc2ced4
Instruction Fuzzy Hash: B1A1AB7990622D9FDB30CF28CE887D9B7B4AB55318F1009E9D418A6A91D7749EC4CF90

Function 6C8C085E Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 6C8C0891
GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 6C8C0897
DuplicateHandle.KERNEL32(00000000), ref: 6C8C089A
GetLastError.KERNEL32 ref: 6C8C08A4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C08BC
_CxxThrowException.MSVCR100(6C8B38B0,6C91FE78,?), ref: 6C8C08CA
??2@YAPAXI@Z.MSVCR100(0000000C,6C8B38B0,6C91FE78,?), ref: 6C8C08D1
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100(6C8B38B0,6C91FE78,?), ref: 6C8C08E4
std::exception::exception.LIBCMT(?), ref: 6C8C0936

Strings

eventObject, xrefs: 6C8C092F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentProcess$??2@AcquireConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency@@DuplicateErrorExceptionHandleLastLock@details@ReaderThrowWrite@_Writerstd::exception::exception
String ID: eventObject
API String ID: 1946344800-1680012138
Opcode ID: c049deb0df96d37839f777ed127e41c624285d0831c3e0b0c01fd4002922c61e
Instruction ID: 8f9608e1b4b3d1e2c27898795ca233e5277f73200e539f606f937812b5e9499c
Opcode Fuzzy Hash: c049deb0df96d37839f777ed127e41c624285d0831c3e0b0c01fd4002922c61e
Instruction Fuzzy Hash: 7D3164B1601219EFDB60CF68CA84BD97BF8FF09354B104939E455D7A50D770E908CB91

Function 6C88F608 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C8AD596
operator+.LIBCMT ref: 6C8AD600

Strings

cli::pin_ptr<, xrefs: 6C8AD5F1
void, xrefs: 6C8AD591
cli::array<, xrefs: 6C8AD5CA
void , xrefs: 6C8AD59E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::operator+
String ID: cli::array<$cli::pin_ptr<$void$void
API String ID: 1360548761-456688812
Opcode ID: 119688e60328551622b517257df117ab7bf20c41809b80d4882ade8193971a13
Instruction ID: b61127641f2de7c78f2c7466c8890304530d0f920dbe770c0e4f3cf02388bf49
Opcode Fuzzy Hash: 119688e60328551622b517257df117ab7bf20c41809b80d4882ade8193971a13
Instruction Fuzzy Hash: 15217C71905209AFDF25DF98DA409EA3BB8AF45318F008967EC15DBA60D730EA46CF90

Function 6C8DEEFD Relevance: 16.7, APIs: 11, Instructions: 202COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DEF31
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DEF3B
_strnset_s.MSVCR100(?,?,?,?,?), ref: 6C8DEF64
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DEFA2
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DEFCE
_errno.MSVCR100(?), ref: 6C8DEFDF
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF019
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF040
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF083
_errno.MSVCR100(?), ref: 6C8DF0DA
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8DF0E4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _ismbblead_l$_errno$_invalid_parameter_noinfo$_strnset_s
String ID:
API String ID: 1238685693-0
Opcode ID: 421a414c3ae32e375dffa22e7d882b48edd7b5514ee3e6200670e55ec628b16d
Instruction ID: 25973d70cd752e142de8e6c1d41e209ebe3802eb063446987a6d1a8efba0c54a
Opcode Fuzzy Hash: 421a414c3ae32e375dffa22e7d882b48edd7b5514ee3e6200670e55ec628b16d
Instruction Fuzzy Hash: 2071B67180938ADFCF31CF68D6405DDBBB4AF15308F1548AFD8A057A41D335A585DBA2

Function 6C8DF56B Relevance: 16.7, APIs: 11, Instructions: 197COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DF59F
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DF5A9
_strnset_s.MSVCR100(?,?,?,?,?), ref: 6C8DF5D2
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF610
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF62A
_errno.MSVCR100(?), ref: 6C8DF63B
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF672
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF699
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF6DC
_errno.MSVCR100(?), ref: 6C8DF733
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8DF73D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _ismbblead_l$_errno$_invalid_parameter_noinfo$_strnset_s
String ID:
API String ID: 1238685693-0
Opcode ID: 114ea9a53fa4d3819b2f90c37f3f7fb21ceaeba0930289978faae4c0f0d7d60c
Instruction ID: 985260ee88941dfa99b7744fec25244d7bbde2e0bd57ebc12a4e88e86eeaf6ea
Opcode Fuzzy Hash: 114ea9a53fa4d3819b2f90c37f3f7fb21ceaeba0930289978faae4c0f0d7d60c
Instruction Fuzzy Hash: EA61E371C092CAAFCF30CFA896404DD7BB0AF16308F2648AFE4A056A11D735A585EF61

Function 6C88826F Relevance: 16.7, APIs: 11, Instructions: 193COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 6C887493
free.MSVCR100(?), ref: 6C88749F
free.MSVCR100(?,?), ref: 6C8874AA
_calloc_crt.MSVCR100(00000001,00000050), ref: 6C888292
_malloc_crt.MSVCR100(00000004), ref: 6C8882B2

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

_malloc_crt.MSVCR100(00000004), ref: 6C8882D5
free.MSVCR100(00000000), ref: 6C8B1699
free.MSVCR100(00000000), ref: 6C8B16A5
free.MSVCR100(?,00000000), ref: 6C8B16AD
___free_lconv_num.LIBCMT ref: 6C8B16BC

Part of subcall function 6C88767A: GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876C4
Part of subcall function 6C88767A: _calloc_crt.MSVCR100(00000000,00000002,?,?,00000000), ref: 6C8876D3
Part of subcall function 6C88767A: GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6C8876EC

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$InfoLocale_calloc_crt_malloc_crt$DecrementInterlocked___free_lconv_nummalloc
String ID:
API String ID: 2828155784-0
Opcode ID: 2635fc0c3cc31edb4ce39abce1b40fc9f7e11e22844aed5372241e83221896ae
Instruction ID: 4da24abed1d597595e790476a8d8d03bb3e15514dddec030ecf9cbcc89711f6e
Opcode Fuzzy Hash: 2635fc0c3cc31edb4ce39abce1b40fc9f7e11e22844aed5372241e83221896ae
Instruction Fuzzy Hash: D951D372A06608AFEB20CF78CE40B9B7BF9EB45354F140D6AE945EBA81E770D9448750

Function 6C8C245A Relevance: 16.7, APIs: 11, Instructions: 153threadCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C2461
InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,00000000,6C8BD96F,00000000,?,00000000,00000000), ref: 6C8C248C
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000001,?,00000000,00000000), ref: 6C8C24E7

Part of subcall function 6C8C214D: std::exception::exception.LIBCMT(6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8C216C
Part of subcall function 6C8C214D: _CxxThrowException.MSVCR100(?,6C920018,6C8C1FE2), ref: 6C8C2181

?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000001,?,00000000,00000000), ref: 6C8C24F6
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2505
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2514
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2523
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2532
GetCurrentThread.KERNEL32 ref: 6C8C2550
GetThreadPriority.KERNEL32(00000000), ref: 6C8C2557
??2@YAPAXI@Z.MSVCR100(00000838), ref: 6C8C2658

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerValue@$Thread$??2@CountCriticalCurrentExceptionH_prolog3InitializePrioritySectionSpinThrowstd::exception::exception
String ID:
API String ID: 138514572-0
Opcode ID: 90dab966410973fe81b60082c56a647ce6c158571553e7cd5327637310dff9fe
Instruction ID: bee40df5b305606142af72a72f47602941ae570cb9b6f7cbff98528cc4894def
Opcode Fuzzy Hash: 90dab966410973fe81b60082c56a647ce6c158571553e7cd5327637310dff9fe
Instruction Fuzzy Hash: 1B611670B10A42EFD718CF39C589B99FBA1BF48300F40862ED42CC7B81DB74A4248B91

Function 6C88AC1E Relevance: 16.6, APIs: 11, Instructions: 119COMMON

Download Yara Rule

APIs

_getptd.MSVCR100(6C88AC68,00000014,6C88B231,000000FD,6C88B281), ref: 6C88AC2E

Part of subcall function 6C88AC84: _getptd.MSVCR100(6C88ACE0,0000000C,6C88D0AA,?,?,6C889233,?), ref: 6C88AC90
Part of subcall function 6C88AC84: _lock.MSVCR100(0000000D), ref: 6C88ACA7

_malloc_crt.MSVCR100(00000220,6C88AC68,00000014,6C88B231,000000FD,6C88B281), ref: 6C88B81E
InterlockedDecrement.KERNEL32(?), ref: 6C88B859
InterlockedIncrement.KERNEL32(00000000), ref: 6C88B87B
_lock.MSVCR100(0000000D), ref: 6C88B896
InterlockedDecrement.KERNEL32 ref: 6C88B90D
InterlockedIncrement.KERNEL32(00000000), ref: 6C88B922

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Interlocked$DecrementIncrement_getptd_lock$_malloc_crt
String ID:
API String ID: 4169461591-0
Opcode ID: d893971751ccd0d77d6cbf5cc08068834c577cee3f4f46e8cb04b840a02d9015
Instruction ID: 47f97abd134e2b665767e5796477fac5d26260ab5e95fbfda94adbf2b77f6cc1
Opcode Fuzzy Hash: d893971751ccd0d77d6cbf5cc08068834c577cee3f4f46e8cb04b840a02d9015
Instruction Fuzzy Hash: 8D41C2309163888FCB209F79CE806997BB5BF06328F254D29D491DBF91D738D845DB60

Function 6C8FBEED Relevance: 16.6, APIs: 11, Instructions: 95COMMON

Download Yara Rule

APIs

_calloc_crt.MSVCR100(00000008,00000001), ref: 6C8FBF06
_errno.MSVCR100 ref: 6C8FBF13
_calloc_crt.MSVCR100(000000D8,00000001), ref: 6C8FBF2A
free.MSVCR100(00000000), ref: 6C8FBF38
_calloc_crt.MSVCR100(00000220,00000001), ref: 6C8FBF46
free.MSVCR100(00000000), ref: 6C8FBF56
free.MSVCR100(00000000,00000000), ref: 6C8FBF5C
__copytlocinfo_nolock.LIBCMT ref: 6C8FBF6B
free.MSVCR100(00000000,00000000,00000000), ref: 6C8FBF91
free.MSVCR100(?), ref: 6C8FBFB1
free.MSVCR100(00000000,00000000,00000000,?), ref: 6C8FBFC5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$_calloc_crt$__copytlocinfo_nolock_errno
String ID:
API String ID: 717730667-0
Opcode ID: 30fee7936be027e8bdc9d276fa18b0ef21e8aa61890d6bf4d24376675aa49d61
Instruction ID: b31ab26615f2baa5fe29c2f218745983ae13963d7f6d5a14385a3def7c3b868a
Opcode Fuzzy Hash: 30fee7936be027e8bdc9d276fa18b0ef21e8aa61890d6bf4d24376675aa49d61
Instruction Fuzzy Hash: C8213A35146601EBE7315F6DDF0099A77E5DF823A8B104C39E4A84BF60DF31C8858A60

Function 6C8CC5FD Relevance: 16.6, APIs: 11, Instructions: 66threadCOMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8CC60D
_invalid_parameter_noinfo.MSVCR100 ref: 6C8CC618

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__set_flsgetvalue.MSVCR100 ref: 6C8CC623
_calloc_crt.MSVCR100(00000001,00000214), ref: 6C8CC62F
_getptd.MSVCR100 ref: 6C8CC63C
_initptd.MSVCR100(00000000,?), ref: 6C8CC645
CreateThread.KERNEL32(00000000,?,6C8CC5A4,00000000,00000004,00000000), ref: 6C8CC663
ResumeThread.KERNEL32(00000000), ref: 6C8CC673
GetLastError.KERNEL32 ref: 6C8CC67E
free.MSVCR100(00000000), ref: 6C8CC687
__dosmaperr.LIBCMT(00000000), ref: 6C8CC692

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr__set_flsgetvalue_calloc_crt_errno_getptd_initptd_invalid_parameter_invalid_parameter_noinfofree
String ID:
API String ID: 697002476-0
Opcode ID: 4caa0917abaff3033ba36320bda566538b001b5ed1807004b39fc1c57e3e6a0d
Instruction ID: c3b95f08036fd6a403073fde050a0dfad07f97b1ea98ad9b6ebff0043aa85b56
Opcode Fuzzy Hash: 4caa0917abaff3033ba36320bda566538b001b5ed1807004b39fc1c57e3e6a0d
Instruction Fuzzy Hash: 5211A7363037546AD7316BB98F48E9A3755DF82738B200E29F52886FC1DB71D80486A6

Function 6C881122 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 259COMMON

Download Yara Rule

APIs

_get_printf_count_output.MSVCR100 ref: 6C88117C
__forcdecpt_l.LIBCMT ref: 6C881293
_mbtowc_l.MSVCR100(?,?,?,?), ref: 6C88177F
__aulldvrm.LIBCMT ref: 6C881A22

Strings

@, xrefs: 6C880FC5
@, xrefs: 6C881592
g, xrefs: 6C88129A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm__forcdecpt_l_get_printf_count_output_mbtowc_l
String ID: @$@$g
API String ID: 1620304106-3810856864
Opcode ID: 19bbc4614f64e63072a0744e0244604c89b64bace705611095d1afeee251d45a
Instruction ID: d43290a4ff1a3631f247d6e7627ee3fecd27fe83a01179e274e1a8df9e8b7673
Opcode Fuzzy Hash: 19bbc4614f64e63072a0744e0244604c89b64bace705611095d1afeee251d45a
Instruction Fuzzy Hash: 93B18DB090622DCBDB308A18CE807D9B7B4AB05318F1449E9D768A7E81DB749EC5CF58

Function 6C892838 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_lock.MSVCR100(00000007,6C8928E8,0000000C), ref: 6C892846

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

_wcslen.LIBCMT(00000000,6C8928E8,0000000C), ref: 6C89289D
wcscpy_s.MSVCR100(?,?,00000000,6C8928E8,0000000C), ref: 6C8928BB
_errno.MSVCR100(6C8928E8,0000000C), ref: 6C8B088D
_invalid_parameter_noinfo.MSVCR100(6C8928E8,0000000C), ref: 6C8B0897

Strings

", xrefs: 6C8B08B1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalEnterSection_errno_invalid_parameter_noinfo_lock_wcslenwcscpy_s
String ID: "
API String ID: 173085347-123907689
Opcode ID: a8123b0f6eb253421328e0de3cd29601dd08af21d14d27d47425d73d03f6ad7f
Instruction ID: b1b206dd1f735965258efea0be9b3f097070219bbedea4199a16f345bad217f0
Opcode Fuzzy Hash: a8123b0f6eb253421328e0de3cd29601dd08af21d14d27d47425d73d03f6ad7f
Instruction Fuzzy Hash: 4821D7719423AA9BDF30AFAC9F841EE77A1AF04318F204C39E534E6F40D73846459B91

Function 6C897A24 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT(?,?), ref: 6C897A6D
_getptd.MSVCR100 ref: 6C897A74
_getptd.MSVCR100 ref: 6C897A82
_getptd.MSVCR100 ref: 6C897A90
_getptd.MSVCR100 ref: 6C897A9B
_getptd.MSVCR100 ref: 6C897AA6

Strings

csm, xrefs: 6C897A43

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$CreateFrameInfo
String ID: csm
API String ID: 4181383844-1018135373
Opcode ID: 8ec51cf5f6161e2fe22f505791f89f019e248bd25405dbe91789e180930a91ee
Instruction ID: 2b8a5072e2d9e52ef1f7f7f15a98c3bf3ecf2da19b75aef1eca3a86a1ebc95b3
Opcode Fuzzy Hash: 8ec51cf5f6161e2fe22f505791f89f019e248bd25405dbe91789e180930a91ee
Instruction Fuzzy Hash: 6B119031502745DEC730DF6E8604B98B7E4BF41338F588E79D468CBE61CB31AA498B92

Function 6C89608F Relevance: 15.2, APIs: 10, Instructions: 245COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000009,?,?,00000000,00000000), ref: 6C89612C
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000), ref: 6C896192
MultiByteToWideChar.KERNEL32(00000000,00000009,6C896293,00000000,00000000,00000000), ref: 6C8961AB
MultiByteToWideChar.KERNEL32(00000000,00000001,6C896293,00000000,00000000,00000000), ref: 6C8961FC
CompareStringW.KERNEL32(?,?,00000000,?,00000000,00000000), ref: 6C896210
_freea_s.MSVCR100(00000000), ref: 6C89621A
_freea_s.MSVCR100(00000000), ref: 6C896223

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide$_freea_s$CompareString
String ID:
API String ID: 3891795400-0
Opcode ID: cc855ccf687873a576e237f9f3d5966cca6106562c2559d22c0e86d33d2b5c65
Instruction ID: a24998544e5b42245a8565b4bb200a04f4b4a4236d456eaaab9dbaa26cf6bf3f
Opcode Fuzzy Hash: cc855ccf687873a576e237f9f3d5966cca6106562c2559d22c0e86d33d2b5c65
Instruction Fuzzy Hash: F181F571A052499FDF724FA88F91BDE3BB59F45328F240A29E520E6AD0D735D840CB91

Function 6C884F99 Relevance: 15.2, APIs: 10, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000100,00000001,00000000,?,?,?,?,?,?,?), ref: 6C884FE8
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6C88504B
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 6C885067
LCMapStringW.KERNEL32(?,?,?,?,00000000,?), ref: 6C8850D1
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 6C8850F0
_freea_s.MSVCR100(00000000), ref: 6C8850FA
_freea_s.MSVCR100(?), ref: 6C885103
malloc.MSVCR100(00000008), ref: 6C8B0D21

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide$String_freea_s$malloc
String ID:
API String ID: 1406006131-0
Opcode ID: 68b9aeb3a431cc8a0170e5216c34ab373edfcb7bfc25b1960cec563c27c14e90
Instruction ID: 25f5c90519d4b35645ac66a87a4522c9d5af1cfecf4e2ab44d73baaa7efdeaee
Opcode Fuzzy Hash: 68b9aeb3a431cc8a0170e5216c34ab373edfcb7bfc25b1960cec563c27c14e90
Instruction Fuzzy Hash: 7B51E87690224EEFEF218F94CE8089E7BB6FB85358B604D79F51692D50D731C850CB50

Function 6C8C0CF5 Relevance: 15.2, APIs: 10, Instructions: 153COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C0CFC
EnterCriticalSection.KERNEL32(?,00000010,6C8B8C33,00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000), ref: 6C8C0D11
??2@YAPAXI@Z.MSVCR100(0000000C), ref: 6C8C0D51
??2@YAPAXI@Z.MSVCR100(00000120), ref: 6C8C0DA4
_memset.LIBCMT(00000000,00000000,00000120), ref: 6C8C0DB6
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C8C0DDB
_memset.LIBCMT(00000020,00000000,00000100), ref: 6C8C0DEF
SetEvent.KERNEL32(?), ref: 6C8C0E96
LeaveCriticalSection.KERNEL32(?), ref: 6C8C0EA3
CloseHandle.KERNEL32(00000000), ref: 6C8C0EC7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@CriticalEventSection_memset$CloseCreateEnterH_prolog3HandleLeave
String ID:
API String ID: 3129499143-0
Opcode ID: 6b5ea1283f93617fcbfba5a0ca2b188a79271ebf806c8929ab3c6dcc8fb12400
Instruction ID: d47446337258dcbe4f16455f0242b128e1f82f4383100383d487682295c25905
Opcode Fuzzy Hash: 6b5ea1283f93617fcbfba5a0ca2b188a79271ebf806c8929ab3c6dcc8fb12400
Instruction Fuzzy Hash: 47519EB0A01745DFD724CF68C684B9ABBF4FF09358F008969E5999BB50E730E944CBA1

Function 6C8DC2E8 Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DC316
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DC321
MultiByteToWideChar.KERNEL32(?,00000009,?,000000FF,?,?,?), ref: 6C8DC383
GetLastError.KERNEL32 ref: 6C8DC38D
_isleadbyte_l.MSVCR100(?,?), ref: 6C8DC3B3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 6C8DC3DE
_errno.MSVCR100 ref: 6C8DC3E4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide_errno$ErrorLast_invalid_parameter_noinfo_isleadbyte_l
String ID:
API String ID: 4049637251-0
Opcode ID: b34e929fb22319cbe2ef22a974996e896f5e4b8da11a5a00ddbe743d0cb30f96
Instruction ID: 92f94abe77b1081472d21669f2f7d08833f54b6e6944d43238250c1be47aaaf4
Opcode Fuzzy Hash: b34e929fb22319cbe2ef22a974996e896f5e4b8da11a5a00ddbe743d0cb30f96
Instruction Fuzzy Hash: B3414D30504245AFCB32AF68CE44BAF3BB1FF42369F260E51E46097992E730D441CBA1

Function 6C890E33 Relevance: 15.1, APIs: 10, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000080,00000000,6C9235D0,00000001,?,?,00000000,?,?,?,?,6C9235D0,?), ref: 6C890E8F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: e2d1fa0937f7b1cc39ac50f4ab7a1cf02bb3f9b393720de224ec0217ee20478e
Instruction ID: adff014d34ae1155ddc42f9a1bbc7049f5a46545f4be831fbf268c0a2ae24817
Opcode Fuzzy Hash: e2d1fa0937f7b1cc39ac50f4ab7a1cf02bb3f9b393720de224ec0217ee20478e
Instruction Fuzzy Hash: 2D41E8325012899FDF319F9CCAD49DE3BB5EB46318B100D69E5608BE90D7318D82CF91

Function 6C8DA398 Relevance: 15.1, APIs: 10, Instructions: 116timeCOMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DA3BE
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DA3C8

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_get_timezone.MSVCR100(?), ref: 6C8DA3E9
GetSystemTimeAsFileTime.KERNEL32(?), ref: 6C8DA40F
__aulldiv.LIBCMT ref: 6C8DA429
GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 6C8DA451
__aulldiv.LIBCMT ref: 6C8DA4BF
__aullrem.LIBCMT ref: 6C8DA4CD
__aulldiv.LIBCMT ref: 6C8DA4EB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Time__aulldiv$FileInformationSystemZone__aullrem_errno_get_timezone_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 1439004929-0
Opcode ID: 6acfccc04818e3d4cea7360147bc2ea121250bef8aee87738562ded8cbe89313
Instruction ID: a7f221bef6e544d2e8537b82d23c85dcaaf01bf878a2165411673f28807d0992
Opcode Fuzzy Hash: 6acfccc04818e3d4cea7360147bc2ea121250bef8aee87738562ded8cbe89313
Instruction Fuzzy Hash: DC412631A05308DBDB30DF69CE44FCA77BAEB85318F214959E154A7A80D774A980CF51

Function 6C8D9487 Relevance: 15.1, APIs: 10, Instructions: 110timeCOMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D94AD
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D94B7

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_get_timezone.MSVCR100(?), ref: 6C8D94D8
GetSystemTimeAsFileTime.KERNEL32(?), ref: 6C8D94FE
__aulldiv.LIBCMT ref: 6C8D9518
GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 6C8D9532
__aulldiv.LIBCMT ref: 6C8D9595
__aullrem.LIBCMT ref: 6C8D95A3
__aulldiv.LIBCMT ref: 6C8D95C1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Time__aulldiv$FileInformationSystemZone__aullrem_errno_get_timezone_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 1439004929-0
Opcode ID: 98aacac13dc8ee90b9cafde0828a9985f0063bb91a85393190800a3e579bab87
Instruction ID: 5da783dd84b63cec593631ad2c513957602249e4ea3fe9d61e431e0af3d0df45
Opcode Fuzzy Hash: 98aacac13dc8ee90b9cafde0828a9985f0063bb91a85393190800a3e579bab87
Instruction Fuzzy Hash: FE310971A143089ADF30DF68CE84FDA73BDAB85318F210969E114E7A80DB74A984CB91

Function 6C8C7566 Relevance: 15.1, APIs: 10, Instructions: 94COMMON

Download Yara Rule

APIs

_encoded_null.MSVCR100 ref: 6C8C75A5
GetLastError.KERNEL32 ref: 6C8C75DA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast_encoded_null
String ID:
API String ID: 989074312-0
Opcode ID: 9dc2be531d48ee46b94f95dd6c43246e570e2f46d1739a7668f948dc7afd682f
Instruction ID: cfcbf0832d50ad11edb2fff630de911bae1a4e258a646e34b8a1208c599c34c3
Opcode Fuzzy Hash: 9dc2be531d48ee46b94f95dd6c43246e570e2f46d1739a7668f948dc7afd682f
Instruction Fuzzy Hash: 5831A035B2A244DFEF20DF7CCA04F597BB0BB46359F210924D494A3681E738E800EB62

Function 6C8C8FD6 Relevance: 15.1, APIs: 10, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C8FDD

Part of subcall function 6C8C245A: __EH_prolog3.LIBCMT ref: 6C8C2461
Part of subcall function 6C8C245A: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,00000000,6C8BD96F,00000000,?,00000000,00000000), ref: 6C8C248C
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000001,?,00000000,00000000), ref: 6C8C24E7
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000001,?,00000000,00000000), ref: 6C8C24F6
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2505
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2514
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2523
Part of subcall function 6C8C245A: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6C8C2532
Part of subcall function 6C8C245A: GetCurrentThread.KERNEL32 ref: 6C8C2550
Part of subcall function 6C8C245A: GetThreadPriority.KERNEL32(00000000), ref: 6C8C2557

Part of subcall function 6C8BF2B7: __EH_prolog3.LIBCMT ref: 6C8BF2BE
Part of subcall function 6C8BF2B7: EnterCriticalSection.KERNEL32(6C8BD93F,00000008,6C8C9035), ref: 6C8BF2D0
Part of subcall function 6C8BF2B7: ??2@YAPAXI@Z.MSVCR100(00000024), ref: 6C8BF2E2
Part of subcall function 6C8BF2B7: ??2@YAPAXI@Z.MSVCR100(00000030), ref: 6C8BF307
Part of subcall function 6C8BF2B7: LeaveCriticalSection.KERNEL32(?), ref: 6C8BF329

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C8C9039
GetLastError.KERNEL32 ref: 6C8C9049
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C9061
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C906F
GetLastError.KERNEL32 ref: 6C8C908C
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C90A4
GetLastError.KERNEL32 ref: 6C8C90CE
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C90E6
InitializeSListHead.KERNEL32(000000E8), ref: 6C8C90FF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerValue@$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCriticalErrorH_prolog3LastSection$??2@InitializeThread$CountCreateCurrentEnterEventExceptionHeadLeaveListPrioritySpinThrow
String ID:
API String ID: 7361241-0
Opcode ID: bf796b3c722810a2bd2660605a160e1629711fb0554a996d8a5d82a46dc3a8d7
Instruction ID: 6dacfd3ed0ffebbea5a158e8953d107dbbc7ff6674826c011b06909f5b94bd58
Opcode Fuzzy Hash: bf796b3c722810a2bd2660605a160e1629711fb0554a996d8a5d82a46dc3a8d7
Instruction Fuzzy Hash: 2131707161060A9FCB21DF64C985BDE77B4BF45308F504D39E46AE7A00DB38E509CB61

Function 6C8C1F26 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C8C1F2D
??2@YAPAXI@Z.MSVCR100(00000024,0000003C,6C8C1F21,?,?,?,?,?,6C8C03E2,?,00000000,6C924628,0000000C,6C8C0342,?,?), ref: 6C8C1F36

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

memcpy.MSVCR100(00000000,6C926310,00000024,0000003C,6C8C1F21,?,?,?,?,?,6C8C03E2,?,00000000,6C924628,0000000C,6C8C0342), ref: 6C8C1F53
std::exception::exception.LIBCMT(?,?,6C920034,?,00000002,00000001), ref: 6C8C1F86
_CxxThrowException.MSVCR100(?,6C920034,?,00000002,00000001), ref: 6C8C1F9B
std::exception::exception.LIBCMT(?,6C8B3A58,6C920018,?), ref: 6C8C1FBA
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000001), ref: 6C8C1FDD
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000001), ref: 6C8C1FE8
Concurrency::unsupported_os::unsupported_os.LIBCMT(00000002,00000001), ref: 6C8C1FFE
Concurrency::unsupported_os::unsupported_os.LIBCMT(?,00000002,00000001), ref: 6C8C201A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policy$Concurrency::unsupported_os::unsupported_osConcurrency@@ElementKey@2@@Policy@SchedulerValue@std::exception::exception$??2@ExceptionH_prolog3_catchThrowmallocmemcpy
String ID:
API String ID: 1209366282-0
Opcode ID: b59fcb21951e2709531095ffa09e07bea4816fc96b22af0d178243ebe8a6c0b2
Instruction ID: 19be3b3e875c3287bb21f3c8980b22dfbf2d6f70d6cd1c4d4e9122d1bfed1021
Opcode Fuzzy Hash: b59fcb21951e2709531095ffa09e07bea4816fc96b22af0d178243ebe8a6c0b2
Instruction Fuzzy Hash: AD31E471A00108DBDB20EF68CA85ADDB774AF44358F105D36E515ABF80DB34EA09CB53

Function 6C89786B Relevance: 15.1, APIs: 10, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C89789E
_errno.MSVCR100 ref: 6C8A93FC
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9407
_errno.MSVCR100 ref: 6C8A9425
_errno.MSVCR100 ref: 6C8A9432
_errno.MSVCR100 ref: 6C8A943C
_errno.MSVCR100 ref: 6C8A946C
_errno.MSVCR100 ref: 6C8A9476
_errno.MSVCR100 ref: 6C8A9489
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9494

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: 818247f7408ba2f5aac814639ec442dbfaf845fde9498525b9ad47804a73e27f
Instruction ID: a4915a1d16e2b2d4c9f5253be8868af3a5bea99c88af3c5b173449b68ed4a46a
Opcode Fuzzy Hash: 818247f7408ba2f5aac814639ec442dbfaf845fde9498525b9ad47804a73e27f
Instruction Fuzzy Hash: AD21B73140B6559ECB316FED8B4069F3624AF4233CB150F64E53497F90DB3288128BA2

Function 6C88FD24 Relevance: 15.1, APIs: 10, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(00000007,6C88FD98,0000000C), ref: 6C88FD32

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

_wcslen.LIBCMT(00000000,6C88FD98,0000000C), ref: 6C88FDB5
calloc.MSVCR100(00000001,00000002,00000000,6C88FD98,0000000C), ref: 6C88FDC0
wcscpy_s.MSVCR100(00000000,00000001,00000000), ref: 6C88FDD7
_errno.MSVCR100(6C88FD98,0000000C), ref: 6C8B08C8
_invalid_parameter_noinfo.MSVCR100(6C88FD98,0000000C), ref: 6C8B08D2
_errno.MSVCR100 ref: 6C8B08E3
_errno.MSVCR100 ref: 6C8B08EE

Part of subcall function 6C88FCB3: _wcslen.LIBCMT(00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FCD5
Part of subcall function 6C88FCB3: _wcslen.LIBCMT(00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FCE8
Part of subcall function 6C88FCB3: _wcsnicoll.MSVCR100(00000000,00000000,00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FD05

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_wcslen$CriticalEnterSection_invalid_parameter_noinfo_lock_wcsnicollcallocwcscpy_s
String ID:
API String ID: 2000213683-0
Opcode ID: e2efde8386a30045946f1e2f116fb311f6c022455fa4f029f435f1863c3a189a
Instruction ID: 99ee0e0b23492d1bd27451e69abd7304601b8210f2e3c776a04d3f88f557d0b8
Opcode Fuzzy Hash: e2efde8386a30045946f1e2f116fb311f6c022455fa4f029f435f1863c3a189a
Instruction Fuzzy Hash: A821B0B15436A59BCB319F688F406DD3761AF05714F218D20E510EBF50DB748A458BD1

Function 6C897EC4 Relevance: 15.1, APIs: 10, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(00000008,6C897F98,00000018,6C8CC0CB,00000001,00000001,00000000,?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9), ref: 6C897EE6
DecodePointer.KERNEL32(6C897F98,00000018,6C8CC0CB,00000001,00000001,00000000,?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F20
DecodePointer.KERNEL32(?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F35
_encoded_null.MSVCR100(?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F4C
DecodePointer.KERNEL32(-00000004,?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F5B
_encoded_null.MSVCR100(?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F5F
DecodePointer.KERNEL32(?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F6E
DecodePointer.KERNEL32(?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001,?,6C8821A9,0000000D), ref: 6C897F78

Part of subcall function 6C897E18: GetModuleHandleW.KERNEL32(00000000,6C897EDC,6C897F98,00000018,6C8CC0CB,00000001,00000001,00000000,?,6C8CC0FC,000000FF,?,6C8A7507,00000011,00000001), ref: 6C897E1A

___crtCorExitProcess.LIBCMT ref: 6C8A7405

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecodePointer$_encoded_null$ExitHandleModuleProcess___crt_lock
String ID:
API String ID: 729311798-0
Opcode ID: 97ff5bb29d1137c67b818e598384e4e079864fac7fd091a7ca4cf55f4e93e147
Instruction ID: 2c2ba003225eec5513e97bbbaba16da5fe32b092784dc802d80b10d188575cac
Opcode Fuzzy Hash: 97ff5bb29d1137c67b818e598384e4e079864fac7fd091a7ca4cf55f4e93e147
Instruction Fuzzy Hash: C6319A30A0A249CFDF209FACCA802CCBBF1BF58309F20497AD514B2A50DBB84944DF60

Function 6C8D74E3 Relevance: 15.1, APIs: 10, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,6C8D61BC,?,?,?,?,00000000,?), ref: 6C8D74EE
_invalid_parameter_noinfo.MSVCR100(?,6C8D61BC,?,?,?,?,00000000,?), ref: 6C8D74F9

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 340685940-0
Opcode ID: 0deb8c9500308222bd42bda6a19299569e9608b0beff44932878ca35c8deed12
Instruction ID: 278d07cf09345bf5562164fb53c364d3ea220e5c94b84d19a75142caa11dad65
Opcode Fuzzy Hash: 0deb8c9500308222bd42bda6a19299569e9608b0beff44932878ca35c8deed12
Instruction Fuzzy Hash: 7221E27145A6859ECB313E798B40B9E3B749F4233CF160F64E5244AF94E731A8448BE3

Function 6C8CABC4 Relevance: 15.1, APIs: 10, Instructions: 80librarythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 6C8CABDB
GetModuleFileNameW.KERNEL32(6C870000,?,00000104), ref: 6C8CABF7
LoadLibraryW.KERNEL32(?), ref: 6C8CAC08
GetLastError.KERNEL32 ref: 6C8CAC1F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8CAC3A
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8CAC4B
CreateThread.KERNEL32(00000000,00000000,-00000018,6C8C0ED5,00010000,?), ref: 6C8CAC8D
GetLastError.KERNEL32 ref: 6C8CAC97
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8CACAF
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8CACBD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastModuleThrow$CreateFileHandleLibraryLoadNameThread
String ID:
API String ID: 475412-0
Opcode ID: c437ad9e8cc1faee4c3d09df2b3241439b4f8fafe283edf49b74ee9801122bfc
Instruction ID: 2e6d244a66d28726e251053c4136ed033b54b4104627c9a030ceb58118dcd20e
Opcode Fuzzy Hash: c437ad9e8cc1faee4c3d09df2b3241439b4f8fafe283edf49b74ee9801122bfc
Instruction Fuzzy Hash: C9219031704209ABDF24DFA4CD49BEE3778BF05708F110879E516D6A81EB34DA48DBA1

Function 6C8FC2BC Relevance: 15.1, APIs: 10, Instructions: 72COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8FC2CA
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FC2D4

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_wcslen.LIBCMT(?), ref: 6C8FC2F7
wcscpy_s.MSVCR100(?,?,?), ref: 6C8FC307
wcscat_s.MSVCR100(?,?,6C8B31F8), ref: 6C8FC31A
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8FC32D
_errno.MSVCR100 ref: 6C8FC332
_wcslen.LIBCMT(?,00000000), ref: 6C8FC33A
_wcslen.LIBCMT(?,?,00000000), ref: 6C8FC344
_wcserror_s.MSVCR100(00000000,?,00000000), ref: 6C8FC34E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _wcslen$_errno$__invoke_watson_invalid_parameter_invalid_parameter_noinfo_wcserror_swcscat_swcscpy_s
String ID:
API String ID: 998693625-0
Opcode ID: 4d83848fe4bd79f1031c89349d47d79869a09973bacd23b839d068d39fc6bc0f
Instruction ID: 4a860b28e9ca2d3f32772251e4673b11f71d6e69b0c1f4404f11537fbd486e51
Opcode Fuzzy Hash: 4d83848fe4bd79f1031c89349d47d79869a09973bacd23b839d068d39fc6bc0f
Instruction Fuzzy Hash: 5211E97254221067DB3166799E84EEB376CEF857E87100C39E824D7F01EB75D50A92A1

Function 6C882ADB Relevance: 15.1, APIs: 10, Instructions: 70memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000000,6C91FC34,00000000,00000000,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010), ref: 6C882B14
malloc.MSVCR100(6C91FC34,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?), ref: 6C882B90
free.MSVCR100(00000000,00000000,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57), ref: 6C8AF367
_callnewh.MSVCR100(6C91FC34,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?), ref: 6C8AF383
_callnewh.MSVCR100(6C91FC34,00000000,00000000,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010), ref: 6C8AF394
_errno.MSVCR100(00000000,00000000,?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57), ref: 6C8AF39A
_errno.MSVCR100(?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?,6C88AA70), ref: 6C8AF3AC
GetLastError.KERNEL32(?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?,6C88AA70), ref: 6C8AF3B3
_errno.MSVCR100(?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?,6C88AA70), ref: 6C8AF3C4
GetLastError.KERNEL32(?,6C882BAC,?,6C91FC34,00000000,00000000,?,6C8B061F,00000000,00000010,?,?,?,6C88AA57,?,6C88AA70), ref: 6C8AF3CB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$ErrorLast_callnewh$AllocHeapfreemalloc
String ID:
API String ID: 2627451454-0
Opcode ID: cf0716a53c6f1bad0b7c56513bf22543250a2c07986ed667cd590e088e3a7efb
Instruction ID: ce1012dbf9e1cc6517ccc89d2336c90d7a0381e9f0fc744eaf42a5dabb25f65f
Opcode Fuzzy Hash: cf0716a53c6f1bad0b7c56513bf22543250a2c07986ed667cd590e088e3a7efb
Instruction Fuzzy Hash: F111D632507616B7CB311EB8DA08B9936A5AB52768F204D35E854CBE90DB35C44187A0

Function 6C8CC789 Relevance: 15.1, APIs: 10, Instructions: 63threadCOMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8CC799
_invalid_parameter_noinfo.MSVCR100 ref: 6C8CC7A4

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__set_flsgetvalue.MSVCR100 ref: 6C8CC7AE
_calloc_crt.MSVCR100(00000001,00000214), ref: 6C8CC7BA
_getptd.MSVCR100 ref: 6C8CC7C7
_initptd.MSVCR100(00000000,?), ref: 6C8CC7D0
CreateThread.KERNEL32(?,?,6C8CC724,00000000,?,?), ref: 6C8CC7FE
GetLastError.KERNEL32 ref: 6C8CC808
free.MSVCR100(00000000), ref: 6C8CC811
__dosmaperr.LIBCMT(00000000), ref: 6C8CC81C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr__set_flsgetvalue_calloc_crt_errno_getptd_initptd_invalid_parameter_invalid_parameter_noinfofree
String ID:
API String ID: 2355482382-0
Opcode ID: 31991614bc8170a056c9259bdd5add4ab9c342fb038dada336b16d18bee987b6
Instruction ID: 0d562e4ba9c0a00f1f95635f4e829d86534910323d4f2718365afdb1f6f6da68
Opcode Fuzzy Hash: 31991614bc8170a056c9259bdd5add4ab9c342fb038dada336b16d18bee987b6
Instruction Fuzzy Hash: CD112932306755AFD720AFAD8E84DCB37E8EF453787100D39F81486E81EB31D81586A1

Function 6C8831D8 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_strlen.LIBCMT(6C8B3090), ref: 6C8831CC
_get_printf_count_output.MSVCR100 ref: 6C883233
__forcdecpt_l.LIBCMT ref: 6C88334A
__aulldvrm.LIBCMT ref: 6C88392E

Strings

@, xrefs: 6C8839F0
g, xrefs: 6C883351
@, xrefs: 6C882FFA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm__forcdecpt_l_get_printf_count_output_strlen
String ID: @$@$g
API String ID: 632275685-3810856864
Opcode ID: 0ea5c114df8bfbb6a3e59a76b9068a489a6c7f53ae713eb3fa570929100a3049
Instruction ID: 4cc61ac0526c21372180bdedf59d10b45ecb59abc10eb68901026b8922d16f19
Opcode Fuzzy Hash: 0ea5c114df8bfbb6a3e59a76b9068a489a6c7f53ae713eb3fa570929100a3049
Instruction Fuzzy Hash: 80A189B090622D8BDB30CF19CE807D9B7B4AB05318F1449E9D748A7A41EB349EC5CF68

Function 6C88DEAC Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 6C891AE0
atol.MSVCR100(?,?,00000010,00000000,00000000,00000000), ref: 6C8AD66F

Strings

void, xrefs: 6C891AD8
`template-parameter, xrefs: 6C8AD68F, 6C8AD6D2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator=atol
String ID: `template-parameter$void
API String ID: 1388095176-4057429177
Opcode ID: 2a163416c691eacaff68bf2785028c7f15ac2257eb08f2b9c5550df33509582a
Instruction ID: 427c9c98b7f80c9c6b7fb6dc39b0d47674406222fbf960b6feb6589a50f04b68
Opcode Fuzzy Hash: 2a163416c691eacaff68bf2785028c7f15ac2257eb08f2b9c5550df33509582a
Instruction Fuzzy Hash: 4B513D71E062499FCF20DFA8DA909EEB7F8AF09304F60482BE555E7A40DB359909CF10

Function 6C8BF6E9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8BF70B

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(6C8BF84C,6C91FE78,?), ref: 6C8BF720

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

InterlockedPopEntrySList.KERNEL32(?), ref: 6C8BF72E
??2@YAPAXI@Z.MSVCR100(00000010), ref: 6C8BF743

Strings

proc, xrefs: 6C8BF704

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Exception$??2@Copy_strEntryInterlockedListRaiseThrowstd::exception::_std::exception::exception
String ID: proc
API String ID: 3545228409-735085620
Opcode ID: 48a8dc4fcce10d79142ab10e598e9be50258a70d4cf4dc6e034a7407229711bf
Instruction ID: 80869c983b2245fc10140712af3aea4c0db16b195aaf7bdca53dc2ee669db84e
Opcode Fuzzy Hash: 48a8dc4fcce10d79142ab10e598e9be50258a70d4cf4dc6e034a7407229711bf
Instruction Fuzzy Hash: 1D41C479500715AFC325CF68CA84A89B7F4FF0A728B1189AAE415EBF61D770E844CB90

Function 6C8C5672 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C8C5679
malloc.MSVCR100(?,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C56C3

Part of subcall function 6C880233: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7), ref: 6C880263

std::exception::exception.LIBCMT(?,00000001,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C56EC
_CxxThrowException.MSVCR100(?,6C88BDD8,?,00000001,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C5701
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z.MSVCR100(00000000,00000002,00000001,000000FF,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C5736
_freea_s.MSVCR100(00000000,00000000,00000002,00000001,000000FF,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C573C
?wait@event@Concurrency@@QAEII@Z.MSVCR100(000000FF,00000014,6C8C5DD5,?,00000001,00000001), ref: 6C8C574B

Strings

bad allocation, xrefs: 6C8C56E5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@$?wait@event@?wait_for_multiple@event@AllocateExceptionH_prolog3_HeapThrowV12@_freea_smallocstd::exception::exception
String ID: bad allocation
API String ID: 2067162669-2104205924
Opcode ID: af8fa49b1c33dafcbc97d852beb22156990ce63b4a2c98b59c231c19e55c5f76
Instruction ID: c9e4b17b35f1d1027f16ac3cb609b1817559cc43e10c15dea298ce9de2d306fa
Opcode Fuzzy Hash: af8fa49b1c33dafcbc97d852beb22156990ce63b4a2c98b59c231c19e55c5f76
Instruction Fuzzy Hash: D021E272A013169BDF20CF58CE80EDD73A5AF85314F554A24E850ABF90EB34DD49CB62

Function 6C8F2E90 Relevance: 13.9, APIs: 9, Instructions: 367COMMONLIBRARYCODE

Download Yara Rule

APIs

_W_store_num.LIBCMT ref: 6C8F310D
_W_store_winword.LIBCMT ref: 6C8F3133
_W_store_winword.LIBCMT ref: 6C8F315E
_errno.MSVCR100(?,?,?,6C8F33F1,?,?,00000000,?,?,?,00000000,?,?,?), ref: 6C8F31A0
_invalid_parameter_noinfo.MSVCR100(?,?,?,6C8F33F1,?,?,00000000,?,?,?,00000000,?,?,?), ref: 6C8F31AB
__tzname.MSVCR100(000000FF,?,?,?,?,6C8F33F1,?,?,00000000,?,?,?,00000000), ref: 6C8F3208
_mbstowcs_s_l.MSVCR100(00000000,?,?,00000000,000000FF,?,?,?,?,6C8F33F1,?,?,00000000,?,?,?), ref: 6C8F3229
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6C8F3254
_W_store_str.LIBCMT ref: 6C8F32F1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: W_store_winword$W_store_numW_store_str__invoke_watson__tzname_errno_invalid_parameter_noinfo_mbstowcs_s_l
String ID:
API String ID: 1181387638-0
Opcode ID: 254e3a18d3e7fb618808ce342fef462dbe13fe0f950fdf14535dd403b941c6b9
Instruction ID: f3429774aa2a6e02e0ef1fbf55752abe33c4c846e79c1ab41b6bfe9989fc3bd8
Opcode Fuzzy Hash: 254e3a18d3e7fb618808ce342fef462dbe13fe0f950fdf14535dd403b941c6b9
Instruction Fuzzy Hash: 77C15DB134124B9BEF348E58CA81B9A3765FF453C9F244919F93087A54D335EC938B92

Function 6C8969D5 Relevance: 13.7, APIs: 9, Instructions: 226COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT(?,000000FF,00000024,?,?,6C8969D0,?), ref: 6C8969F5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C896A30
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C896AED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C896B46
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C896B63
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C896B86
_errno.MSVCR100(?,?,6C8969D0,?), ref: 6C8A9D32
_invalid_parameter_noinfo.MSVCR100(?,?,6C8969D0,?), ref: 6C8A9D3C
_errno.MSVCR100(?,?,?,?,6C8969D0,?), ref: 6C8A9D56

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$_errno$_invalid_parameter_noinfo_memset
String ID:
API String ID: 1299486453-0
Opcode ID: d8a7c3421c387c65e75fa76e8dc57c8c7ea7748b5b2fd98b494c85636e67684b
Instruction ID: 73a7084aa13e0969188ad223eeb32a6d6d9c071c51ea630d5823233e1bc7b7a6
Opcode Fuzzy Hash: d8a7c3421c387c65e75fa76e8dc57c8c7ea7748b5b2fd98b494c85636e67684b
Instruction Fuzzy Hash: DA614571A05304AFDB249FACCD40B9EB7F6EB85329F148A3DF510DBA90E77599418B80

Function 6C88AD86 Relevance: 13.7, APIs: 9, Instructions: 200COMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32(?), ref: 6C88AD93
_calloc_crt.MSVCR100(00000020,00000040), ref: 6C88AD9F
GetStdHandle.KERNEL32(-000000F6), ref: 6C88AE36
GetFileType.KERNEL32(00000000), ref: 6C88AE50
InitializeCriticalSectionAndSpinCount.KERNEL32(-6C923734,00000FA0), ref: 6C88AE80
SetHandleCount.KERNEL32 ref: 6C88AEA1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CountHandle$CriticalFileInfoInitializeSectionSpinStartupType_calloc_crt
String ID:
API String ID: 1159209115-0
Opcode ID: 3740250d1b9f86adab9bc2898e708388f2509aebe04b6dfe1865c326a49c9ebe
Instruction ID: 13f6dea5f5de650f5cec4c5d2f3d85e45aeec7bbdf9504abb6790823302aa33e
Opcode Fuzzy Hash: 3740250d1b9f86adab9bc2898e708388f2509aebe04b6dfe1865c326a49c9ebe
Instruction Fuzzy Hash: 4A7122716067418FEB208B68CA88B5A77B4AF06328F244F68C5A5DBAD0E734E845CB55

Function 6C8DF37F Relevance: 13.7, APIs: 9, Instructions: 185stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DF3AF
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DF3B9
strncpy_s.MSVCR100(?,?,?,?,?), ref: 6C8DF3F9
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF442
_errno.MSVCR100(?), ref: 6C8DF4B5
_ismbblead_l.MSVCR100(?,?,?), ref: 6C8DF4DA
_errno.MSVCR100(?), ref: 6C8DF513
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8DF51D
_errno.MSVCR100(?), ref: 6C8DF53D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_ismbblead_l$strncpy_s
String ID:
API String ID: 3147246080-0
Opcode ID: 49084e12c5634b505b40de1cfc470bbad7b5453b1a8ff27641d33b0820e90111
Instruction ID: 3a08eb369c04192d43a5a834ba277151e609f10d755e5f12fed43ce19e3e1c1f
Opcode Fuzzy Hash: 49084e12c5634b505b40de1cfc470bbad7b5453b1a8ff27641d33b0820e90111
Instruction Fuzzy Hash: 0261F831909389DFCF31CF6CC64079E7BB1AF22329F26499AD4B05BA81D731A541EB51

Function 6C8842DE Relevance: 13.7, APIs: 9, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?), ref: 6C8A90CA
_fileno.MSVCR100(?), ref: 6C8A90DB
_fileno.MSVCR100(?), ref: 6C8A90E7
_fileno.MSVCR100(?,?), ref: 6C8A90F7
_fileno.MSVCR100(?), ref: 6C8A911A
_fileno.MSVCR100(?), ref: 6C8A9126
_fileno.MSVCR100(?), ref: 6C8A9132
_fileno.MSVCR100(?,?), ref: 6C8A9142

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno
String ID:
API String ID: 467780811-0
Opcode ID: fe338f3fb997710e9fade9a901badf053dbf21858403c3b90ec4a85a86cd16fe
Instruction ID: 0cbf35e7488d5d0fe9eb4b4c54fc3d523eacc7be4b682d17b1b6b14a65852497
Opcode Fuzzy Hash: fe338f3fb997710e9fade9a901badf053dbf21858403c3b90ec4a85a86cd16fe
Instruction Fuzzy Hash: 3151F63250A705CBC7308F6CDA44A99B3F4BF96328B244E29D5B59BEC0E339E945CB40

Function 6C892E42 Relevance: 13.7, APIs: 9, Instructions: 165COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy_s.MSVCR100(?,?,?,?), ref: 6C892EEB
_errno.MSVCR100 ref: 6C8A8C29
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8C34
_memset.LIBCMT(?,00000000,?), ref: 6C8A8C47
_fileno.MSVCR100(?,?,?), ref: 6C8A8CA3
_read.MSVCR100(00000000,?,?), ref: 6C8A8CAA
_memset.LIBCMT(?,00000000,000000FF), ref: 6C8A8CD4
_errno.MSVCR100 ref: 6C8A8CDC

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_memset$_fileno_invalid_parameter_noinfo_readmemcpy_s
String ID:
API String ID: 4008029522-0
Opcode ID: a068426ed4a9256c8f7709657f9dc5e33b02665cc90f0d207b602e5e90d0fa0d
Instruction ID: 783d3f9cce0f495ac7c85360b6d52fd554bc058b1fbbfe2c1a5cf887b1dab281
Opcode Fuzzy Hash: a068426ed4a9256c8f7709657f9dc5e33b02665cc90f0d207b602e5e90d0fa0d
Instruction Fuzzy Hash: B051FA31902609EBCB308FADCB4468EB7B1EF41324F218E2AE83597A90D7749A45CF51

Function 6C8903E4 Relevance: 13.6, APIs: 9, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(6C891022,?,?,?,6C891022,00000040,?), ref: 6C8903EF
_write.MSVCR100(6C891022,FFFF94F1,00000000,00000000,6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C89045D
__p__iob.MSVCR100(6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C892ACF
__p__iob.MSVCR100(6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C892ADF
_errno.MSVCR100(?,?,?,6C891022,00000040,?), ref: 6C8A88CD
_errno.MSVCR100(?,?,?,6C891022,00000040,?), ref: 6C8A88E4
_isatty.MSVCR100(6C891022,6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C8A890B
__lseeki64.LIBCMT(6C891022,00000000,00000000,00000002,00000000,6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C8A8928
_write.MSVCR100(6C891022,00000040,00000001,00000000,6C9235D0,?,?,?,6C891022,00000040,?), ref: 6C8A8948

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __p__iob_errno_write$__lseeki64_fileno_isatty
String ID:
API String ID: 2198290031-0
Opcode ID: cafda5c900ddc7aa0c72b9428883127f540139a61a2a7dbb3631724ba4565b8b
Instruction ID: aa84a50b1bd171aa1248e961bf0c8c511590b8b64c51ead8e3d03aed445328ae
Opcode Fuzzy Hash: cafda5c900ddc7aa0c72b9428883127f540139a61a2a7dbb3631724ba4565b8b
Instruction Fuzzy Hash: 9941E6724057859FD7308F6DCA41A9A77A4AF46328B14CF2EE4B997E90D734E901CB21

Function 6C8939A1 Relevance: 13.6, APIs: 9, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?,?,?,?,6C893AA1,?,?), ref: 6C8939AC
__p__iob.MSVCR100(6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8939EE
__p__iob.MSVCR100(6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8939FE
_errno.MSVCR100(?,?,?,6C893AA1,?,?), ref: 6C8A8964
_errno.MSVCR100(?,?,?,6C893AA1,?,?), ref: 6C8A897D
_isatty.MSVCR100(?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8A89A5
_write.MSVCR100(?,?,?,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8A89B4
__lseeki64.LIBCMT(?,00000000,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8A89D2

Part of subcall function 6C88CF2C: _malloc_crt.MSVCR100(00001000,?,6C893A14,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C88CF36

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __p__iob_errno$__lseeki64_fileno_isatty_malloc_crt_write
String ID:
API String ID: 2248077258-0
Opcode ID: 085fe9978783bf6738603a6aef8a27cf13fcc75eebf771ae91d64d01eff7c1ca
Instruction ID: 0b4d82699533dbffb78f2fc5c3435604f3fe2f93f41498964cd3c31f6a767903
Opcode Fuzzy Hash: 085fe9978783bf6738603a6aef8a27cf13fcc75eebf771ae91d64d01eff7c1ca
Instruction Fuzzy Hash: 3C41D572501B459FD7308F6DDA41B99B7E0AF45328F148E3DE4A987F80D734E9018B15

Function 6C8C1519 Relevance: 13.6, APIs: 9, Instructions: 122COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCR100(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C152F
CloseHandle.KERNEL32(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C153B
??3@YAXPAX@Z.MSVCR100(00000000,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C156C
InterlockedFlushSList.KERNEL32(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C1585
InterlockedFlushSList.KERNEL32(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C15B4

Part of subcall function 6C8C1664: ??3@YAXPAX@Z.MSVCR100(?,?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002), ref: 6C8C1680
Part of subcall function 6C8C1664: _memset.LIBCMT(?,00000000,00000000,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152), ref: 6C8C16A1
Part of subcall function 6C8C1664: ??3@YAXPAX@Z.MSVCR100(?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?), ref: 6C8C16AC
Part of subcall function 6C8C1664: ??3@YAXPAX@Z.MSVCR100(?,?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002), ref: 6C8C16B2

?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100(?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?,6C8C13AB), ref: 6C8C1600
SetEvent.KERNEL32(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?), ref: 6C8C163C
CloseHandle.KERNEL32(?,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?), ref: 6C8C1645
??3@YAXPAX@Z.MSVCR100(00000000,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?,?), ref: 6C8C164C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$CloseFlushHandleInterlockedList$AcquireConcurrency@@EventLock@details@ReaderWrite@_Writer_memset
String ID:
API String ID: 2332770512-0
Opcode ID: 29b4ae26022c0733b13e00398200ad77abf3fec3cb6e5b5acf83234c7cabc5a0
Instruction ID: 1b2f8cb703f89d302568a627b26594dead30d75e2c665c798b6bdea09e31326f
Opcode Fuzzy Hash: 29b4ae26022c0733b13e00398200ad77abf3fec3cb6e5b5acf83234c7cabc5a0
Instruction Fuzzy Hash: BC41B531701A21DFDB298B64CAC4F98B7B0BF09718F180628E9569BA90DB30EC15CBD1

Function 6C8BD988 Relevance: 13.6, APIs: 9, Instructions: 75COMMON

Download Yara Rule

APIs

??_V@YAXPAX@Z.MSVCR100(?,6C8BDB65,?,?,?,?,?,6C8BD133,?,00000000), ref: 6C8BD99D
??_V@YAXPAX@Z.MSVCR100(?,?,6C8BDB65,?,?,?,?,?,6C8BD133,?,00000000), ref: 6C8BD9A5
??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8BDB65,?,?,?,?,?,6C8BD133,?,00000000), ref: 6C8BD9AD
??_U@YAPAXI@Z.MSVCR100(00000000,?,?,?,6C8BDB65,?,?,?,?,?,6C8BD133,?,00000000), ref: 6C8BD9C4
??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8BD9E7
??_U@YAPAXI@Z.MSVCR100(00000000,00000000), ref: 6C8BDA01
_memset.LIBCMT(?,00000000,?,6C8BDB65,?,?,?,?,?,6C8BD133,?,00000000), ref: 6C8BDA17
_memset.LIBCMT(?,00000000,?,00000000), ref: 6C8BDA30
_memset.LIBCMT(?,00000000,?,?,00000000,?,00000000), ref: 6C8BDA41

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 399dc4ed66b7cbe5b5e6b7a1d4377a48d4a9f37d9226bb78bfb4cd55a10beb20
Instruction ID: 76705ec8a8ef7e91ace7b1026c68f529e1c9908a7787b6cb31993eef0cbadf15
Opcode Fuzzy Hash: 399dc4ed66b7cbe5b5e6b7a1d4377a48d4a9f37d9226bb78bfb4cd55a10beb20
Instruction Fuzzy Hash: 06213E71202B41AFE7349B38CE46B27B7E4EB44314F508D2EE25789EA5E775F8048B10

Function 6C88C038 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C88C0FC
__doserrno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD25
_errno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD2D
_errno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD43
_invalid_parameter_noinfo.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD4E
__doserrno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD55
_errno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD5D
_errno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD6A
__doserrno.MSVCR100(6C88C0D8,00000010,6C88CE99,00000000,?,?,?,?,6C893379,?), ref: 6C8AFD75

Part of subcall function 6C88A5A9: EnterCriticalSection.KERNEL32(00000108,6C88A610,0000000C,6C89038E,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?), ref: 6C88A5FA

Part of subcall function 6C88BF22: ReadFile.KERNEL32(?,00000040,?,?,00000000,?,?,?), ref: 6C88BFE8

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __doserrno_errno$CriticalEnterFileReadSection_invalid_parameter_noinfo
String ID:
API String ID: 590220429-0
Opcode ID: 57a1a4730185f839bdc8c6c12a927e163868ca365b44f24ba7b6c891522e9535
Instruction ID: 241478320af00accbade689671c0eb06e5e26343f632baf6c05c4ef7d1420dc9
Opcode Fuzzy Hash: 57a1a4730185f839bdc8c6c12a927e163868ca365b44f24ba7b6c891522e9535
Instruction Fuzzy Hash: FC214F714573858FD731AFACCB407A93760AF1232AF110E60D5709BFE1DBB985498B62

Function 6C8BFAE0 Relevance: 13.6, APIs: 9, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedFlushSList.KERNEL32(?,?,?,6C8BF44A), ref: 6C8BFAEB
??3@YAXPAX@Z.MSVCR100(-00000004,?,?,6C8BF44A), ref: 6C8BFAF7
InterlockedFlushSList.KERNEL32(?,?,?,6C8BF44A), ref: 6C8BFB05
??3@YAXPAX@Z.MSVCR100(-00000004,?,?,6C8BF44A), ref: 6C8BFB11
??3@YAXPAX@Z.MSVCR100(?,?,?,6C8BF44A), ref: 6C8BFB26
??3@YAXPAX@Z.MSVCR100(00000000,?,?,6C8BF44A), ref: 6C8BFB43
??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8BF44A), ref: 6C8BFB54
??3@YAXPAX@Z.MSVCR100(?,?,?,?,6C8BF44A), ref: 6C8BFB5A
??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8BF44A), ref: 6C8BFB6A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$FlushInterlockedList
String ID:
API String ID: 681866488-0
Opcode ID: 9ae416870e4c89f97728cd44a259b7514ab3febd56d4b05f70d0a1c6407ee51b
Instruction ID: 025a28fb74581a5a277768f62d77b585d3769c7bf125ed4e03c3635ca0fe7004
Opcode Fuzzy Hash: 9ae416870e4c89f97728cd44a259b7514ab3febd56d4b05f70d0a1c6407ee51b
Instruction Fuzzy Hash: 6911917E006602AB8222CAA9D6D084AB3B5AF993343350D2AD405A7F10EB30E955CA50

Function 6C88A9DB Relevance: 13.6, APIs: 9, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc_crt.MSVCR100(00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C88AB8B
_lock.MSVCR100(0000000A,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C88AB9D
InitializeCriticalSectionAndSpinCount.KERNEL32(00000000,00000FA0,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C88ABB4
__FF_MSGBANNER.LIBCMT ref: 6C8A749F
__NMSG_WRITE.LIBCMT ref: 6C8A74A6
_errno.MSVCR100(6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C8A74B9

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin_errno_lock_malloc_crt
String ID:
API String ID: 957642387-0
Opcode ID: 560c0a3ca8e21754ddec63d5ca526d5c5db40035134f081446d0eab014551850
Instruction ID: 79bfc2c9301735fc80c2a228be9e1df8be0b9fc09a7a9054d8689c665b8e34ed
Opcode Fuzzy Hash: 560c0a3ca8e21754ddec63d5ca526d5c5db40035134f081446d0eab014551850
Instruction Fuzzy Hash: 5F11C431647686EEDB306FBC8B40AED77A16F82718F100C3DD1516BEC0DB784585AB51

Function 6C8827B6 Relevance: 13.5, APIs: 9, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?), ref: 6C8827D7
GetLastError.KERNEL32 ref: 6C88FA08
__dosmaperr.LIBCMT(00000000), ref: 6C88FA0F
_errno.MSVCR100 ref: 6C88FA15
__doserrno.MSVCR100 ref: 6C8A7B05
_errno.MSVCR100 ref: 6C8A7B0C
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A7B16
__doserrno.MSVCR100 ref: 6C8A7B22
_errno.MSVCR100 ref: 6C8A7B2D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__doserrno$AttributesErrorFileLast__dosmaperr_invalid_parameter_noinfo
String ID:
API String ID: 2636503730-0
Opcode ID: baf97ddaf6d2bd7ec3d4354fb170e4d733447098ec7c773dd66b011983663ce3
Instruction ID: 430d063128882663ba5b6048514f40c13476ced765f015100d7d26137cf6a83c
Opcode Fuzzy Hash: baf97ddaf6d2bd7ec3d4354fb170e4d733447098ec7c773dd66b011983663ce3
Instruction Fuzzy Hash: FB0144301466685BDB327FBD8708BD93B649F0372CF114D35E8249AED4E77984479B90

Function 6C8C61D3 Relevance: 13.5, APIs: 9, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C61DA
__ExceptionPtrCopy.LIBCMT(?,00000008,00000014,6C8C58ED,?,?,00000000), ref: 6C8C61F1

Part of subcall function 6C8CBBFB: __EH_prolog3.LIBCMT ref: 6C8CBC02
Part of subcall function 6C8CBBFB: _Reset.LIBCMT ref: 6C8CBC21

?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(00000008,?,00000008,00000014,6C8C58ED,?,?,00000000), ref: 6C8C61FB

Part of subcall function 6C8CBB8A: shared_ptr.LIBCMT ref: 6C8CBB94

??3@YAXPAX@Z.MSVCR100(00000008,00000008,?,00000008,00000014,6C8C58ED,?,?,00000000), ref: 6C8C6201
__uncaught_exception.MSVCR100 ref: 6C8C620D
__ExceptionPtrCopy.LIBCMT(?,?), ref: 6C8C621E
?__ExceptionPtrRethrow@@YAXPBX@Z.MSVCR100(?,?,?), ref: 6C8C622B
?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(?,?,?,?), ref: 6C8C6238
?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(?), ref: 6C8C6248

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Exception$Destroy@@$CopyH_prolog3$??3@ResetRethrow@@__uncaught_exceptionshared_ptr
String ID:
API String ID: 1394407404-0
Opcode ID: 202a120bb924c9c4a22bede9b6a6f56ca6efc239cc83360cc20214cd6ad6ff72
Instruction ID: e9c41aa6cfd94b177c1060fbd140390408cdda7413e845ceaca6242581184097
Opcode Fuzzy Hash: 202a120bb924c9c4a22bede9b6a6f56ca6efc239cc83360cc20214cd6ad6ff72
Instruction Fuzzy Hash: E201B172D02608B6DF20DBE88A44FFDB7786F15229F500A74D550A3E80D735D60986B2

Function 6C882FC7 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 305COMMON

Download Yara Rule

APIs

_isleadbyte_l.MSVCR100(?,?), ref: 6C8830B0
_mbtowc_l.MSVCR100(?,?,?), ref: 6C883145
_strlen.LIBCMT(6C8B3090), ref: 6C8831CC
__forcdecpt_l.LIBCMT ref: 6C88334A

Strings

, xrefs: 6C88350F
g, xrefs: 6C883351

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __forcdecpt_l_isleadbyte_l_mbtowc_l_strlen
String ID: $g
API String ID: 3157115575-3845294767
Opcode ID: 683c2ca4f3109d0e735863d7c60ee6e524e02ff6975f93b5f518b9515174004d
Instruction ID: 43e08d3001bdc2ff4587171f8a3dbe36f7014100a29085940e98155e0ebc59bb
Opcode Fuzzy Hash: 683c2ca4f3109d0e735863d7c60ee6e524e02ff6975f93b5f518b9515174004d
Instruction Fuzzy Hash: 6CD159F190622D8BDB308F18CE847D9B7B4AB05318F1489EAD648A7A81D7749FC5CF58

Function 6C8834D9 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 280COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 6C88392E

Strings

, xrefs: 6C88350F
@, xrefs: 6C8839F0
g, xrefs: 6C883351
', xrefs: 6C881D46

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm
String ID: $'$@$g
API String ID: 1302938615-3237605922
Opcode ID: dcaec9145cacf8ac6f4d9159c117b6c9be4a54b2278c00ffab195b61510d8d09
Instruction ID: 2ec3f8de22735faa9437ca27d065684e1018d067425cb762658defdfdf9bdc40
Opcode Fuzzy Hash: dcaec9145cacf8ac6f4d9159c117b6c9be4a54b2278c00ffab195b61510d8d09
Instruction Fuzzy Hash: 03C1ABF090622D8BDB308E19CE80399B7B4AB05318F144AE9D758A7E81DB749EC5CF58

Function 6C88D963 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

Strings

template-parameter-, xrefs: 6C88D9AA, 6C8ADC63
generic-type-, xrefs: 6C88D9D6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID: generic-type-$template-parameter-
API String ID: 0-13229604
Opcode ID: 7db0d79fa67dcaab4ee44fef5ad7fea71ae37c9ad870842f19d0c21c2c6fd623
Instruction ID: 3a764a01e06aa9055e78af0a25e8c5936a635bc97dbf0a7a69bddf8dbfdaecc2
Opcode Fuzzy Hash: 7db0d79fa67dcaab4ee44fef5ad7fea71ae37c9ad870842f19d0c21c2c6fd623
Instruction Fuzzy Hash: B461B37191A2599FCB24CFA9D690AEE7BF8AF0A304F60086BD591A7B40D7389905CF50

Function 6C8FE2C4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6C880698: GetLastError.KERNEL32(6C873238,?,6C8807BA,6C917F62), ref: 6C88069C
Part of subcall function 6C880698: __set_flsgetvalue.MSVCR100 ref: 6C8806AA
Part of subcall function 6C880698: SetLastError.KERNEL32(00000000), ref: 6C8806BC

_calloc_crt.MSVCR100(00000086,00000002), ref: 6C8FE2ED
__get_sys_err_msg.LIBCMT ref: 6C8FE310

Part of subcall function 6C8FC1AC: __sys_nerr.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1B9
Part of subcall function 6C8FC1AC: __sys_nerr.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1C2
Part of subcall function 6C8FC1AC: __sys_errlist.MSVCR100(?,?,6C8FC264,00000000), ref: 6C8FC1C9

__cftoe.LIBCMT(00000000,?,00000086,00000000,00000085), ref: 6C8FE31A

Part of subcall function 6C8DC580: _mbstowcs_s_l.MSVCR100(?,?,?,?,?,00000000), ref: 6C8DC596

__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8FE32F
_errno.MSVCR100(?,?,6C8FC353,00000000,?,00000000), ref: 6C8FE3C5
_invalid_parameter_noinfo.MSVCR100(?,?,6C8FC353,00000000,?,00000000), ref: 6C8FE3CF

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 6C8FE338, 6C8FE2D8, 6C8FE2FB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast__sys_nerr$__cftoe__get_sys_err_msg__invoke_watson__set_flsgetvalue__sys_errlist_calloc_crt_errno_invalid_parameter_noinfo_mbstowcs_s_l
String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 3324003163-798102604
Opcode ID: e06b8b0d0ec572ab4959efa0029a6d2dc266efa752ac321be7cef6ab5d7916a2
Instruction ID: d84bd06dd17b9cf434f60b099f51b0f0879f7d566bb17cff252d5a30c24e9b8b
Opcode Fuzzy Hash: e06b8b0d0ec572ab4959efa0029a6d2dc266efa752ac321be7cef6ab5d7916a2
Instruction Fuzzy Hash: 3E31C05254E3D41FC3328A754EAD485BF206E4325870DCBEFE8A54FE93E795980283A2

Function 6C885489 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT(00000000,00000000,00000090,00000083,00000001,000000BC,?,6C885B4D,?,00000001,00000000,00000000,00000005), ref: 6C88549D
strncpy_s.MSVCR100(00000080,00000010,00000001,0000000F,00000000,00000000,00000005), ref: 6C892BFB

Strings

_.,, xrefs: 6C8B0ADD, 6C8B0B72

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memsetstrncpy_s
String ID: _.,
API String ID: 1794348173-2709443920
Opcode ID: 07b7acc6ab62ab968a2280dc7ed48914db8f6b6932d5a46e3391524f9e3c22b4
Instruction ID: 4fc7a6fedf8f607a0c0dea1d706832512af67384dcd2c1cd453add874bfe546d
Opcode Fuzzy Hash: 07b7acc6ab62ab968a2280dc7ed48914db8f6b6932d5a46e3391524f9e3c22b4
Instruction Fuzzy Hash: E131F7F118A389BDFB3049698F40BDB37689B0236CF088E22F968B6F82D335D5449751

Function 6C8F53FD Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCR100(?,?,6C8F5568,00000024), ref: 6C8F5467
strcmp.MSVCR100(?,?,?,?,?,?,6C8F5568,00000024), ref: 6C8F5498
PMDtoOffset.LIBCMT ref: 6C8F54D1
std::bad_exception::bad_exception.LIBCMT(Bad dynamic_cast!), ref: 6C8F54FB
_CxxThrowException.MSVCR100(?,6C8F5554,Bad dynamic_cast!), ref: 6C8F5509

Strings

Bad dynamic_cast!, xrefs: 6C8F54F3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: strcmp$ExceptionOffsetThrowstd::bad_exception::bad_exception
String ID: Bad dynamic_cast!
API String ID: 3037609465-2956939130
Opcode ID: 3ebe928491d1b472d2af6096c596a5eaaf4caf454db6db7e2eb5dd284b516004
Instruction ID: 544b200f21b1ed13eb7809dbef0f6d89a1d3ee7f609420080a54602c5be30004
Opcode Fuzzy Hash: 3ebe928491d1b472d2af6096c596a5eaaf4caf454db6db7e2eb5dd284b516004
Instruction Fuzzy Hash: A231D9B19017159FCB24CF58CA40A9E77B0EF58396F248C28E875E7B40D734E942DB50

Function 6C8DC480 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DC4A2
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DC4AC
_errno.MSVCR100(?), ref: 6C8DC4E4
_errno.MSVCR100(?), ref: 6C8DC50C
_errno.MSVCR100(?), ref: 6C8DC536
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8DC540

Strings

P, xrefs: 6C8DC558

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID: P
API String ID: 2819658684-3110715001
Opcode ID: 2f6474ec820dcee7ebc5f9af7fe1f6fd1100646321bafe231603c67851bafa68
Instruction ID: 331e3fed816a092f2ab4615e0af2517805bab1de8fb8d5089a666e561caf8441
Opcode Fuzzy Hash: 2f6474ec820dcee7ebc5f9af7fe1f6fd1100646321bafe231603c67851bafa68
Instruction Fuzzy Hash: 3031A771911399DBCF30FF6CC6805EE7BB4BF01328B220E69E47097A91D731A9518B51

Function 6C882719 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A9333
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A933E
_errno.MSVCR100(?), ref: 6C8A934B
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8A9356

Strings

B, xrefs: 6C88274E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: B
API String ID: 2959964966-1255198513
Opcode ID: dfb0138fbacceb2ed61b1254190d5228ed7b83fcb00fb3b19c5fa06f21955bf8
Instruction ID: 99e6be9ff86b1551ea6bd22d960f7bc8a1a5535eabb1f422ae30e9557323577e
Opcode Fuzzy Hash: dfb0138fbacceb2ed61b1254190d5228ed7b83fcb00fb3b19c5fa06f21955bf8
Instruction Fuzzy Hash: 573143318061599FDF20AFE9CA845EE77B4FF09324F540A2AE520A7AD0D73995058BA1

Function 6C889518 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A8EE3
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8EEE
_errno.MSVCR100 ref: 6C8A8EFB
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8F06

Strings

B, xrefs: 6C88954D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: B
API String ID: 2959964966-1255198513
Opcode ID: 5dfe4bd0d776542f396be993e9a7b325b44c8f4325efb2e67d50cfe0f4532dd6
Instruction ID: a46ddb5fc31511d98898e8e7c4f5c843f031c23492a498426aa053d20e744565
Opcode Fuzzy Hash: 5dfe4bd0d776542f396be993e9a7b325b44c8f4325efb2e67d50cfe0f4532dd6
Instruction Fuzzy Hash: 4A21777290525D9FDF219FD8CA809EE77B8FF09324B100A27E520A7AC0D77599058BB5

Function 6C881860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A92C0
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A92CB
_errno.MSVCR100 ref: 6C8A92D8
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A92E3

Strings

B, xrefs: 6C881895

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: B
API String ID: 2959964966-1255198513
Opcode ID: 5765919894b30d5b86ac3d29871ac6afc4c7dab84d3569b456cd77ba54153e89
Instruction ID: b99dc73b15fe9a155cb19ffc52f80d189edf1a8526379728f9de7ae969bb0dd8
Opcode Fuzzy Hash: 5765919894b30d5b86ac3d29871ac6afc4c7dab84d3569b456cd77ba54153e89
Instruction Fuzzy Hash: D421747290525D9FDF209FE8CD819EE77B4FF09324B540A2AE530A7A80DB75D8058BA1

Function 6C894D6D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C895152

Strings

,<ellipsis>, xrefs: 6C8AD1F1, 6C8AD1F6
void, xrefs: 6C89514A
,..., xrefs: 6C8AD1EA
..., xrefs: 6C8AD226
<ellipsis>, xrefs: 6C8AD22D, 6C8AD232

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 1333004437-2211150622
Opcode ID: 3f0fda624b48d28e2bbf14fbee5e6d40beec28e1ceb5eb76e42516f427cb5cbd
Instruction ID: 111265fcbac63b7bf06465c19e1f55948a2f091841e25d55d223058a47cc96e8
Opcode Fuzzy Hash: 3f0fda624b48d28e2bbf14fbee5e6d40beec28e1ceb5eb76e42516f427cb5cbd
Instruction Fuzzy Hash: 8F218C312052489FCB11CF5DD6409A97BF4BF8A349B94859AEC95DBB11C734E907CF40

Function 6C893BB0 Relevance: 12.2, APIs: 8, Instructions: 214stringCOMMON

Download Yara Rule

APIs

strncpy_s.MSVCR100(?,00000003,?,00000002), ref: 6C893C42
_ismbblead.MSVCR100(00000001), ref: 6C893C61
strncpy_s.MSVCR100(?,?,?,?), ref: 6C893CB5
strncpy_s.MSVCR100(?,?,?,?), ref: 6C893CEA
_errno.MSVCR100 ref: 6C8B0F5B
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B0F6A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: strncpy_s$_errno_invalid_parameter_noinfo_ismbblead
String ID:
API String ID: 519590025-0
Opcode ID: 4e00a091103d941e1c40a338997678d01b7d0434557b1924abd6fe849d78b28f
Instruction ID: 2b317774842721d3eda44033539996d5635a8989edf9f0cfdc89a7cad14eba8f
Opcode Fuzzy Hash: 4e00a091103d941e1c40a338997678d01b7d0434557b1924abd6fe849d78b28f
Instruction Fuzzy Hash: 6C719170585A88EFDF328E1C8B506DA3AA1AB8674DF350D5AF86C67B40D331CD80CB81

Function 6C888E3C Relevance: 12.2, APIs: 8, Instructions: 211COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ee7bb41086db9405ba3bea90ad314806a2dcb0ca0ea4f6a3d317c6d6f2f813
Instruction ID: 8a9b492b9681bf742ac9a64fa46576bc4b3fda1ea465314be57a4f745044f045
Opcode Fuzzy Hash: 79ee7bb41086db9405ba3bea90ad314806a2dcb0ca0ea4f6a3d317c6d6f2f813
Instruction Fuzzy Hash: B271707190225ADFDF30DFD4CA948EEBBB5FB05318B14092AE12597E50D7319942CFA1

Function 6C8FD661 Relevance: 12.2, APIs: 8, Instructions: 208COMMONLIBRARYCODE

Download Yara Rule

APIs

_ismbblead.MSVCR100(00000001,?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?,?,?,?), ref: 6C8FD718
__cftof.LIBCMT(00000000,000000FF,?,?,?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?), ref: 6C8FD761
__cftof.LIBCMT(?,000000FF,?,?,?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?), ref: 6C8FD79D
__cftof.LIBCMT(?,000000FF,?,?,?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?), ref: 6C8FD7BA
__cftof.LIBCMT(?,000000FF,?,?,?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?), ref: 6C8FD7DA
_errno.MSVCR100(?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?,?,?,?), ref: 6C8FD833
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,6C8FD8A0,?,?,?,?,?,?,?,?,?), ref: 6C8FD842

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __cftof$_errno_invalid_parameter_noinfo_ismbblead
String ID:
API String ID: 2528209487-0
Opcode ID: 4388c2d868677f1531be6f645a3117f19dacb6262f805d1b4b9c11bd939631dc
Instruction ID: 02d1e2d9457728ccf03873e0bf4aca0489b08a3b5c59fe981264e194540ee173
Opcode Fuzzy Hash: 4388c2d868677f1531be6f645a3117f19dacb6262f805d1b4b9c11bd939631dc
Instruction Fuzzy Hash: AB71C231805A59DBCF328E18CA406DD3BA1AF463D9F344E67EA785A940E735C983CBD1

Function 6C884DDA Relevance: 12.2, APIs: 8, Instructions: 175stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

__expandlocale.LIBCMT ref: 6C884E34

Part of subcall function 6C884CF9: _getptd.MSVCR100(00000000,00000000,00000005), ref: 6C884D2F
Part of subcall function 6C884CF9: strcpy_s.MSVCR100(00000000,00000000,6C884DD8,00000000,00000000,00000005), ref: 6C884D9D

strcmp.MSVCR100(?,00000048,?,?,?,00000001,00000000,00000000), ref: 6C884E50
_strpbrk.LIBCMT(00000005,6C893008,00000001,00000000,00000000), ref: 6C892FCD
strncmp.MSVCR100(6C884AD4,00000005,00000000,00000001,00000000,00000000), ref: 6C89300F
_strlen.LIBCMT(6C884AD4,00000001,00000000,00000000), ref: 6C893036
_strcspn.LIBCMT(00000001,6C88498C,00000001,00000000,00000000), ref: 6C89304B
strncpy_s.MSVCR100(?,00000083,00000001,00000000,00000001,00000000,00000000), ref: 6C893075

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __expandlocale_getptd_strcspn_strlen_strpbrkstrcmpstrcpy_sstrncmpstrncpy_s
String ID:
API String ID: 1101789701-0
Opcode ID: 30dd033d0332cb49ba7bd17b3415b23415202fa653a01cdc7ee4cb7155d3ffc8
Instruction ID: c323093371a7d1d4eff1c13c16ecbfbdad860444ff5cecbfcda36679c6b91052
Opcode Fuzzy Hash: 30dd033d0332cb49ba7bd17b3415b23415202fa653a01cdc7ee4cb7155d3ffc8
Instruction Fuzzy Hash: 1951EA72D052599EEF304A7C8E94B9AB7BCAB81358F144CF9D44DE3E41DB359D888B20

Function 6C8DFDBB Relevance: 12.2, APIs: 8, Instructions: 173COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFDD5
_invalid_parameter_noinfo.MSVCR100(?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFDE0

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(00000000,?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFE01
_invalid_parameter_noinfo.MSVCR100(00000000,?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFE0C
__stricmp_l.LIBCMT(00000001,00000000,?,00000000,?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFE36

Part of subcall function 6C8F0E0D: _errno.MSVCR100(?,00000000,?,00000000,00000000,00000005), ref: 6C8F0E28
Part of subcall function 6C8F0E0D: _invalid_parameter_noinfo.MSVCR100(?,00000000,?,00000000,00000000,00000005), ref: 6C8F0E33

__crtLCMapStringA.MSVCR100(?,00000000,00000200,00000001,00000002,6C926CD0,00000002,?,00000001,?,?,00000000,?,?,?,00000000), ref: 6C8DFE8C
__crtLCMapStringA.MSVCR100(?,00000000,00000200,00000001,00000002,6C926CD0,00000002,?,00000001,?,?,?,?,?,?,?), ref: 6C8DFF0D
_errno.MSVCR100(?,?,?,?,?,?,?,00000000,?,?,?,00000000,00000001,6C926CD0), ref: 6C8DFF6A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$String__crt$__stricmp_l_invalid_parameter
String ID:
API String ID: 2295373847-0
Opcode ID: 603d863ab6191c6e4dbf1b298263febe787c94863279d14a6e9d934dd312b481
Instruction ID: 6b24dc70b69b170b46ebbd29c6dcef56c7432452547450b8cc09f933134c8f11
Opcode Fuzzy Hash: 603d863ab6191c6e4dbf1b298263febe787c94863279d14a6e9d934dd312b481
Instruction Fuzzy Hash: B0515C7080429D5BDB358B69C540BFD7BB0AF1332CF294A99E0B15F9D2CB30AA45E711

Function 6C8C8425 Relevance: 12.1, APIs: 8, Instructions: 111synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,AFCD3F0C), ref: 6C8C8467
GetLastError.KERNEL32 ref: 6C8C8475
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C848E
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C849D
_memset.LIBCMT(?,00000000,0000000C), ref: 6C8C8503
SetThreadPriority.KERNEL32(?,?,?), ref: 6C8C8537
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8C8543
CloseHandle.KERNEL32(00000000), ref: 6C8C8554

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionHandleLastObjectPrioritySingleThreadThrowWait_memset
String ID:
API String ID: 1332095174-0
Opcode ID: e3d7539aff10ce771297525539b94555f203e29d990729bd3ac8b6e98e79eaae
Instruction ID: 83b4e07e647ceacbcbc097ea0365021e8b63aaa0374ebe45e373a6164c817235
Opcode Fuzzy Hash: e3d7539aff10ce771297525539b94555f203e29d990729bd3ac8b6e98e79eaae
Instruction Fuzzy Hash: 1F41C371644610AFC720CF24CD45A9BBBE8FF49728F100E2AF465D7A90E738E944CB96

Function 6C88CE44 Relevance: 12.1, APIs: 8, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?,?,?,?,?,6C893379,?), ref: 6C88CE8D
_read.MSVCR100(00000000,?,?,?,?,6C893379,?), ref: 6C88CE94
_fileno.MSVCR100(?), ref: 6C88CEB7
_fileno.MSVCR100(?), ref: 6C88CEC7
_fileno.MSVCR100(?), ref: 6C88CED8
_fileno.MSVCR100(?,?), ref: 6C88CEE8
_errno.MSVCR100(?,?,6C893379,?), ref: 6C8A870C
_invalid_parameter_noinfo.MSVCR100(?,?,6C893379,?), ref: 6C8A8717

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno$_errno_invalid_parameter_noinfo_read
String ID:
API String ID: 2022966298-0
Opcode ID: 3f3c1422d9e96e3c5137fd0068b0933acfab2c076fb53a049cd368e85967db2d
Instruction ID: 44bc459199ff456f7fb9b5b5d880c2b07790b1eccddc2e382b06639ca4ab8fa2
Opcode Fuzzy Hash: 3f3c1422d9e96e3c5137fd0068b0933acfab2c076fb53a049cd368e85967db2d
Instruction Fuzzy Hash: 513136310167404AD3351EADD60069677E4AF03368B248F2ED4F997ED1D778E9468B51

Function 6C884286 Relevance: 12.1, APIs: 8, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,6C8842B4,?), ref: 6C8A875A
_invalid_parameter_noinfo.MSVCR100(?,?,6C8842B4,?), ref: 6C8A8765

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 86739d672341ae025603f035e2f5a2a53ae40b8bee7cf0b88836c6e6b6f0c9d9
Instruction ID: 895695fd3fbab34cc469fe0e0ace34c365a3e7898512567003e5d83b11c107ed
Opcode Fuzzy Hash: 86739d672341ae025603f035e2f5a2a53ae40b8bee7cf0b88836c6e6b6f0c9d9
Instruction Fuzzy Hash: 83314972016B504ED3344BA9D600B9677A4EF4233CB244E2ED4F58AED0DB38D546CB50

Function 6C896D24 Relevance: 12.1, APIs: 8, Instructions: 100COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D8E
_get_osfhandle.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D98
GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D9F
DuplicateHandle.KERNEL32(00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896DA6

Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?,?,?,?,6C88A865,?,6C88A880,00000010), ref: 6C88A795
Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?), ref: 6C88A7B8
Part of subcall function 6C88A78A: CloseHandle.KERNEL32(00000000), ref: 6C88A7BF

_errno.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C8B0539
__doserrno.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C8B0544

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _get_osfhandle$CurrentHandleProcess$CloseDuplicate__doserrno_errno
String ID:
API String ID: 4219055303-0
Opcode ID: fbc673b4985ef93d1733ab12b32f08a4cc25120ad18a9aac934c2164475ff1ae
Instruction ID: 93cf88b8d1919abae9a04aba668e3f63481f5136efb8fb397f7956dd32f79a46
Opcode Fuzzy Hash: fbc673b4985ef93d1733ab12b32f08a4cc25120ad18a9aac934c2164475ff1ae
Instruction Fuzzy Hash: 0D312B31205284AFDB21CF7CC684F953BB4EF06318F1109A5E554DFA91EB71E904CB50

Function 6C88FA37 Relevance: 12.1, APIs: 8, Instructions: 99COMMONLIBRARYCODE

Download Yara Rule

APIs

__crtCompareStringW.MSVCR100(?,00001001,00000000,?,?,?,?), ref: 6C895F76
_errno.MSVCR100 ref: 6C8AC752
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AC75D
_errno.MSVCR100 ref: 6C8AC76C
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AC777
_errno.MSVCR100 ref: 6C8AC786
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AC791

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$CompareString__crt
String ID:
API String ID: 380063240-0
Opcode ID: b211c554b537cf239ba6c6cd4712025158d797d520ee2420003e00b4f6839abd
Instruction ID: 1a1b7064fc4898944da77f8862c9d588fc6622d8a7b3bda2c5aeb4204556c135
Opcode Fuzzy Hash: b211c554b537cf239ba6c6cd4712025158d797d520ee2420003e00b4f6839abd
Instruction Fuzzy Hash: 3831F8716032599BDB306EADCA407BA3695AB1237CF200E61E470DBED1DB35C84187A1

Function 6C884B95 Relevance: 12.1, APIs: 8, Instructions: 97stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.MSVCR100(?,?,?,?,?,?,?,6C884CC0,00000014), ref: 6C884BAF

Part of subcall function 6C884E90: _getptd.MSVCR100(6C884EF0,0000000C,6C8A9FD5,?,?,6C889233,?), ref: 6C884E9C
Part of subcall function 6C884E90: _lock.MSVCR100(0000000C), ref: 6C884EB3

_calloc_crt.MSVCR100(000000D8,00000001), ref: 6C884BCF
_lock.MSVCR100(0000000C), ref: 6C884BE5

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

__copytlocinfo_nolock.LIBCMT ref: 6C884BF3

Part of subcall function 6C88497A: _unlock.MSVCR100(0000000C,6C884C01), ref: 6C88497C

Part of subcall function 6C884DDA: __expandlocale.LIBCMT ref: 6C884E34
Part of subcall function 6C884DDA: strcmp.MSVCR100(?,00000048,?,?,?,00000001,00000000,00000000), ref: 6C884E50

strcmp.MSVCR100(00000000,6C9239A0), ref: 6C884C28
_lock.MSVCR100(0000000C), ref: 6C884C39
_errno.MSVCR100(?,?,?,?,?,?,?,6C884CC0,00000014), ref: 6C8B0C98
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,6C884CC0,00000014), ref: 6C8B0CA3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _lock$_getptdstrcmp$CriticalEnterSection__copytlocinfo_nolock__expandlocale_calloc_crt_errno_invalid_parameter_noinfo_unlock
String ID:
API String ID: 2630553387-0
Opcode ID: 311c55ca1b3a61a4f67fda8ec157d7adad4b0d7fcbcc17e7bfb3651b78a90062
Instruction ID: 973b537e767982741af923aeacb78d32cfd13fc339d98b9f1f8072b14ad042b3
Opcode Fuzzy Hash: 311c55ca1b3a61a4f67fda8ec157d7adad4b0d7fcbcc17e7bfb3651b78a90062
Instruction Fuzzy Hash: 06319D7250B304AADB249FB8DB14B9C77F9ABC5328F218C29D44557F90DB789A088B25

Function 6C8F9FF5 Relevance: 12.1, APIs: 8, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C88C106: _lock.MSVCR100(0000000B,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C88C12D

_errno.MSVCR100(6C8FA140,00000018,6C8FA1EF,?,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA035
__doserrno.MSVCR100(6C8FA140,00000018,6C8FA1EF,?,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA040
GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002,6C8FA140,00000018,6C8FA1EF,?,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA062
_get_osfhandle.MSVCR100(?,00000000,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA068
GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA06F
DuplicateHandle.KERNEL32(00000000,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA072
GetLastError.KERNEL32(?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA07C
__dosmaperr.LIBCMT(00000000,?,?,?,?,?,?,6C8FA230,00000010), ref: 6C8FA098

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorHandleLast__doserrno__dosmaperr_errno_get_osfhandle_lock
String ID:
API String ID: 1055742366-0
Opcode ID: 8110b7dc526b2e56427e3f4f4806bd6ef32e47c36a3046fa77a2c474754d0506
Instruction ID: 4199d04d4558a80a6bf3d9779d951979f18f7d942098ff9a67423d885903cca5
Opcode Fuzzy Hash: 8110b7dc526b2e56427e3f4f4806bd6ef32e47c36a3046fa77a2c474754d0506
Instruction Fuzzy Hash: A0312431505295CFCF218F78CA90ADD7BB1AF8A328F2406A4D460AFBD1D735D905CB60

Function 6C8D69CE Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_mbsrchr.MSVCR100(6C92745C,0000002E,6C92745C,00000012), ref: 6C8D69E7

Part of subcall function 6C8E175B: __mbsrchr_l.LIBCMT(00000400,6C8CF51E,00000000,?,6C8CF0E5,6C8CF51E,0000002E,?,?,?,6C8CF51E,00000400,?), ref: 6C8E1768

_invalid_parameter_noinfo.MSVCR100(6C92745C,00000012), ref: 6C8D69FE
strtoul.MSVCR100(00000001,00000000,00000020,00000000,6C92745C,00000012), ref: 6C8D6A0F
__ultoa_s.LIBCMT(?,?,00000008,00000020,00000000,6C92745C,00000012), ref: 6C8D6A38
strcpy_s.MSVCR100(00000001,00000000,?,?,?,?,?,00000000,6C92745C,00000012), ref: 6C8D6A4F
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,6C92745C,00000012), ref: 6C8D6A60
_errno.MSVCR100(6C8D6BA8,00000010,6C8D6BFA,00000000,?,00000002,7FFFFFFF,00000000), ref: 6C8D6A77
_errno.MSVCR100(6C8D6BA8,00000010,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,6C92745C,00000012), ref: 6C8D6A92

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__invoke_watson__mbsrchr_l__ultoa_s_invalid_parameter_noinfo_mbsrchrstrcpy_sstrtoul
String ID:
API String ID: 2319564628-0
Opcode ID: 003a6d6b672b20d4d5297492db1cd2e74090037c40e894e8ef928c57a30e665e
Instruction ID: 9c1ad049a7ee1c399dbfb319e6d24c1bbac015d36d01327c698cd298bf0e3c40
Opcode Fuzzy Hash: 003a6d6b672b20d4d5297492db1cd2e74090037c40e894e8ef928c57a30e665e
Instruction Fuzzy Hash: 1F210331A81208AEDB209F7C8E85EEE7768EF49718F114D75E450CBA80EF70A9088750

Function 6C8D8784 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

wcsrchr.MSVCR100(6C9274B0,0000002E,6C9274B0,00000012,00000000), ref: 6C8D879E
_invalid_parameter_noinfo.MSVCR100(6C9274B0,00000012,00000000), ref: 6C8D87B9
_wcstoul.LIBCMT(00000002,00000000,00000020,6C9274B0,00000012,00000000), ref: 6C8D87D5
__ultoa_s.LIBCMT(?,?,00000008,00000020,6C9274B0,00000012,00000000), ref: 6C8D87EC
wcscpy_s.MSVCR100(00000002,00000000,?,?,?,?,?,6C9274B0,00000012,00000000), ref: 6C8D8800
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,6C9274B0,00000012,00000000), ref: 6C8D8813
_errno.MSVCR100(6C8D8960,00000010,6C8D89B2,00000000,?,00000002,7FFFFFFF,00000000), ref: 6C8D882A
_errno.MSVCR100(6C8D8960,00000010,00000000,00000000,00000000,00000000,00000000,?,?,?,?,6C9274B0,00000012,00000000), ref: 6C8D8845

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__invoke_watson__ultoa_s_invalid_parameter_noinfo_wcstoulwcscpy_swcsrchr
String ID:
API String ID: 1668553054-0
Opcode ID: e535157be54df10c58b8323b6660402455180e784f2b1ce607c8af04b5b5e73b
Instruction ID: 1ebc520350bbc8e705abd8098309897f836203dccef86630f60bdd4fcca2dc81
Opcode Fuzzy Hash: e535157be54df10c58b8323b6660402455180e784f2b1ce607c8af04b5b5e73b
Instruction Fuzzy Hash: 1921F531A023046AEB20AE798E86FDE7769DB05318F120C39E510D7B81EB70F90487A1

Function 6C8BFE93 Relevance: 12.1, APIs: 8, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BFE9A
??3@YAXPAX@Z.MSVCR100(?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFEC0
??3@YAXPAX@Z.MSVCR100(00000000), ref: 6C8BFF0A
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF1E
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF26
TlsFree.KERNEL32(?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF30
??3@YAXPAX@Z.MSVCR100(00000000,00000004,00000008,00000060,6C8C4C82,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF8A

Part of subcall function 6C8C3832: InterlockedFlushSList.KERNEL32(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C383C
Part of subcall function 6C8C3832: InterlockedFlushSList.KERNEL32(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3847
Part of subcall function 6C8C3832: ??_V@YAXPAX@Z.MSVCR100(?,00000000,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C387F
Part of subcall function 6C8C3832: ??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3885
Part of subcall function 6C8C3832: ??_V@YAXPAX@Z.MSVCR100(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3896

InterlockedPopEntrySList.KERNEL32(6C924618,6C924624,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF91

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$InterlockedList$Flush$EntryFreeH_prolog3
String ID:
API String ID: 270503109-0
Opcode ID: c59605d1e03dbe5382252fa7c5f3ea978071b808c5a16e2aec0a77e2e31f6537
Instruction ID: e3894d51bd1903c4873b6dc9ab2cf4d0f98f3edb87f788a1d5505c217b060498
Opcode Fuzzy Hash: c59605d1e03dbe5382252fa7c5f3ea978071b808c5a16e2aec0a77e2e31f6537
Instruction Fuzzy Hash: E031A639A01206DFDB20DF68CA84B69B7B0BF05329F104A25E5116BF91CB70ED55CB90

Function 6C8910E3 Relevance: 12.1, APIs: 8, Instructions: 86COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcslen.LIBCMT(00000000,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891107
_calloc_crt.MSVCR100(00000001,00000004,?,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891118
_wcslen.LIBCMT(00000000,?,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C89113C
_calloc_crt.MSVCR100(00000001,00000002,?,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C89114E
wcscpy_s.MSVCR100(00000000,00000001,00000000,?,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891162
free.MSVCR100(?,?,00000000,6C8B0869,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891180

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_wcslen$freewcscpy_s
String ID:
API String ID: 968141106-0
Opcode ID: 18e5b32d764f1363b2693ea3bc0f987b59d37341032a576d397ba4e03e81ea4e
Instruction ID: 32ca25855062ba22c9b6e896ef03d25d3cacb3503148c7cf359baff5205d0623
Opcode Fuzzy Hash: 18e5b32d764f1363b2693ea3bc0f987b59d37341032a576d397ba4e03e81ea4e
Instruction Fuzzy Hash: DF21D77251E251AADB310B6DAD44B6232FCEB42738F301E2AD4B0969D0DF75D8868590

Function 6C88B2A9 Relevance: 12.1, APIs: 8, Instructions: 86stringCOMMON

Download Yara Rule

APIs

_strlen.LIBCMT(00000000,?,?,6C88B286), ref: 6C88B2C5
_calloc_crt.MSVCR100(00000001,00000004,?,?,6C88B286), ref: 6C88B2D5
_strlen.LIBCMT(00000000,?,?,?,6C88B286), ref: 6C88B2FC
_calloc_crt.MSVCR100(00000001,00000001,?,?,?,6C88B286), ref: 6C88B30D
strcpy_s.MSVCR100(00000000,00000001,00000000,?,?,?,6C88B286), ref: 6C88B321
free.MSVCR100(?,?,?,6C88B286), ref: 6C88B33E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_strlen$freestrcpy_s
String ID:
API String ID: 1972913904-0
Opcode ID: cfd6c7136bed032c1bd1732742b26ed92e7e2b574c30fcebd76f1566a01e8a27
Instruction ID: bb1380e24c7ecb63a4da3c0f7eeb5815b83c83adb722fa4239094d0982beb95d
Opcode Fuzzy Hash: cfd6c7136bed032c1bd1732742b26ed92e7e2b574c30fcebd76f1566a01e8a27
Instruction Fuzzy Hash: 8E2126B391B2015ADB314B39AE04BAB37E9EF8237CF350D19D9B067E80DB3594468660

Function 6C8BF174 Relevance: 12.1, APIs: 8, Instructions: 81synchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BF17B
GetTickCount.KERNEL32 ref: 6C8BF18B
WaitForSingleObject.KERNEL32(?,00000064), ref: 6C8BF1AB
EnterCriticalSection.KERNEL32(?), ref: 6C8BF1B7
GetTickCount.KERNEL32 ref: 6C8BF1E8
GetTickCount.KERNEL32 ref: 6C8BF1F2
GetTickCount.KERNEL32 ref: 6C8BF21D
LeaveCriticalSection.KERNEL32(?), ref: 6C8BF251

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CountTick$CriticalSection$EnterH_prolog3LeaveObjectSingleWait
String ID:
API String ID: 2258694387-0
Opcode ID: 5cba7b61ab147ca0de07fb6f867f6721bc6d9b1ff849bde9b4276c37b5913314
Instruction ID: 0dea45b28eb7256bfad485dd0bd4bd7de464733c14788dea114a59050e8fa74c
Opcode Fuzzy Hash: 5cba7b61ab147ca0de07fb6f867f6721bc6d9b1ff849bde9b4276c37b5913314
Instruction Fuzzy Hash: D521E13CD40A1A9BDB319B68CA857AD7770BB15708F100A29E110B6F80D7B09A45CBE1

Function 6C896C6B Relevance: 12.1, APIs: 8, Instructions: 78COMMON

Download Yara Rule

APIs

__doserrno.MSVCR100(6C896D08,00000010), ref: 6C896C59
__doserrno.MSVCR100(6C896D08,00000010), ref: 6C8B0575
_errno.MSVCR100(6C896D08,00000010), ref: 6C8B057D
_errno.MSVCR100(6C896D08,00000010), ref: 6C8B0592
_invalid_parameter_noinfo.MSVCR100(6C896D08,00000010), ref: 6C8B059D
__doserrno.MSVCR100(6C896D08,00000010), ref: 6C8B05A4
_extend_ioinfo_arrays.LIBCMT ref: 6C8B05AD
_errno.MSVCR100(6C896D08,00000010), ref: 6C8B05BA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __doserrno_errno$_extend_ioinfo_arrays_invalid_parameter_noinfo
String ID:
API String ID: 3030660385-0
Opcode ID: bf244aca0371d3928441d03c570852ef7bc04ba0310a304e9703c3869575f021
Instruction ID: 14c776aa9e6d30b8453ac9049d6dfd8ac4eea725045e1743588761b7b32665ea
Opcode Fuzzy Hash: bf244aca0371d3928441d03c570852ef7bc04ba0310a304e9703c3869575f021
Instruction Fuzzy Hash: AB2100B150B2948AC7706FAC8B907EC3660DF4232CF220E79E071ABFD0DB3849448AD1

Function 6C88AA8C Relevance: 12.1, APIs: 8, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(6C927580,6C88BD3C,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAA1
DecodePointer.KERNEL32(?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAAE
_msize.MSVCR100(00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AACB

Part of subcall function 6C882231: HeapSize.KERNEL32(00000000,00000000,?,6C88AAD0,00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC), ref: 6C88224B

EncodePointer.KERNEL32(?,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAE7
EncodePointer.KERNEL32(-00000004,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAEF
_realloc_crt.MSVCR100(00000000,00000800,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C892BAF
EncodePointer.KERNEL32(00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C892BC5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
String ID:
API String ID: 765448609-0
Opcode ID: cf09309fa4d4c98b63e280b261e72ead1199bb4f3b499b6d40f6d6120e88a7a5
Instruction ID: 410a7c39d68f55b75daa55667bfca632a16e8cf678e82e7f31aee88f59e390c0
Opcode Fuzzy Hash: cf09309fa4d4c98b63e280b261e72ead1199bb4f3b499b6d40f6d6120e88a7a5
Instruction Fuzzy Hash: 6211067260921AFFDB215F68CEC88C977E9EB563643210936D805E3E50FB78DD449B90

Function 6C8F6957 Relevance: 12.1, APIs: 8, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,6C8F680E,?,?), ref: 6C8F6963
_invalid_parameter_noinfo.MSVCR100(?,?,6C8F680E,?,?), ref: 6C8F696E

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(?,?,?,6C8F680E,?,?), ref: 6C8F6980

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 4106058386-0
Opcode ID: 5af181e9df463c4ce1af10a3aa8a1a20652c280d5abd3463e11fac214c22dfc9
Instruction ID: fe72a7167479e9e3a9ccb778264ccffabefb20e1e951e722dbabf5113b48f638
Opcode Fuzzy Hash: 5af181e9df463c4ce1af10a3aa8a1a20652c280d5abd3463e11fac214c22dfc9
Instruction Fuzzy Hash: 6211E471611254ABDF315F68CD08B9A3AB9FB417E8F214B34E964D7A90EB70D841CBA0

Function 6C882337 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 6C88234D
InterlockedDecrement.KERNEL32(?), ref: 6C8823B8
InterlockedDecrement.KERNEL32(?), ref: 6C8823C8
InterlockedDecrement.KERNEL32(?), ref: 6C88933E
InterlockedDecrement.KERNEL32(?), ref: 6C889347
InterlockedDecrement.KERNEL32(?), ref: 6C88934F
InterlockedDecrement.KERNEL32(?), ref: 6C889357

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecrementInterlocked
String ID:
API String ID: 3448037634-0
Opcode ID: b2b891b09686bb6771ab5cd55daed7e3ea970ac469910e5c8f3379327b87556e
Instruction ID: 7248aef1ad6c61ec1482ebf1bfb31fdfc8cf3741745020c0d172760f865bd8df
Opcode Fuzzy Hash: b2b891b09686bb6771ab5cd55daed7e3ea970ac469910e5c8f3379327b87556e
Instruction Fuzzy Hash: 4C119835746719A7DB249A7ACE98B4EF7ACBF46348F084D25A608D7D10D738E4008BA0

Function 6C881F13 Relevance: 12.1, APIs: 8, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(00000001), ref: 6C881F25
InterlockedIncrement.KERNEL32(?), ref: 6C881F90
InterlockedIncrement.KERNEL32(?), ref: 6C881F9E
InterlockedIncrement.KERNEL32(?), ref: 6C882ABC
InterlockedIncrement.KERNEL32(?), ref: 6C882AC4
InterlockedIncrement.KERNEL32(?), ref: 6C882ACC
InterlockedIncrement.KERNEL32(?), ref: 6C882AD4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: IncrementInterlocked
String ID:
API String ID: 3508698243-0
Opcode ID: 085b1489b5597862502d9899af38f9b7d3e0df6d074b89943e953b47a6353e0e
Instruction ID: 20315ba6809c224995e0aa700ae0cfbfa37e158b4575ae3c8763ec378f854e54
Opcode Fuzzy Hash: 085b1489b5597862502d9899af38f9b7d3e0df6d074b89943e953b47a6353e0e
Instruction Fuzzy Hash: 4B117775B4A319ABDB209B79CE84B4AF7ACAF05348F044D22E418D7D00DB78E4008BA1

Function 6C8F8664 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F8678
_errno.MSVCR100(6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F8697
_invalid_parameter_noinfo.MSVCR100(6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F86A2
_get_osfhandle.MSVCR100(?,6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F86DE
FlushFileBuffers.KERNEL32(00000000,6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F86E5
GetLastError.KERNEL32(?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F86EF
__doserrno.MSVCR100(?,?,?,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F8704
_errno.MSVCR100(6C8F8740,00000010,6C8A8C0C,00000000,?,00000000,?,6C88FEFA,?,6C88FF18,0000000C), ref: 6C8F870E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$BuffersErrorFileFlushLast__doserrno_get_osfhandle_invalid_parameter_noinfo
String ID:
API String ID: 3018510309-0
Opcode ID: 916a7cf6cb1eb30f3e255ee2085dfd5a693291c2049ec0b0533094d8a17acd6f
Instruction ID: 2fd0be60fa210a9ad93883ef8bb54f7e86c56491061758f562742d60331500b2
Opcode Fuzzy Hash: 916a7cf6cb1eb30f3e255ee2085dfd5a693291c2049ec0b0533094d8a17acd6f
Instruction Fuzzy Hash: 7F1181309023458FDB309FA9C68879D7A70AF03358F114925D4309BFD0DB7899468F51

Function 6C8BF994 Relevance: 12.1, APIs: 8, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedFlushSList.KERNEL32(?,?,?,?,6C8BF452), ref: 6C8BF9A2

Part of subcall function 6C8B71FD: ??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8B7275), ref: 6C8B7213
Part of subcall function 6C8B71FD: ??_V@YAXPAX@Z.MSVCR100(?,?,?,?,6C8B7275), ref: 6C8B721B
Part of subcall function 6C8B71FD: ??3@YAXPAX@Z.MSVCR100(?,?,?,?,?,6C8B7275), ref: 6C8B7221

InterlockedFlushSList.KERNEL32(?,?,?,?,6C8BF452), ref: 6C8BF9AD
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BF452), ref: 6C8BF9DD
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BF452), ref: 6C8BF9E5
??3@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BF452), ref: 6C8BF9EB
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BF452), ref: 6C8BFA03
??3@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8BF452), ref: 6C8BFA09
??_V@YAXPAX@Z.MSVCR100(?,?,?,?,6C8BF452), ref: 6C8BFA1A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$FlushInterlockedList
String ID:
API String ID: 681866488-0
Opcode ID: 193dae5fccda1c4ea6859b8c2dfa7d9f38227697332e1339c89be81c074a96ef
Instruction ID: a4fb1ca23f7499fa2a10a73cc7ddb62b872eed4ae740f0860f400b9d499971ff
Opcode Fuzzy Hash: 193dae5fccda1c4ea6859b8c2dfa7d9f38227697332e1339c89be81c074a96ef
Instruction Fuzzy Hash: D9118639102244ABC721EB58CAC095E73B5BF45228B200929D50527F12CB30FD05DA20

Function 6C880698 Relevance: 12.0, APIs: 8, Instructions: 46threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(6C873238,?,6C8807BA,6C917F62), ref: 6C88069C
__set_flsgetvalue.MSVCR100 ref: 6C8806AA

Part of subcall function 6C88067B: TlsGetValue.KERNEL32(?,6C8806AF), ref: 6C880684

SetLastError.KERNEL32(00000000), ref: 6C8806BC
_calloc_crt.MSVCR100(00000001,00000214), ref: 6C8A75B7
DecodePointer.KERNEL32(00000000), ref: 6C8A75D5
_initptd.MSVCR100(00000000,00000000), ref: 6C8A75E4
GetCurrentThreadId.KERNEL32 ref: 6C8A75EB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$CurrentDecodePointerThreadValue__set_flsgetvalue_calloc_crt_initptd
String ID:
API String ID: 242762301-0
Opcode ID: 622664ba86e60cde8b368af64c2d942d157aa26abcfea695bd9438636367e827
Instruction ID: 9bc907b77d3ba899dbf09ed57517d1d8c6f0c22307db69be8a232bd7da49e055
Opcode Fuzzy Hash: 622664ba86e60cde8b368af64c2d942d157aa26abcfea695bd9438636367e827
Instruction Fuzzy Hash: 5AF049322077615BD73257784F1DA8E3BA5AF837347240924E458D7D84DF60C84196E0

Function 6C880F9D Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

_mbtowc_l.MSVCR100(?,?,?), ref: 6C881090
__forcdecpt_l.LIBCMT ref: 6C881293
_mbtowc_l.MSVCR100(?,?,?,?), ref: 6C88177F

Strings

g, xrefs: 6C88129A
, xrefs: 6C881047

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _mbtowc_l$__forcdecpt_l
String ID: $g
API String ID: 3275779137-3845294767
Opcode ID: e6ee4e7af2124d09f9353dc1950f1846adf76f7e2546291ef86b3b20a5fbb6b2
Instruction ID: 5cbff630d24a00fde0816595086228d508a554981236542c1e6603301dfdc932
Opcode Fuzzy Hash: e6ee4e7af2124d09f9353dc1950f1846adf76f7e2546291ef86b3b20a5fbb6b2
Instruction Fuzzy Hash: 25D15BF1D0622D8ADB70CB18CE807C8B7B4AB45318F5446E9D728B7A81DB749EC58F58

Function 6C873F80 Relevance: 10.7, APIs: 7, Instructions: 186COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMT ref: 6C91B2BC
__ctrlfp.LIBCMT ref: 6C91B2CF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __ctrlfp
String ID:
API String ID: 1574075368-0
Opcode ID: 5bff7e35a551fc34cfe0c83ef7387e5b0c0f38f94601168bc2689bb9cc19b039
Instruction ID: 1ba64c5c10e00d43c4c95b89869084598a8dce220a88241a6a210cff4f0b4390
Opcode Fuzzy Hash: 5bff7e35a551fc34cfe0c83ef7387e5b0c0f38f94601168bc2689bb9cc19b039
Instruction Fuzzy Hash: B6514570908A49E6DB116F34D8462AEBBB4FFE2344F51CB5AF4C815A44EF34C4A9D352

Function 6C88102A Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

_mbtowc_l.MSVCR100(?,?,?), ref: 6C881090
__forcdecpt_l.LIBCMT ref: 6C881293
_mbtowc_l.MSVCR100(?,?,?,?), ref: 6C88177F

Strings

g, xrefs: 6C88129A
, xrefs: 6C881047

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _mbtowc_l$__forcdecpt_l
String ID: $g
API String ID: 3275779137-3845294767
Opcode ID: a75f472f292c444212e0cb66a3ab61ebd3a61b0721c285c7e1870fb4656054ca
Instruction ID: 7634052596987e5ee549f8b4ed7b1aaa1c159c25fff79da3dac5dcce2099816d
Opcode Fuzzy Hash: a75f472f292c444212e0cb66a3ab61ebd3a61b0721c285c7e1870fb4656054ca
Instruction Fuzzy Hash: 9C7148F1D0622D8ADB30CB54CE847C9B7B8AF05308F1449E9D658A3A41DB749EC9CF69

Function 6C8917C4 Relevance: 10.6, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

_fileno.MSVCR100(?), ref: 6C8917DD
_lseek.MSVCR100(00000000,00000000,00000001), ref: 6C8917F5
_errno.MSVCR100 ref: 6C8A8D7C
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8D87
_errno.MSVCR100 ref: 6C8A8D9C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_fileno_invalid_parameter_noinfo_lseek
String ID:
API String ID: 1667283477-0
Opcode ID: 332143dd08d9d6ad47256831638820b759d965e0637005f3a2dacc1a4d0535a8
Instruction ID: 89723d1369e0d7682d62abc122fffa247280c9b58ea544a92440602ecf683d0a
Opcode Fuzzy Hash: 332143dd08d9d6ad47256831638820b759d965e0637005f3a2dacc1a4d0535a8
Instruction Fuzzy Hash: 3351F530E09749AFDB30CE6DCA80788BBB4BF02359F248A69D9245BE91C734D941CB91

Function 6C88DE57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 6C8AF058
operator+.LIBCMT ref: 6C8AF159

Strings

std::nullptr_t, xrefs: 6C8AF113
volatile, xrefs: 6C8AF050, 6C8AF12D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator=operator+
String ID: std::nullptr_t$volatile
API String ID: 1352385710-3726895890
Opcode ID: 988116d91d310347ddf142008cf36758d95d28bcf4937bb917748ded92416921
Instruction ID: 2235f78448e0296d8181c10da98bd99c14b61060549c42bbcaa89f2f12ecc019
Opcode Fuzzy Hash: 988116d91d310347ddf142008cf36758d95d28bcf4937bb917748ded92416921
Instruction Fuzzy Hash: CA41003150614AAFDF319FA8CB809ED7BB4FF2A348F608C66E95496E10D7308A42CF50

Function 6C88B128 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,00000000,00000001), ref: 6C88B149
___crtGetStringTypeA.LIBCMT ref: 6C88B19A
__crtLCMapStringA.MSVCR100(00000000,?,00000100,00000020,00000100,?,00000100,?,00000000,00000000,00000001,00000020,00000100,?,?,?), ref: 6C88B1BA
__crtLCMapStringA.MSVCR100(00000000,?,00000200,00000020,00000100,?,00000100,?,00000000), ref: 6C88B1DF

Strings

, xrefs: 6C88B170

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: String$__crt$InfoType___crt
String ID:
API String ID: 3423027535-3916222277
Opcode ID: 623a7891b84045f061867454c7a3f8c5c1ca067875853782a21400e603dba7bd
Instruction ID: 402dd285631f158a3063c941cdbf771cea37bec0a8464d50bd5fb061c283b3ae
Opcode Fuzzy Hash: 623a7891b84045f061867454c7a3f8c5c1ca067875853782a21400e603dba7bd
Instruction Fuzzy Hash: 6941277050575C9EDB318B688E85BFB7BFCAB45708F1448ECD98686942D3719A468F20

Function 6C8F32FD Relevance: 10.6, APIs: 7, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?), ref: 6C8F3321
_errno.MSVCR100(?,?,?), ref: 6C8F3442
_errno.MSVCR100(?,?,?), ref: 6C8F344F
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8F332C

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(?,?), ref: 6C8F334A
_invalid_parameter_noinfo.MSVCR100(?,?), ref: 6C8F3355
_invalid_parameter_noinfo.MSVCR100(?,?,?), ref: 6C8F345A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$_invalid_parameter
String ID:
API String ID: 113182947-0
Opcode ID: d8104f9948a27730842810cce35f7575aedbd056fdcf195c9ac6d5358b6ea16d
Instruction ID: c730e0ea47d7dfa57368cb7d459edd6a64a6ab3bc5f1b2015fc602893e7eab9a
Opcode Fuzzy Hash: d8104f9948a27730842810cce35f7575aedbd056fdcf195c9ac6d5358b6ea16d
Instruction Fuzzy Hash: 7E41A031901249DBDF21DFA8C640BEE77F4BF14358F104969D870ABA90E7758E46CB92

Function 6C891E41 Relevance: 10.6, APIs: 7, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcslen.LIBCMT(00000000,00000000,00000000,00000000,?,6C8973CA,00000000,00000000,00000000,0000003D,?,6C8973E6,7622DF80,00000000,00F018B0), ref: 6C891E57
calloc.MSVCR100(00000001,00000002,00000000,00000000,00000000,00000000,?,6C8973CA,00000000,00000000,00000000,0000003D,?,6C8973E6,7622DF80,00000000), ref: 6C891E62
wcscpy_s.MSVCR100(00000000,00000001,00000000,7622DF80,00000000,00F018B0), ref: 6C891E75
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,7622DF80,00000000,00F018B0), ref: 6C8A9799
_errno.MSVCR100(00000000,00000000,00000000,00000000,00000000,?,?,?,7622DF80,00000000,00F018B0), ref: 6C8A97B0
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,00000000,00000000,00000000,?,?,?,7622DF80,00000000,00F018B0), ref: 6C8A97BA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __invoke_watson_errno_invalid_parameter_noinfo_wcslencallocwcscpy_s
String ID:
API String ID: 2624155197-0
Opcode ID: f465bf2f3a54c0ef8722b592f7bec246283face6e911eaf62ac90378db1aa1ce
Instruction ID: 1ddca4a9341e96a844b40d4e014d806f039e927b60240e114adbaa728a2a7900
Opcode Fuzzy Hash: f465bf2f3a54c0ef8722b592f7bec246283face6e911eaf62ac90378db1aa1ce
Instruction Fuzzy Hash: A9316D3621D7559AD7315EBDAF806AB32B4EFC6728B244D35E9268BE40F732C441C3A0

Function 6C8E1ACF Relevance: 10.6, APIs: 7, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strstr.MSVCR100(00000000,?,?), ref: 6C8E1AF1
_errno.MSVCR100(?), ref: 6C8E1B12
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8E1B1D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfostrstr
String ID:
API String ID: 18508804-0
Opcode ID: 5919d20ba72d54eef813d9f549faee327002b76ee325f1e05ba5131933c2990f
Instruction ID: 70f9b78f78d4936d99836cbf56e0769eeaa6aca7b5b29a3e4545bcefbf6dd71b
Opcode Fuzzy Hash: 5919d20ba72d54eef813d9f549faee327002b76ee325f1e05ba5131933c2990f
Instruction Fuzzy Hash: 384197319092897FEB32AB74C5407DD7BA0AF87328F244AD4D0A05B9F2E775D585C740

Function 6C8BC6A4 Relevance: 10.6, APIs: 7, Instructions: 103COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BC6AB
EnterCriticalSection.KERNEL32(?,0000000C,6C8C2690), ref: 6C8BC6C8
LeaveCriticalSection.KERNEL32(?), ref: 6C8BC75F

Part of subcall function 6C8C276D: __EH_prolog3.LIBCMT ref: 6C8C2774
Part of subcall function 6C8C276D: TlsGetValue.KERNEL32(?,00000000,6C8BC6DE,?), ref: 6C8C2782
Part of subcall function 6C8C276D: ??2@YAPAXI@Z.MSVCR100(0000003C), ref: 6C8C27FD

??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8BC788
??_U@YAPAXI@Z.MSVCR100(00000000,00000000), ref: 6C8BC7A2
LeaveCriticalSection.KERNEL32(?), ref: 6C8BC7B7
SetEvent.KERNEL32(?), ref: 6C8BC7C0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$H_prolog3Leave$??2@EnterEventValue
String ID:
API String ID: 1045167556-0
Opcode ID: 8504d7f808e15a5961e2a44a02eea62ada62a7b026d55d4235b8d49f53eb5a82
Instruction ID: f3c986ac92ec5f6d485f0b46fbdd996094a02f23f97570e09978ffa6a8d6b0d2
Opcode Fuzzy Hash: 8504d7f808e15a5961e2a44a02eea62ada62a7b026d55d4235b8d49f53eb5a82
Instruction Fuzzy Hash: 78418B705003418FDB21DF28C685B9ABBF0BF05318F00496ED996EAB92D774E944CB90

Function 6C8C7BBB Relevance: 10.6, APIs: 7, Instructions: 102synchronizationCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C8C7BF8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C7C10
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C7C1E
GetLastError.KERNEL32(?,6C91FEB4,00000000), ref: 6C8C7C39
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C7C51
SetEvent.KERNEL32(?), ref: 6C8C7C91
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8C7CBE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLast$EventExceptionObjectSingleThrowWait
String ID:
API String ID: 3912761622-0
Opcode ID: a8f2282927477de5848ead6495ea55963bb640cdce66fe3ff962821195086c0c
Instruction ID: 573057957c78bb5f027eba2fffe3fd7c387430642c83f4764ae5e66918b88a70
Opcode Fuzzy Hash: a8f2282927477de5848ead6495ea55963bb640cdce66fe3ff962821195086c0c
Instruction Fuzzy Hash: 5831A772B1410ADFCB24DFA8CA85E9D77B4AB05318B234979E111E7A40DB34DE48CB51

Function 6C8D3483 Relevance: 10.6, APIs: 7, Instructions: 102COMMON

Download Yara Rule

APIs

_errno.MSVCR100(6C8D35C0,00000014), ref: 6C8D34A2
_invalid_parameter_noinfo.MSVCR100(6C8D35C0,00000014), ref: 6C8D34AD

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_lock_file.MSVCR100(?,6C8D35C0,00000014), ref: 6C8D34DC
_fileno.MSVCR100(?,?,?,6C8D35C0,00000014), ref: 6C8D34ED
_errno.MSVCR100(?,?,?,?,?,?,?,?,6C8D35C0,00000014), ref: 6C8D3547
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,?,6C8D35C0,00000014), ref: 6C8D3552
_filbuf.MSVCR100(?,?,?,?,?,?,?,6C8D35C0,00000014), ref: 6C8D3576

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_filbuf_fileno_invalid_parameter_lock_file
String ID:
API String ID: 1327458189-0
Opcode ID: f3df4c1ac5d4e7bada8496f4dd9d7ee03eb215b69bc264aeb1aca4c994720b9e
Instruction ID: 05d0c198d7f9a782a1987b534373da7318c6d0438a51fcbdb5b7f92d36067fa6
Opcode Fuzzy Hash: f3df4c1ac5d4e7bada8496f4dd9d7ee03eb215b69bc264aeb1aca4c994720b9e
Instruction Fuzzy Hash: A531D0709262059ADB355F39CA403BD77B0AF01329F264E29D4768BEC0D73CAA46CB51

Function 6C9006C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

__fltout2.LIBCMT ref: 6C9006F3

Part of subcall function 6C8FFD7F: ___dtold.LIBCMT ref: 6C8FFDA5
Part of subcall function 6C8FFD7F: _$I10_OUTPUT.LIBCMT(?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?,00000000,?,?), ref: 6C8FFDC0
Part of subcall function 6C8FFD7F: strcpy_s.MSVCR100(6C9000BE,?,?,?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?), ref: 6C8FFDE0

_errno.MSVCR100(?,?,?,?,00000000,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C9006FF
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,00000000,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C900706

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__fptostr.LIBCMT ref: 6C90073E

Strings

-, xrefs: 6C900720

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: I10____dtold__fltout2__fptostr_errno_invalid_parameter_invalid_parameter_noinfostrcpy_s
String ID: -
API String ID: 3041646763-2547889144
Opcode ID: b2c83287fe73b3c81bd00dddd3cb74454bdd474fa7f330ea1ed7fd16ebbc460b
Instruction ID: 73255619d749add323d299a00b8575e32a72b84d755a2656911a8b843fd219fc
Opcode Fuzzy Hash: b2c83287fe73b3c81bd00dddd3cb74454bdd474fa7f330ea1ed7fd16ebbc460b
Instruction Fuzzy Hash: D5312F32B00189ABDF119F68CC40DEE3FB8AF49B24F044128F820A7680E735D925DF61

Function 6C8B880C Relevance: 10.6, APIs: 7, Instructions: 87threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C8B8813
GetCurrentThread.KERNEL32 ref: 6C8B885E

Part of subcall function 6C8BB795: _memset.LIBCMT(?,00000000,0000000C), ref: 6C8BB7A0
Part of subcall function 6C8BB795: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB7A8
Part of subcall function 6C8BB795: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB7B2
Part of subcall function 6C8BB795: GetCurrentProcess.KERNEL32(?,?), ref: 6C8BB7C4
Part of subcall function 6C8BB795: GetProcessAffinityMask.KERNEL32(00000000), ref: 6C8BB7CB

_memset.LIBCMT(00000000,00000000,0000000C,?,6C8C2BA8,00000000,?,?,?,?,00000000,00000000), ref: 6C8B8899

Part of subcall function 6C8BB7F5: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100(?,?,6C8B899B,00000000,?,?), ref: 6C8BB7FB
Part of subcall function 6C8BB7F5: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100(?,?,6C8B899B,00000000,?,?), ref: 6C8BB805
Part of subcall function 6C8BB7F5: SetThreadAffinityMask.KERNEL32(?,?), ref: 6C8BB814

Part of subcall function 6C8C314F: SetEvent.KERNEL32(?), ref: 6C8C3192

EnterCriticalSection.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,6C8BD20F,?,00000000,00000000), ref: 6C8B88C7
LeaveCriticalSection.KERNEL32(00000000,?,00000000), ref: 6C8B88F3
TlsGetValue.KERNEL32(?,?,00000028,6C8C297A,00000000,?,00000000,?,?,6C8C2BA8,00000000,?,?,?,?,00000000), ref: 6C8B8915
TlsSetValue.KERNEL32(?,00000000,?,6C8C2BA8,00000000,?,?,?,?,00000000,00000000), ref: 6C8B8920

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Version@$Concurrency@@Manager@1@Resource$AffinityCriticalCurrentMaskProcessSectionThreadValue_memset$EnterEventH_prolog3_Leave
String ID:
API String ID: 4131446515-0
Opcode ID: 5943d248405edcb07cd909355bdb063d254208e275495b4488d000b99b453e81
Instruction ID: 1424514ce1a3bf3a03428ac4f0eb73dd1b993e8d47f64b59c5131fa37d59653e
Opcode Fuzzy Hash: 5943d248405edcb07cd909355bdb063d254208e275495b4488d000b99b453e81
Instruction Fuzzy Hash: 2D31A975A00215CFCF14DF64CAC89AA7BB0FF09308B0508A9EC05AF752EB34E805CBA1

Function 6C89204F Relevance: 10.6, APIs: 7, Instructions: 82COMMONLIBRARYCODE

Download Yara Rule

APIs

_strnicmp_l.MSVCR100(?,76228409,?,?,7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099,?,?,?), ref: 6C8920A9

Part of subcall function 6C88EFF6: _tolower_l.MSVCR100(00000000,00000000,00000000,00000099,7FFFFFFF,00000000), ref: 6C88F052
Part of subcall function 6C88EFF6: _tolower_l.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000099,7FFFFFFF,00000000), ref: 6C88F061

__crtCompareStringA.MSVCR100(?,?,00001001,?,?,76228409,?,00000005,7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099), ref: 6C8962B7
_errno.MSVCR100(00000000,00000000,?,76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AC496
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AC4A1
_errno.MSVCR100(7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AC4BC
_invalid_parameter_noinfo.MSVCR100(7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AC4C7
_errno.MSVCR100(?,?,?,?,?,7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099,?,?,?), ref: 6C8AC4CE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_tolower_l$CompareString__crt_strnicmp_l
String ID:
API String ID: 1585791229-0
Opcode ID: 9b1677c3a0dbee3850117fea866f7573ad8c888ba7fc4c2c3e7d7e1ec0c9ab71
Instruction ID: ed32ce41c4d62071ced39d9ca512af6e98ca241c6ef3773729ff342d15713553
Opcode Fuzzy Hash: 9b1677c3a0dbee3850117fea866f7573ad8c888ba7fc4c2c3e7d7e1ec0c9ab71
Instruction Fuzzy Hash: EB21CA31902249AFDF31AFECCA409FE3775AF41328B144AA5E4305BAD1D7328945DB95

Function 6C88EFF6 Relevance: 10.6, APIs: 7, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

APIs

_tolower_l.MSVCR100(00000000,00000000,00000000,00000099,7FFFFFFF,00000000), ref: 6C88F052
_tolower_l.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000099,7FFFFFFF,00000000), ref: 6C88F061
___ascii_strnicmp.LIBCMT ref: 6C897686
_errno.MSVCR100(00000000,00000099,7FFFFFFF,00000000), ref: 6C8AC408
_invalid_parameter_noinfo.MSVCR100(00000000,00000099,7FFFFFFF,00000000), ref: 6C8AC413
_errno.MSVCR100(00000000,00000099,7FFFFFFF,00000000), ref: 6C8AC42F
_invalid_parameter_noinfo.MSVCR100(00000000,00000099,7FFFFFFF,00000000), ref: 6C8AC43A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo_tolower_l$___ascii_strnicmp
String ID:
API String ID: 2390777603-0
Opcode ID: 5dee6ccd69475502ea7b5f51668898b67aece249fb893b167051157f32c20104
Instruction ID: d9916464f7e2edd0e0e1c3f84fd10d57bc7913722f880baf343fa2b1c850012a
Opcode Fuzzy Hash: 5dee6ccd69475502ea7b5f51668898b67aece249fb893b167051157f32c20104
Instruction Fuzzy Hash: 2621A5315032499FDB31AFACCA047BE3BA4AB41228F240EA8E47057ED5EB718905C791

Function 6C8D367E Relevance: 10.6, APIs: 7, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(6C8D3780,0000000C), ref: 6C8D369D
_invalid_parameter_noinfo.MSVCR100(6C8D3780,0000000C), ref: 6C8D36A8

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_lock_file.MSVCR100(?,6C8D3780,0000000C), ref: 6C8D36B6
_fileno.MSVCR100(?,?,?,6C8D3780,0000000C), ref: 6C8D36C6
_errno.MSVCR100(?,?,?,?,?,?,?,?,6C8D3780,0000000C), ref: 6C8D3720
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,?,6C8D3780,0000000C), ref: 6C8D372B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_fileno_invalid_parameter_lock_file
String ID:
API String ID: 1742103896-0
Opcode ID: dd278b2a58d902a0e0ae36d6386bf9ae2cf23737e70499f3fcd35f7f255bf67d
Instruction ID: 00833c8cac2e4c589278409b48b8dc843d562ed6609a757b43c9bcfc9f963a8e
Opcode Fuzzy Hash: dd278b2a58d902a0e0ae36d6386bf9ae2cf23737e70499f3fcd35f7f255bf67d
Instruction Fuzzy Hash: 3D210AB19066444ACB355F7C8A006AD7AB0AF43338B264F39D4B48BBD0DB38AD469B51

Function 6C88E5C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A9225
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9230
_errno.MSVCR100(?), ref: 6C8A923D
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8A9248

Strings

B, xrefs: 6C88E615

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: B
API String ID: 2959964966-1255198513
Opcode ID: edd275210728800d1351eb05aeb73171c7f1e9d6414c99896fe65ef0e2fee524
Instruction ID: af8343fc77ca366c81b03f27aa878e4c7b3beabb7c82f1beda9a47e0165b618c
Opcode Fuzzy Hash: edd275210728800d1351eb05aeb73171c7f1e9d6414c99896fe65ef0e2fee524
Instruction Fuzzy Hash: CD21A47580525A9FDF209FA8C9405DE7BB4FF49328F140A2AE530A7A80D7359905CBA1

Function 6C88AEAE Relevance: 10.6, APIs: 7, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6C88AEB8
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 6C88AEF6
_malloc_crt.MSVCR100(00000000), ref: 6C88AF00
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000000), ref: 6C88AF19
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C88AF24
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C88AF33

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide$_malloc_crt
String ID:
API String ID: 3279498665-0
Opcode ID: 1318ac79f8a8eec9decd3c5fa41a0737c7da4fe89e889715e271e4792ae9bd9e
Instruction ID: 1757e3f9ed6d9d4dcd5453ff60633f64c39337926f096fa47d7984cf307d0b95
Opcode Fuzzy Hash: 1318ac79f8a8eec9decd3c5fa41a0737c7da4fe89e889715e271e4792ae9bd9e
Instruction Fuzzy Hash: 541182B6943128BF8B325B699E488DFBE7CEF467947204861F405E2D80E770CD4096B0

Function 6C8C349E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74threadCOMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6C8C34C8

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(6C91FE78,6C91FE78), ref: 6C8C34DF
std::exception::exception.LIBCMT ref: 6C8C34FB
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6C8C3538

Part of subcall function 6C8B5B2E: _SpinWait.LIBCMT(00000FA0), ref: 6C8B5B4A

SwitchToThread.KERNEL32 ref: 6C8C3541

Strings

count, xrefs: 6C8C34F3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$std::exception::exception$Concurrency@@Copy_strExceptionOnce@?$_SwitchThreadThrowWaitWait@$00@details@std::exception::_
String ID: count
API String ID: 3304301593-2245608546
Opcode ID: ab57126f478706abfd43b8d1807c7ce6fa2a96087fd2232860c7d980b3d0e8e9
Instruction ID: 5b6b8c9a8d12b631bbeea34e8388775b074fe24d2f162c5977c643b14315cb7a
Opcode Fuzzy Hash: ab57126f478706abfd43b8d1807c7ce6fa2a96087fd2232860c7d980b3d0e8e9
Instruction Fuzzy Hash: 2F2171716083059FC720DF19C685ADAB7E4AF85314F008D6DE86557B20DB31ED0ACBA3

Function 6C894C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C894C62
DName::operator+.LIBCMT ref: 6C894C69
DName::DName.LIBCMT ref: 6C8AF17F
DName::DName.LIBCMT ref: 6C8AF195

Strings

void, xrefs: 6C8AF17A
void , xrefs: 6C894C5D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::$Name::operator+
String ID: void$void
API String ID: 826178784-3746155364
Opcode ID: abe90ca2a5e45c1d1ba25259877fc072a8c9274a952bf05871be45da44fd85db
Instruction ID: d0790ae325739e3bac63bc12d15566b0754971fc9faed831fee69920b3b87c38
Opcode Fuzzy Hash: abe90ca2a5e45c1d1ba25259877fc072a8c9274a952bf05871be45da44fd85db
Instruction Fuzzy Hash: 68214C3580520EEFCF25DF98CA80CED7B78BF89308F50886BE92556A50E730964ADF50

Function 6C8C9FD5 Relevance: 10.6, APIs: 7, Instructions: 68synchronizationsleeptimeCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,6C8C9FCA), ref: 6C8C9FEA
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 6C8CA003
GetTickCount.KERNEL32 ref: 6C8CA00A
Sleep.KERNEL32(00000000), ref: 6C8CA020
InterlockedPushEntrySList.KERNEL32(?,-00000008), ref: 6C8CA057
WaitForSingleObject.KERNEL32(?,000000FF,?), ref: 6C8CA07F
CloseHandle.KERNEL32(?), ref: 6C8CA09A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ObjectSingleWait$Base::CloseConcurrency::details::CountEntryHandleInterlockedListPushSchedulerSleepThrottlingTickTime
String ID:
API String ID: 3893709443-0
Opcode ID: f94f37c8d34e5116fe08c70079d738c8d856334e2ce36ddc4e541e3b7c0c54fd
Instruction ID: 0153346190d9dc273ec0e69bc570dea49e28b2066b97660f47d9dbdd5585fb70
Opcode Fuzzy Hash: f94f37c8d34e5116fe08c70079d738c8d856334e2ce36ddc4e541e3b7c0c54fd
Instruction Fuzzy Hash: 4021A131B04615EBDB268B34CD48BDEB764FB423A9F140725E42A96A80DB35E844CBD1

Function 6C8C6AE6 Relevance: 10.6, APIs: 7, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C6AED
InitializeSListHead.KERNEL32(?,00000010,6C8C6ED3,00000000,?), ref: 6C8C6B0B
GetLastError.KERNEL32 ref: 6C8C6B3E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C6B56
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C6B64
GetLastError.KERNEL32 ref: 6C8C6B7E
??2@YAPAXI@Z.MSVCR100(00000030), ref: 6C8C6B8C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$??2@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionH_prolog3HeadInitializeListThrow
String ID:
API String ID: 3312236879-0
Opcode ID: 831198f3eab49ad671e25d3f94a28fb7e1eb9b90c922d5e9252a697dbf1bc579
Instruction ID: c9301c6fa670d2f6c167632183e2e29d1eb5cc34e01e39ec6386cde4014509ae
Opcode Fuzzy Hash: 831198f3eab49ad671e25d3f94a28fb7e1eb9b90c922d5e9252a697dbf1bc579
Instruction Fuzzy Hash: 7A218B76715606ABDB21DF68CA44BAE77F4BF19308B108D39E445D7E00E734EA08CB52

Function 6C8B8AC4 Relevance: 10.6, APIs: 7, Instructions: 65threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8B8ACB

Part of subcall function 6C8B62F7: __EH_prolog3.LIBCMT ref: 6C8B62FE
Part of subcall function 6C8B62F7: ??2@YAPAXI@Z.MSVCR100 ref: 6C8B6366
Part of subcall function 6C8B62F7: _memset.LIBCMT(00000000,00000000,87104C15), ref: 6C8B6378

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,6C8C0AF2,?,00000001,00000010,6C8C0C38,00000000,00000000,6C8C0AF2,?,6C8C0AF2,?), ref: 6C8B8AFB
GetLastError.KERNEL32(?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8B0B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8B23
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8B31
??2@YAPAXI@Z.MSVCR100(0000001C,5D8B5351,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8B43
GetCurrentThreadId.KERNEL32 ref: 6C8B8B78

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@H_prolog3$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateCurrentErrorEventExceptionLastThreadThrow_memset
String ID:
API String ID: 1121080609-0
Opcode ID: b30ef55f540137e23f0ac863536f1850fc680f1430c66d0c616b8cdf519a9172
Instruction ID: cbf3f2a6c0900c64ea4c0aabb0d2e7758087efbd9e946ee82463143545279442
Opcode Fuzzy Hash: b30ef55f540137e23f0ac863536f1850fc680f1430c66d0c616b8cdf519a9172
Instruction Fuzzy Hash: 9A21A1B190024AAFC7209F758984A9EBFB4BF05218B14493AE118EBF00D734D858DBE0

Function 6C88A78A Relevance: 10.6, APIs: 7, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_get_osfhandle.MSVCR100(?,?,?,?,6C88A865,?,6C88A880,00000010), ref: 6C88A795
_get_osfhandle.MSVCR100(?), ref: 6C88A7B8

Part of subcall function 6C88A745: __doserrno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C88A780
Part of subcall function 6C88A745: _errno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B0432
Part of subcall function 6C88A745: _invalid_parameter_noinfo.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B043D

CloseHandle.KERNEL32(00000000), ref: 6C88A7BF
_get_osfhandle.MSVCR100(00000002), ref: 6C895A6F
_get_osfhandle.MSVCR100(00000001,00000002), ref: 6C895A78
GetLastError.KERNEL32 ref: 6C8AF4C2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _get_osfhandle$CloseErrorHandleLast__doserrno_errno_invalid_parameter_noinfo
String ID:
API String ID: 1012986785-0
Opcode ID: 0c5b4d6fe028635f56f18b1d8679d83f245e5aa9cb5cadce67cbf273e5e89dc9
Instruction ID: 151d0e7da618cd885237d5e9c67e03721f279ebe63a98bf6a515ff316ab1cd30
Opcode Fuzzy Hash: 0c5b4d6fe028635f56f18b1d8679d83f245e5aa9cb5cadce67cbf273e5e89dc9
Instruction Fuzzy Hash: A4110C321472545DDA32627C5B88BDD76745F83B2CF250D35E9E88BEC0FF64D8469250

Function 6C890338 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8901E4
__doserrno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B02F6
_errno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B02FE
_errno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B0314
_invalid_parameter_noinfo.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B031F
_errno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B0326
__doserrno.MSVCR100(6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?,?,6C893AA1,?,?), ref: 6C8B0331

Part of subcall function 6C88A5A9: EnterCriticalSection.KERNEL32(00000108,6C88A610,0000000C,6C89038E,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?), ref: 6C88A5FA

Part of subcall function 6C89022F: _isatty.MSVCR100(?,?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002), ref: 6C8902BE
Part of subcall function 6C89022F: WriteFile.KERNEL32(00000000,?,?,?,00000000,?,00000002,?,?,6C8903AC,?,?,?,6C8903C8,00000010,6C8A89FE), ref: 6C8902EF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __doserrno_errno$CriticalEnterFileSectionWrite_invalid_parameter_noinfo_isatty
String ID:
API String ID: 3635451409-0
Opcode ID: 5adb17c04e8b026cc17afa3d304e73ee5125c65982a0bde71d931fd4110e23a0
Instruction ID: def8c46fb67f49b45a371f2f3b9af5ad17f6553415866db3ee78e1860bb34801
Opcode Fuzzy Hash: 5adb17c04e8b026cc17afa3d304e73ee5125c65982a0bde71d931fd4110e23a0
Instruction Fuzzy Hash: F71181718423848FD7319FACCB807AD3670AF06329F110E65D5349BFD1DBB985448B51

Function 6C891712 Relevance: 10.6, APIs: 7, Instructions: 57COMMON

Download Yara Rule

APIs

__doserrno.MSVCR100(6C8917A8,00000010), ref: 6C891424
__doserrno.MSVCR100(6C8917A8,00000010), ref: 6C8B0398
_errno.MSVCR100(6C8917A8,00000010), ref: 6C8B03A0
_errno.MSVCR100(6C8917A8,00000010), ref: 6C8B03B6
_invalid_parameter_noinfo.MSVCR100(6C8917A8,00000010), ref: 6C8B03C1
_errno.MSVCR100(6C8917A8,00000010), ref: 6C8B03C8
__doserrno.MSVCR100(6C8917A8,00000010), ref: 6C8B03D3

Part of subcall function 6C88A5A9: EnterCriticalSection.KERNEL32(00000108,6C88A610,0000000C,6C89038E,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?), ref: 6C88A5FA

Part of subcall function 6C8916B5: _get_osfhandle.MSVCR100(00000000,?,?,6C88D354,?,00000000,00000000), ref: 6C8916BF
Part of subcall function 6C8916B5: SetFilePointer.KERNEL32(00000000,?,00000000,6C88D354,00000000,?,?,6C88D354,?,00000000,00000000), ref: 6C8916D8

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __doserrno_errno$CriticalEnterFilePointerSection_get_osfhandle_invalid_parameter_noinfo
String ID:
API String ID: 593789910-0
Opcode ID: c11a6d5e3b875bac6a98b5dc5f9be130b910cf8244f4f2403c7f3dbe8405573f
Instruction ID: 68a7d7ebd6bd43e22a33fbfefc7b275395037b2b0703dfb4862f9785833cdc7b
Opcode Fuzzy Hash: c11a6d5e3b875bac6a98b5dc5f9be130b910cf8244f4f2403c7f3dbe8405573f
Instruction Fuzzy Hash: EB11BE7184A3849FD7319FACCB807E936A4AF06329F250E60D4305BFD1CBB989488B91

Function 6C8BFC0E Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C0444

Part of subcall function 6C8C23B9: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002), ref: 6C8C23C6
Part of subcall function 6C8C23B9: std::exception::exception.LIBCMT(?,00000008,00000002), ref: 6C8C23DE
Part of subcall function 6C8C23B9: _CxxThrowException.MSVCR100(?,6C920034,?,00000008,00000002), ref: 6C8C23F3
Part of subcall function 6C8C23B9: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000002), ref: 6C8C23FD

??3@YAXPAX@Z.MSVCR100(?,6C924628,?,00000014), ref: 6C8C0484
??3@YAXPAX@Z.MSVCR100(?,?,6C924628,?,00000014), ref: 6C8C048A
??2@YAPAXI@Z.MSVCR100(00000004,6C924628,?,00000014), ref: 6C8C0493
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z.MSVCR100(?,6C924628,?,00000014), ref: 6C8C04A9
Concurrency::unsupported_os::unsupported_os.LIBCMT(?,00000014), ref: 6C8C04CE
_CxxThrowException.MSVCR100(?,6C8C04E8,?,00000014), ref: 6C8C04DC

Part of subcall function 6C8BB4E1: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6C8BB503

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@Policy$Policy@Scheduler$??3@ElementExceptionKey@2@@SpinThrowValue@$??2@Concurrency::unsupported_os::unsupported_osH_prolog3Once@?$_V01@@Wait@$00@details@std::exception::exception
String ID:
API String ID: 4136520310-0
Opcode ID: 5f40e715a19c208f17f57515ac9938c825012c161394debf850045ec5da9cdc4
Instruction ID: 949b578e610584394c252bf272abb7872d8e4fda3f8cad2098fb35984c81f962
Opcode Fuzzy Hash: 5f40e715a19c208f17f57515ac9938c825012c161394debf850045ec5da9cdc4
Instruction Fuzzy Hash: EF11E370746244AEDF20DF68CA457DE37B4AB0136CF100939D454E2F90DB7CC6888B62

Function 6C894544 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C8AD270
DName::operator+.LIBCMT ref: 6C8AD277
DName::DName.LIBCMT ref: 6C8AD299
DName::operator+.LIBCMT ref: 6C8AD2A0
DName::operator+.LIBCMT ref: 6C8AD2A7

Strings

throw(, xrefs: 6C8AD268, 6C8AD291

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: 408fd1056708c170870b15e432261c8ef235d3780b3ff73a79ba2078f5b6d519
Instruction ID: 5d38dcdef00bb24ef1d1f12d9b2c0f5ff3ee124887c2cee2e563ef1bd9fa23bd
Opcode Fuzzy Hash: 408fd1056708c170870b15e432261c8ef235d3780b3ff73a79ba2078f5b6d519
Instruction Fuzzy Hash: 4A015230610209AFCF24DFA8DA95DED3BB5EF4534CF00486AE9119B790DB74E94ACB80

Function 6C8DAB00 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DAB0B
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DAB16

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__wsopen_s.LIBCMT(00000000,00000000,00008002,00000040,00000000), ref: 6C8DAB30
__futime64.LIBCMT(00000000,?), ref: 6C8DAB44
_errno.MSVCR100 ref: 6C8DAB52
_close.MSVCR100(00000000), ref: 6C8DAB61
_errno.MSVCR100 ref: 6C8DAB6C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__futime64__wsopen_s_close_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 503974632-0
Opcode ID: e59799948323e6fdbb630e856d70e8e401be95e9652310b7b78e804d2446fb5c
Instruction ID: 923843d6085e9fb0a60ade56e4b7857e10e8ec09e3a2fdded4286713eb787649
Opcode Fuzzy Hash: e59799948323e6fdbb630e856d70e8e401be95e9652310b7b78e804d2446fb5c
Instruction Fuzzy Hash: 19012B322012087EDF201E6DDD00FC83F269F41778F224620F6284BAE0DB31A4468B90

Function 6C8DA04B Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DA056
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DA061

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__wsopen_s.LIBCMT(00000000,00000000,00008002,00000040,00000000), ref: 6C8DA07B
__futime32.LIBCMT(00000000,?), ref: 6C8DA08F
_errno.MSVCR100 ref: 6C8DA09D
_close.MSVCR100(00000000), ref: 6C8DA0AC
_errno.MSVCR100 ref: 6C8DA0B7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__futime32__wsopen_s_close_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 2633586827-0
Opcode ID: b145b2a0bac7ba2b0465929899f5a196852381616a72a5ee22b2fdb178c4488f
Instruction ID: 3cf2c35a8b7cc73c2c5db88bd5e2deafe2f6bf8c97c4cf554bcac22a46fec96a
Opcode Fuzzy Hash: b145b2a0bac7ba2b0465929899f5a196852381616a72a5ee22b2fdb178c4488f
Instruction Fuzzy Hash: 2D01DB32645118BADF201F6DDE00FCD3B659F8177CF264621F6285BAE0DB71E9458B90

Function 6C8DB393 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DB39E
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DB3A9

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_wsopen_s.MSVCR100(00000000,00000000,00008002,00000040,00000000), ref: 6C8DB3C3
__futime64.LIBCMT(00000000,?), ref: 6C8DB3D7
_errno.MSVCR100 ref: 6C8DB3E5
_close.MSVCR100(00000000), ref: 6C8DB3F4
_errno.MSVCR100 ref: 6C8DB3FF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__futime64_close_invalid_parameter_invalid_parameter_noinfo_wsopen_s
String ID:
API String ID: 3229548750-0
Opcode ID: fbb92496afa22c08e2281efe444c948759cc6ca6d37d93c437e9672a78ea8759
Instruction ID: 6163517b5e518dc7030514a64332a14aa95c1f2ab13a19246ea5cd30a5964803
Opcode Fuzzy Hash: fbb92496afa22c08e2281efe444c948759cc6ca6d37d93c437e9672a78ea8759
Instruction Fuzzy Hash: 8001F232101118AACF202E6EDE01FD93B659F81778F124620FA288BAD0DB31A4499B90

Function 6C8DB31A Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DB325
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DB330

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_wsopen_s.MSVCR100(00000000,00000000,00008002,00000040,00000000), ref: 6C8DB34A
__futime32.LIBCMT(00000000,?), ref: 6C8DB35E
_errno.MSVCR100 ref: 6C8DB36C
_close.MSVCR100(00000000), ref: 6C8DB37B
_errno.MSVCR100 ref: 6C8DB386

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__futime32_close_invalid_parameter_invalid_parameter_noinfo_wsopen_s
String ID:
API String ID: 1004118680-0
Opcode ID: 83b4873455fbac9706728d9bc1b9095bfdfecf008f9c271ac56fe215508bdd9e
Instruction ID: 82e0c7fd72e948bef3865b510527444f6ccb3da4740f519876240f95ac6a2642
Opcode Fuzzy Hash: 83b4873455fbac9706728d9bc1b9095bfdfecf008f9c271ac56fe215508bdd9e
Instruction Fuzzy Hash: A801D632505248BACF202EADDD00BDD3B659F8277CF164B24FA285BBE0DB31E5459B90

Function 00FC1198 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

SetDllDirectoryW.KERNEL32(00FC78A4), ref: 00FC11C3
SetDllDirectoryW.KERNEL32(?), ref: 00FC11CC
_free.LIBCMT ref: 00FC11CF
_memset.LIBCMT ref: 00FC11ED
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00000200,?,?,?,BAKED), ref: 00FC1211

Strings

Failed converting UTF8 to UTF16, xrefs: 00FC1223

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: Directory$ByteCharMultiWide_free_memset
String ID: Failed converting UTF8 to UTF16
API String ID: 2484069108-2092641052
Opcode ID: 4d712775c25964978da146aa13a25abb0b70b768677b15dfa783de6b6644898f
Instruction ID: 1c8c2320bc3ba736e5039eb5b0d971d983eed726b740c84a1876a0b4ee53cf93
Opcode Fuzzy Hash: 4d712775c25964978da146aa13a25abb0b70b768677b15dfa783de6b6644898f
Instruction Fuzzy Hash: 1B01F572940319AADF20ABA4DD47FEAB368FF05310F1042DAE91A971C2EA745A44DF41

Function 00FC2989 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00FC7A50,00000008,00FC2A91,00000000,00000000,?,00FC1550,00000001,000007DB,00000000,00000000,?,?,00FC109E,00000000), ref: 00FC299A
__lock.LIBCMT ref: 00FC29CE

Part of subcall function 00FC3295: __mtinitlocknum.LIBCMT ref: 00FC32AB
Part of subcall function 00FC3295: __amsg_exit.LIBCMT ref: 00FC32B7
Part of subcall function 00FC3295: EnterCriticalSection.KERNEL32(000007DB,000007DB,?,00FC29D3,0000000D,?,00FC1550,00000001,000007DB,00000000,00000000,?,?,00FC109E,00000000), ref: 00FC32BF

InterlockedIncrement.KERNEL32(?), ref: 00FC29DB
__lock.LIBCMT ref: 00FC29EF
___addlocaleref.LIBCMT ref: 00FC2A0D

Strings

KERNEL32.DLL, xrefs: 00FC2995

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 80a3db0896af5bebab82c49d44969c860b482be0f59ff77c043a621a7db9485a
Instruction ID: 4658e825ff3a294ea989dd56588693ced37862684d581eb3159955bee30bf4bb
Opcode Fuzzy Hash: 80a3db0896af5bebab82c49d44969c860b482be0f59ff77c043a621a7db9485a
Instruction Fuzzy Hash: D1016D71444B029FD720AF65CA0BB49BBE0EF50321F10890EE4D6976A1CBB8A644EB51

Function 6C8B8BCC Relevance: 10.5, APIs: 7, Instructions: 38threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000088,00000000,00000000,00000002,00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?), ref: 6C8B8BE8
GetCurrentThread.KERNEL32 ref: 6C8B8BEB
GetCurrentProcess.KERNEL32(00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8BF2
DuplicateHandle.KERNEL32(00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8BF5
GetLastError.KERNEL32(?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8BFF
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8B8C17
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,?,?,?,6C8C0C55,?,6C8C0AF2,?,?,?,?,00000000), ref: 6C8B8C25

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Current$Process$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorExceptionHandleLastThreadThrow
String ID:
API String ID: 2881127307-0
Opcode ID: 82ed87754b5bfe71808e97fa1b9e18a5fb7be548d4afe4af9669991d539ffca2
Instruction ID: 7e39875922df86f0143f050d21df7b559df66ae4ad4cb5f1a5307a8d788d87d7
Opcode Fuzzy Hash: 82ed87754b5bfe71808e97fa1b9e18a5fb7be548d4afe4af9669991d539ffca2
Instruction Fuzzy Hash: 6EF01272A00115A6CB20AAB58D1DF9F3A7CAB45648F044935A505E6980EB74E445C7A1

Function 6C8F40E0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

_FindAndUnlinkFrame.MSVCR100(?,6C8F40CC,?), ref: 6C8F40E9

Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C897846
Part of subcall function 6C897840: _getptd.MSVCR100 ref: 6C89785A

_getptd.MSVCR100(6C8F40CC,?), ref: 6C8F40EF
_getptd.MSVCR100(6C8F40CC,?), ref: 6C8F40FD
_IsExceptionObjectToBeDestroyed.MSVCR100(?), ref: 6C8F4140
__DestructExceptionObject.MSVCR100(00000000,00000000), ref: 6C8F414E

Strings

csm, xrefs: 6C8F410B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
String ID: csm
API String ID: 473968603-1018135373
Opcode ID: b9f2e536da37ab393053c35ab7aa79d08cdfaaea7588c34244a0e97062d24610
Instruction ID: 4f1e83837c79bda2e1ab98038ba3ff0c961a074435276a61a6c171b60673ead3
Opcode Fuzzy Hash: b9f2e536da37ab393053c35ab7aa79d08cdfaaea7588c34244a0e97062d24610
Instruction Fuzzy Hash: 4B014B389022048AEF348F25C740AEDB7B9AF94259F644D3ED07096F90DB3189CAEB01

Function 6C8CEACE Relevance: 10.5, APIs: 7, Instructions: 35COMMON

Download Yara Rule

APIs

__doserrno.MSVCR100 ref: 6C8CEAD9
_errno.MSVCR100 ref: 6C8CEAE1
_invalid_parameter_noinfo.MSVCR100 ref: 6C8CEAEC

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

GetFileAttributesA.KERNEL32(00000000), ref: 6C8CEAF9
GetLastError.KERNEL32 ref: 6C8CEB04
__dosmaperr.LIBCMT(00000000), ref: 6C8CEB0B
SetFileAttributesA.KERNEL32(00000000,00000000), ref: 6C8CEB25

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AttributesFile$ErrorLast__doserrno__dosmaperr_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 567378056-0
Opcode ID: 8efc5a5a9a4aa779ce8c170a340dee19977786036cc88adaeaa2e93769269f11
Instruction ID: fb800b2e510da9aeedebbf156f0839608f1440e9f8087584010170c8aae193c3
Opcode Fuzzy Hash: 8efc5a5a9a4aa779ce8c170a340dee19977786036cc88adaeaa2e93769269f11
Instruction Fuzzy Hash: FAF06D31655148AFDF211BB88A097A93A64AF52339F104B30F43994EE0EB70C440DBA2

Function 6C8D048F Relevance: 10.5, APIs: 7, Instructions: 35COMMON

Download Yara Rule

APIs

__doserrno.MSVCR100 ref: 6C8D049A
_errno.MSVCR100 ref: 6C8D04A2
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D04AD

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

GetFileAttributesW.KERNEL32(00000000), ref: 6C8D04BA
GetLastError.KERNEL32 ref: 6C8D04C5
__dosmaperr.LIBCMT(00000000), ref: 6C8D04CC
SetFileAttributesW.KERNEL32(00000000,00000000), ref: 6C8D04E6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AttributesFile$ErrorLast__doserrno__dosmaperr_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 567378056-0
Opcode ID: ce43bd9a0c6d1b8d693821dc829b82cea96a3a04bf529f4fb019c56a8f8be276
Instruction ID: 6464634884570c51804f60753b226bd60b990abe2120422efb1a7b3ee6bbf455
Opcode Fuzzy Hash: ce43bd9a0c6d1b8d693821dc829b82cea96a3a04bf529f4fb019c56a8f8be276
Instruction Fuzzy Hash: 2FF096311152889BCB312BB98A08BAE3A666F4233EF118B60E53CC4DE0DB75D440DB60

Function 6C8F3B21 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON

Download Yara Rule

APIs

_getptd.MSVCR100 ref: 6C8F3B42
_getptd.MSVCR100 ref: 6C8F3B53
_getptd.MSVCR100 ref: 6C8F3B61

Strings

RCC, xrefs: 6C8F3B2D
MOC, xrefs: 6C8F3B34
csm, xrefs: 6C8F3B3B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd
String ID: MOC$RCC$csm
API String ID: 3186804695-2671469338
Opcode ID: 9409c5a0f4b8fefc6144f08392dbb776af12daaef2442993d67dc15f2612c84e
Instruction ID: b892df9a0b0b3f730bada3649d9817266d0cc5aa2af48210ecb284c09902ce30
Opcode Fuzzy Hash: 9409c5a0f4b8fefc6144f08392dbb776af12daaef2442993d67dc15f2612c84e
Instruction Fuzzy Hash: ACE012316162089FC720D768C6497A83394EF8435CF5548F1D42CC7B26D735ED564A53

Function 6C8F200A Relevance: 9.3, APIs: 6, Instructions: 314COMMONLIBRARYCODE

Download Yara Rule

APIs

_store_winword.LIBCMT ref: 6C8F2268
_store_winword.LIBCMT ref: 6C8F228D
_errno.MSVCR100(?,?,00000000,?,?,6C8F293C,?,?,?,00000000,?,?,?), ref: 6C8F22C6
_invalid_parameter_noinfo.MSVCR100(?,?,00000000,?,?,6C8F293C,?,?,?,00000000,?,?,?), ref: 6C8F22D1
__tzname.MSVCR100(?,?,00000000,?,?,6C8F293C,?,?,?,00000000,?,?,?), ref: 6C8F2318
_store_str.LIBCMT ref: 6C8F23B4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _store_winword$__tzname_errno_invalid_parameter_noinfo_store_str
String ID:
API String ID: 3353331024-0
Opcode ID: 6f67f3c1986ffe6174acbd1a9b88afca02cced12ae19387b240b10c85bb47ecf
Instruction ID: 8114fae695dbeae3e6414d795bb693290d89cb2a56fc0ed58d0b62a623c2f7de
Opcode Fuzzy Hash: 6f67f3c1986ffe6174acbd1a9b88afca02cced12ae19387b240b10c85bb47ecf
Instruction Fuzzy Hash: 67910731742AD68BD7358D588B4C76AB761BB827D4F110D2DD930D7E60D37CD84386A1

Function 6C8FF612 Relevance: 9.3, APIs: 6, Instructions: 261COMMON

Download Yara Rule

APIs

_ValidateScopeTableHandlers.LIBCMT ref: 6C8FF713
__FindPESection.LIBCMT ref: 6C8FF72D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: FindHandlersScopeSectionTableValidate
String ID:
API String ID: 876702719-0
Opcode ID: 2cd0df137cd503d32072f3ccc92daf1a8844cd85dcdb3a542dd3d6561f6d1813
Instruction ID: ffa48ff4f239139452a4330a277d7ab4e0e59190178ddc0b57cc7836d1681558
Opcode Fuzzy Hash: 2cd0df137cd503d32072f3ccc92daf1a8844cd85dcdb3a542dd3d6561f6d1813
Instruction Fuzzy Hash: 11912731B052158FDB20CF58CA8065DB3F5EB95398F254A69D875A7B60EB39EC03CB90

Function 6C897402 Relevance: 9.2, APIs: 6, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C897593
_errno.MSVCR100 ref: 6C89759D
_errno.MSVCR100 ref: 6C8975A7
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A98F8
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9909
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A996B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 73300f9a708d4e7571cec654c13bbfba626e23fa377ab0dea8a47a9a16cc0cc6
Instruction ID: 8417169bdb7a99fc7b8abf43440273bb31a6e7d2020b8c780a9aab8465fad794
Opcode Fuzzy Hash: 73300f9a708d4e7571cec654c13bbfba626e23fa377ab0dea8a47a9a16cc0cc6
Instruction Fuzzy Hash: 2651FA3134A340CFD771CE6D86907C97BA19FA7728F6888AAD0948BA52D277D807C752

Function 6C8B9F09 Relevance: 9.1, APIs: 6, Instructions: 148threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C8B9F16
TlsSetValue.KERNEL32(?), ref: 6C8B9F29
TlsSetValue.KERNEL32(00000000), ref: 6C8BA08D
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8BA0B2
_CxxThrowException.MSVCR100(?,6C8BA0C8), ref: 6C8BA0C0
std::exception::exception.LIBCMT(?,?,?,?,6C8BA0C8), ref: 6C8BA0E3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Value$Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
String ID:
API String ID: 1797647509-0
Opcode ID: bc56d1f6c270ced2e8e65d1968d564913d9699b66f9c9c7e731482730b93f4bb
Instruction ID: ea86493578fc027be29e1da0b22d1cdbc7cb9bd3b6c902de0098b1cb14bcd2a1
Opcode Fuzzy Hash: bc56d1f6c270ced2e8e65d1968d564913d9699b66f9c9c7e731482730b93f4bb
Instruction Fuzzy Hash: 7851E330704245AFCB259F78CA44BEDBB71BF52318F044979D059A7B92CB36A81EC7A0

Function 6C917538 Relevance: 9.1, APIs: 6, Instructions: 140COMMON

Download Yara Rule

APIs

_domain_err.LIBCMT ref: 6C917562

Part of subcall function 6C917351: __ctrlfp.LIBCMT ref: 6C917360
Part of subcall function 6C917351: __except1.LIBCMT ref: 6C91737D

__j1.LIBCMT ref: 6C9175D3
log.MSVCR100 ref: 6C9175E1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __ctrlfp__except1__j1_domain_err
String ID:
API String ID: 2823030722-0
Opcode ID: f0235f0dba769e981a8b38ae05e5f4270d9f97dea2fa96b43432c55990b0e385
Instruction ID: 1f782ec210773f4a0a3d92c8302ad62fe59c545358873d375cd42a1094e1346b
Opcode Fuzzy Hash: f0235f0dba769e981a8b38ae05e5f4270d9f97dea2fa96b43432c55990b0e385
Instruction Fuzzy Hash: B5519562E14A0AE7CB052F54E50B09C7B78F70A3A5BB24AD4D0C1A1A6CEF35C978C7C5

Function 6C89153C Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

_flsbuf.MSVCR100(?,?), ref: 6C891515
memcpy.MSVCR100(?,?,?), ref: 6C8915D5
_errno.MSVCR100 ref: 6C892AAB
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8E16

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_flsbuf_invalid_parameter_noinfomemcpy
String ID:
API String ID: 508512864-0
Opcode ID: 54fbb8be210887e717b61343d9b84cb24f2803062b71bca9007cef20ae25fa0f
Instruction ID: b2a22836eca9fcd7be2fb8acfbe4ffb13c9cf69fc12fcbbb3a61c246d0a07d1a
Opcode Fuzzy Hash: 54fbb8be210887e717b61343d9b84cb24f2803062b71bca9007cef20ae25fa0f
Instruction Fuzzy Hash: 9B411932A05608DFDB308FAD8A8469EB7F6AF81354B258D3DD42297E80D774D941CB40

Function 6C917387 Relevance: 9.1, APIs: 6, Instructions: 135COMMON

Download Yara Rule

APIs

_domain_err.LIBCMT ref: 6C9173B1

Part of subcall function 6C917351: __ctrlfp.LIBCMT ref: 6C917360
Part of subcall function 6C917351: __except1.LIBCMT ref: 6C91737D

__j0.LIBCMT ref: 6C91741E
log.MSVCR100 ref: 6C917432

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __ctrlfp__except1__j0_domain_err
String ID:
API String ID: 870402989-0
Opcode ID: 43ab45382933aa66f88feb6a15466a570864acccf3dbc19b14be1ab9b30a42e4
Instruction ID: 49ccb995c243e6e2693efdb9c18fa06fd9ce35cc0bd9460eaccce6902e311456
Opcode Fuzzy Hash: 43ab45382933aa66f88feb6a15466a570864acccf3dbc19b14be1ab9b30a42e4
Instruction Fuzzy Hash: 3441A5A1E14D09E7CB057F94E90A19C7F78FB06764BA20A94C0C1A1A6DEF35C97887C5

Function 6C88C106 Relevance: 9.1, APIs: 6, Instructions: 121COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(0000000B,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C88C12D

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

EnterCriticalSection.KERNEL32(?,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C88C1A8
_lock.MSVCR100(0000000A,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C88C1FA
InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C88C215
_calloc_crt.MSVCR100(00000020,00000040,6C88C170,00000018,6C88C42D,00000000,?), ref: 6C8B04BD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$Enter_lock$CountInitializeSpin_calloc_crt
String ID:
API String ID: 988982517-0
Opcode ID: aeeb5f3d3b14bf7250d6a685b62ae235f9e9063d551f28034954fc34e1b42db1
Instruction ID: 514ee985e9b099b8f0ae17834f9f18a16a4d2e8ea7b67b0268e6af93a803435c
Opcode Fuzzy Hash: aeeb5f3d3b14bf7250d6a685b62ae235f9e9063d551f28034954fc34e1b42db1
Instruction Fuzzy Hash: 7A4137719067458BDB309F68CB8478EBBB4BF02728F248B29C065ABEC2C7749545CB51

Function 6C8851A2 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00000001,?,?,?,?,6C8852A5,?,?,?), ref: 6C8851E5
_memset.LIBCMT(00000000,00000000,00000000,?,?,?,6C8852A5,?,?,?,?,?,?,?,?,?), ref: 6C88522B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 6C885240
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6C88524E
_freea_s.MSVCR100(00000000), ref: 6C885258
malloc.MSVCR100(00000008,?,?,?,6C8852A5,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8B0CF1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide$StringType_freea_s_memsetmalloc
String ID:
API String ID: 2935806426-0
Opcode ID: c767fa7e01cddf771e6489a90f3adcb7c8a705194c47872693bbcecab72697ea
Instruction ID: 9589330385f0888efdae7e83431d4b9494986f8252424a4ad2c43b4e71eb0124
Opcode Fuzzy Hash: c767fa7e01cddf771e6489a90f3adcb7c8a705194c47872693bbcecab72697ea
Instruction Fuzzy Hash: 0631847160124AEFEF208FA4DD809AF7BADEB48358F110829F915D7A50DB34DD64CB60

Function 6C88087F Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,?,6C880936,?,?,00000000), ref: 6C8A7946
_invalid_parameter_noinfo.MSVCR100(?,?,?,6C880936,?,?,00000000), ref: 6C8A7950
_errno.MSVCR100(?,?,?,?,6C880936,?,?,00000000), ref: 6C8A795C
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,6C880936,?,?,00000000), ref: 6C8A7966
_errno.MSVCR100(?,?,?,?,6C880936,?,?,00000000), ref: 6C8A7972
_errno.MSVCR100(?,?,?,?,?,6C880936,?,?,00000000), ref: 6C8A7991

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: a17977ba85dbcc47a8b23e4869394747ab22ee759c5d6b0b65cf0a2db3916238
Instruction ID: ef4aad43da48cdf38253d0e89878b5ac6d3db2f98e23852db0b20c9e14528414
Opcode Fuzzy Hash: a17977ba85dbcc47a8b23e4869394747ab22ee759c5d6b0b65cf0a2db3916238
Instruction Fuzzy Hash: DB2136322533A69BCB342FBCC9D029A7361EF46714B24493FE5518BF54EB709982C399

Function 6C88921F Relevance: 9.1, APIs: 6, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_towlower_l.MSVCR100(?,?,?,?,?), ref: 6C889260

Part of subcall function 6C882939: iswctype.MSVCR100(?,00000001,?,?,?,?,?,?,?), ref: 6C88297D

_towlower_l.MSVCR100(00000000,?,?,?,?,?,?), ref: 6C889273
_errno.MSVCR100(?), ref: 6C8AC4F8
_invalid_parameter_noinfo.MSVCR100(?), ref: 6C8AC503
_errno.MSVCR100(?,?), ref: 6C8AC51E
_invalid_parameter_noinfo.MSVCR100(?,?), ref: 6C8AC529

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo_towlower_l$iswctype
String ID:
API String ID: 3991495309-0
Opcode ID: ad6b8cbdd590dbdcc39f1a482c8ba530fbeb129ac15480a7e1bfb79ff74d8a19
Instruction ID: d31e64be0238b8549e0a8b8655189e0c13b1e734f60e32433d629e0f72d6bcc2
Opcode Fuzzy Hash: ad6b8cbdd590dbdcc39f1a482c8ba530fbeb129ac15480a7e1bfb79ff74d8a19
Instruction Fuzzy Hash: F1313A725021599BDB30ABEDCA447B93AA4BB42638F200A59F4709BAC5D735C941C760

Function 6C8C6561 Relevance: 9.1, APIs: 6, Instructions: 89synchronizationtimeCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C6568
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 6C8C6579
GetTickCount.KERNEL32 ref: 6C8C6580
WaitForSingleObject.KERNEL32(?,?), ref: 6C8C65A4
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100 ref: 6C8C65D9
CloseHandle.KERNEL32(?), ref: 6C8C6685

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AcquireBase::CloseConcurrency::details::Concurrency@@CountH_prolog3HandleLock@details@ObjectReaderSchedulerSingleThrottlingTickTimeWaitWrite@_Writer
String ID:
API String ID: 1057910834-0
Opcode ID: 6d88c7002aa59d4d94e271e17fd51b93e0e9896bb14c84a533428082a9731fa3
Instruction ID: 11771b5de30380465eefb7695f8323b01610f0883aa704afa0e83b8fafa065a9
Opcode Fuzzy Hash: 6d88c7002aa59d4d94e271e17fd51b93e0e9896bb14c84a533428082a9731fa3
Instruction Fuzzy Hash: 62318D70B04215CBCB20CF68CA847A97BB1AF45328F294A79D855EBB81DB35D845CB91

Function 6C8920BE Relevance: 9.1, APIs: 6, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

_strnicoll_l.MSVCR100(?,?,00000099,?,76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C892115

Part of subcall function 6C89204F: _strnicmp_l.MSVCR100(?,76228409,?,?,7FFFFFFF,00000000,00000000,?,76228409,?,?,00000099,?,?,?), ref: 6C8920A9

_errno.MSVCR100(?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AAAE4
_invalid_parameter_noinfo.MSVCR100(?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AAAEF
_errno.MSVCR100(76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AAB0A
_invalid_parameter_noinfo.MSVCR100(76228409,?,?,00000099,?,?,?,?,?,00000000,00000005), ref: 6C8AAB15
__crtCompareStringA.MSVCR100(00000099,?,00001001,?,00000099,?,00000099,00000000,76228409,?,?,00000099,?,?,?), ref: 6C8AAB33

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$CompareString__crt_strnicmp_l_strnicoll_l
String ID:
API String ID: 1477060370-0
Opcode ID: 1551dbd58269ebbf61fa2de4000a7e092d805df93d9c55fe6efb24a3f35ca67f
Instruction ID: 3f330a7c5ce5152b322f788213f5336922598e093bce49733a7565e1c313c1d7
Opcode Fuzzy Hash: 1551dbd58269ebbf61fa2de4000a7e092d805df93d9c55fe6efb24a3f35ca67f
Instruction Fuzzy Hash: 1B21D731901249FFCF319FECCA449ED3B71AF01328B204A65E1301B9A1E7319956DF41

Function 6C8C1D1A Relevance: 9.1, APIs: 6, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000,6C924624,?,00000004), ref: 6C8C1D5E
_memset.LIBCMT(00000000,00000000,?,00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?,00000000), ref: 6C8C1D6E
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,?,00000000,6C8BFC8E,?,00000014,6C8C9CD7,00000000,?,00000008,6C8C0075,?), ref: 6C8C1D75

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8C1DA3
InitializeSListHead.KERNEL32(?), ref: 6C8C1DB8
InitializeSListHead.KERNEL32(?), ref: 6C8C1DBE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: HeadInitializeList$??2@_memsetmalloc
String ID:
API String ID: 2874038712-0
Opcode ID: 5a5a969398d96e68316e1ee6c721a38cd4065847a777ddeb6898797b62d3395b
Instruction ID: 964bc74f8b7912a0f495d076d4f263ac978f36061df5964f456f3a5ea9a5c776
Opcode Fuzzy Hash: 5a5a969398d96e68316e1ee6c721a38cd4065847a777ddeb6898797b62d3395b
Instruction Fuzzy Hash: 7A211AB1601B409FD774CF2ED985956FBE8BF88310B505E2EE69AC7EA0D770E8418B14

Function 6C8BFA23 Relevance: 9.1, APIs: 6, Instructions: 74COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8BFA67
_memset.LIBCMT(00000000,00000000,?,00000000), ref: 6C8BFA77
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000), ref: 6C8BFA7E

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

??_U@YAPAXI@Z.MSVCR100(00000000,?,6C8C1804), ref: 6C8BFAAC
InitializeSListHead.KERNEL32(00000018,?,6C8C1804), ref: 6C8BFAC1
InitializeSListHead.KERNEL32(00000020), ref: 6C8BFAC7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: HeadInitializeList$??2@_memsetmalloc
String ID:
API String ID: 2874038712-0
Opcode ID: d09ee2521003e2bd63b2865b0d589eccdc8f598c0308bdae085d00201df8b5d7
Instruction ID: d84a93695897812d00bf9a2657efd1d7beefac8d77127aaf3ba1fff22988024e
Opcode Fuzzy Hash: d09ee2521003e2bd63b2865b0d589eccdc8f598c0308bdae085d00201df8b5d7
Instruction Fuzzy Hash: A6210CB5601B009FD374CF2ED985916BBE8BB88314B515A2EE59AC7AA0D770F8418B14

Function 6C8C3BA6 Relevance: 9.1, APIs: 6, Instructions: 74COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6C8C3BEA
_memset.LIBCMT(00000000,00000000,?,00000000), ref: 6C8C3BFA
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000), ref: 6C8C3C01

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

??_U@YAPAXI@Z.MSVCR100(00000000,?,6C8C17A8), ref: 6C8C3C2F
InitializeSListHead.KERNEL32(00000010,?,6C8C17A8), ref: 6C8C3C44
InitializeSListHead.KERNEL32(00000018), ref: 6C8C3C4A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: HeadInitializeList$??2@_memsetmalloc
String ID:
API String ID: 2874038712-0
Opcode ID: 7ad4ed1824d1e46332f43898e5c404c8dce4441182967a0f57447aa4035c99aa
Instruction ID: fa7cdf773cd82d71bc1333c037ef2df9b739c97c0952b0c51b435a28c337e3c5
Opcode Fuzzy Hash: 7ad4ed1824d1e46332f43898e5c404c8dce4441182967a0f57447aa4035c99aa
Instruction Fuzzy Hash: A2211DB1601B009FD374CF2ED985A57BBE4BB88310B514E2EE59AC7EA0D770F8418B14

Function 6C8980BC Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,?), ref: 6C8980EF
_calloc_crt.MSVCR100(00000001,00000002), ref: 6C8A79E6
_errno.MSVCR100 ref: 6C8A79F3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentDirectory_calloc_crt_errno
String ID:
API String ID: 1856998256-0
Opcode ID: 4ca47f9b33183b01ca9deea809ba0c998ede34a84d2e724385bf939af60b5cc8
Instruction ID: 0b0f8a5c94a5a36b860ef6b1e2e719b6e67728e5680ebc528958825f7ee32a5e
Opcode Fuzzy Hash: 4ca47f9b33183b01ca9deea809ba0c998ede34a84d2e724385bf939af60b5cc8
Instruction Fuzzy Hash: 2E213D72B4631D9AD7306F6CCE85BD973B8DB42318F110D7AD404E7A80DB749E848AA0

Function 6C8C7F63 Relevance: 9.1, APIs: 6, Instructions: 71synchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C7F6A
WaitForSingleObject.KERNEL32(?,00000000,0000000C,6C8C7EDB,?), ref: 6C8C7F83
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100 ref: 6C8C7FA0
CloseHandle.KERNEL32(?), ref: 6C8C8020
CloseHandle.KERNEL32(00000000), ref: 6C8C8029
??3@YAXPAX@Z.MSVCR100(?), ref: 6C8C802C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseHandle$??3@AcquireConcurrency@@H_prolog3Lock@details@ObjectReaderSingleWaitWrite@_Writer
String ID:
API String ID: 1148406726-0
Opcode ID: c0aa37d1f07d360cbf6fd3497c1e8dec9a02bc312296696aee9ab1705897561e
Instruction ID: a45b4674b404bba8f9ede70f5fdea4d1caeabd372c2726e89573cfcff4394e5d
Opcode Fuzzy Hash: c0aa37d1f07d360cbf6fd3497c1e8dec9a02bc312296696aee9ab1705897561e
Instruction Fuzzy Hash: 48218130711209CFDF24DF28CAC569A77B0BF41364B154A65E8689BB91DB30ED05CBA1

Function 6C8BD8E1 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BD8E8
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000000), ref: 6C8BD903

Part of subcall function 6C8C214D: std::exception::exception.LIBCMT(6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8C216C
Part of subcall function 6C8C214D: _CxxThrowException.MSVCR100(?,6C920018,6C8C1FE2), ref: 6C8C2181

??3@YAXPAX@Z.MSVCR100(?,00000000), ref: 6C8BD913
??2@YAPAXI@Z.MSVCR100(000000F8,00000000), ref: 6C8BD921
??2@YAPAXI@Z.MSVCR100(000000D0,00000000), ref: 6C8BD951
??3@YAXPAX@Z.MSVCR100(?,00000000), ref: 6C8BD978

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@??3@Policy$Concurrency@@ElementExceptionH_prolog3Key@2@@Policy@SchedulerThrowValue@std::exception::exception
String ID:
API String ID: 2052542019-0
Opcode ID: 498ed27af0e7f95d383fee17dd1b7d4b271cbd7e985328f5e4d7569ba38001c8
Instruction ID: 51c91e746ddf2673e9276ead7bfa90856208967a76f5f2b7d0f56c7c425f383a
Opcode Fuzzy Hash: 498ed27af0e7f95d383fee17dd1b7d4b271cbd7e985328f5e4d7569ba38001c8
Instruction Fuzzy Hash: A511B63165611ABADF30CBB8CE04BEE7EE06F01358F100C2AA025FAA95DB70DA09C751

Function 6C8FCCC1 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8FCCCE
_errno.MSVCR100 ref: 6C8FCD0A
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCCD9

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8FCCEA
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCCF5
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCD15

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
String ID:
API String ID: 1328987296-0
Opcode ID: c6abead28d9971e1a7311e57be41cba62adceeb003012ed5b7a719c269d5b426
Instruction ID: f6099ddc949d2e1502320ed052276dd65b228da6f84037a5fe326dd788522c85
Opcode Fuzzy Hash: c6abead28d9971e1a7311e57be41cba62adceeb003012ed5b7a719c269d5b426
Instruction Fuzzy Hash: 4501883114522ADEDB327F5DDE505DE3BA4EB813E67300C35E4A596A02D7318A42CBB1

Function 6C8FCD4A Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8FCD57
_errno.MSVCR100 ref: 6C8FCD93
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCD62

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8FCD73
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCD7E
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FCD9E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
String ID:
API String ID: 1328987296-0
Opcode ID: 7ba6820066a2c580ffc5cc9e02d2aa116196ec497089423c53975650b8025924
Instruction ID: ff86bcda64ba74af747f61f2e0769c52f3b765729aa7b37248e68acf538b1d00
Opcode Fuzzy Hash: 7ba6820066a2c580ffc5cc9e02d2aa116196ec497089423c53975650b8025924
Instruction Fuzzy Hash: 8311AD3150522A9FCF707F68CA805CE7F65EF823DAB210C39E56092A02E7318642CAB1

Function 6C88A7FB Relevance: 9.1, APIs: 6, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.MSVCR100(6C88A880,00000010), ref: 6C88A8A4
__doserrno.MSVCR100(6C88A880,00000010), ref: 6C8AF4DE
_errno.MSVCR100(6C88A880,00000010), ref: 6C8AF4E6
_errno.MSVCR100(6C88A880,00000010), ref: 6C8AF4FC
_invalid_parameter_noinfo.MSVCR100(6C88A880,00000010), ref: 6C8AF507
_errno.MSVCR100(6C88A880,00000010), ref: 6C8AF50E

Part of subcall function 6C88A5A9: EnterCriticalSection.KERNEL32(00000108,6C88A610,0000000C,6C89038E,?,6C8903C8,00000010,6C8A89FE,?,00000000,00000002,?,6C9235D0,?,?), ref: 6C88A5FA

Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?,?,?,?,6C88A865,?,6C88A880,00000010), ref: 6C88A795
Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?), ref: 6C88A7B8
Part of subcall function 6C88A78A: CloseHandle.KERNEL32(00000000), ref: 6C88A7BF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__doserrno_get_osfhandle$CloseCriticalEnterHandleSection_invalid_parameter_noinfo
String ID:
API String ID: 1720121285-0
Opcode ID: 947a2265ecc17f9912180e3484e6c335b347b1249d35607a61b90f1e8d797598
Instruction ID: a43349253bd878def948fa477be1de2bd059f2f81531811448014de1c76f81b4
Opcode Fuzzy Hash: 947a2265ecc17f9912180e3484e6c335b347b1249d35607a61b90f1e8d797598
Instruction Fuzzy Hash: CB116A319133548FDB319FA8CB807D97660AF02329F610E64D4309BED1DBB899468B65

Function 6C8C53E4 Relevance: 9.1, APIs: 6, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C53EB
??_V@YAXPAX@Z.MSVCR100(?,00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?,?,?,6C8C55C8,?,00000000,6C8C5EC0), ref: 6C8C5440
??3@YAXPAX@Z.MSVCR100(?,00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?,?,?,6C8C55C8,?,00000000,6C8C5EC0), ref: 6C8C5447
Concurrency::unsupported_os::unsupported_os.LIBCMT(00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?,?,?,6C8C55C8,?,00000000,6C8C5EC0,?), ref: 6C8C5454
_CxxThrowException.MSVCR100(?,6C91FE24,00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?,?,?,6C8C55C8,?,00000000), ref: 6C8C5462
??1event@Concurrency@@QAE@XZ.MSVCR100(00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?,?,?,6C8C55C8,?,00000000,6C8C5EC0,?), ref: 6C8C546E

Part of subcall function 6C8C538C: __uncaught_exception.MSVCR100(?,?,?,?,6C8B5C86,00000001), ref: 6C8C53A1

Part of subcall function 6C8C5538: ??1_TaskCollection@details@Concurrency@@QAE@XZ.MSVCR100(?,?,00000001,?,?,6C8C542B,00000000,00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000,?), ref: 6C8C5568
Part of subcall function 6C8C5538: ??3@YAXPAX@Z.MSVCR100(?,?,?,00000001,?,?,6C8C542B,00000000,00000014,6C8B62AC,?,00000000,?,6C8C4D05,00000001,00000000), ref: 6C8C556E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@Concurrency@@$??1_??1event@Collection@details@Concurrency::unsupported_os::unsupported_osExceptionH_prolog3TaskThrow__uncaught_exception
String ID:
API String ID: 3788188742-0
Opcode ID: 88e56bf19c15797c5caf7c5b2a33b9ca6f5dbc121d3e270614689e7a6159e7d9
Instruction ID: b22d65ff1d55867644158522d0f79c5b86e5852571f4f36dc2cbc92ccb4b0943
Opcode Fuzzy Hash: 88e56bf19c15797c5caf7c5b2a33b9ca6f5dbc121d3e270614689e7a6159e7d9
Instruction Fuzzy Hash: 2101ADB1B823058BDF349BA9CB50BAF73616F4162DB540D2C94615BFA0DB38E80AA641

Function 6C88AC84 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.MSVCR100(6C88ACE0,0000000C,6C88D0AA,?,?,6C889233,?), ref: 6C88AC90
_lock.MSVCR100(0000000D), ref: 6C88ACA7

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

InterlockedDecrement.KERNEL32(?), ref: 6C88D0B7
InterlockedIncrement.KERNEL32(00F01688), ref: 6C88D0DF

Part of subcall function 6C88ACFC: _unlock.MSVCR100(0000000D,6C88ACCF), ref: 6C88ACFE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Interlocked$CriticalDecrementEnterIncrementSection_getptd_lock_unlock
String ID:
API String ID: 1606532611-0
Opcode ID: 9e2d60d3d84321cbf477026c9f22c128bd742b2b2e3394f7730f446309e5c81a
Instruction ID: a155c54f3185718685a65858eeadf5ef05d07bd0dff4322604e5f598dac196bb
Opcode Fuzzy Hash: 9e2d60d3d84321cbf477026c9f22c128bd742b2b2e3394f7730f446309e5c81a
Instruction Fuzzy Hash: A411AC31E47A25DBCB359B6986047897270BB02B18F110926D45067FC0DB389987CFD1

Function 00FC3E1C Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00FC3E28

Part of subcall function 00FC2AB6: __getptd_noexit.LIBCMT ref: 00FC2AB9
Part of subcall function 00FC2AB6: __amsg_exit.LIBCMT ref: 00FC2AC6

__amsg_exit.LIBCMT ref: 00FC3E48
__lock.LIBCMT ref: 00FC3E58
InterlockedDecrement.KERNEL32(?), ref: 00FC3E75
_free.LIBCMT ref: 00FC3E88
InterlockedIncrement.KERNEL32(02781688), ref: 00FC3EA0

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: e96a48645fa93a0a1fc200c38f2428df009476e5c7cab870f170e649d31de840
Instruction ID: 49f311d2c3c3114f432d5294b2d2ee5f2de7f465ba24fecbd8ceb52ec88a9384
Opcode Fuzzy Hash: e96a48645fa93a0a1fc200c38f2428df009476e5c7cab870f170e649d31de840
Instruction Fuzzy Hash: 45016132D0571BDBCB11AB559B0BF5E7760BF44B60F04800DE800A7691CB685A49FBD6

Function 6C88A8DF Relevance: 9.0, APIs: 6, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__freebuf.LIBCMT ref: 6C88A903

Part of subcall function 6C88A8AE: free.MSVCR100(?,?,?,6C88A908,?,?), ref: 6C88A8C5

_fileno.MSVCR100(?,?,?), ref: 6C88A909
_close.MSVCR100(00000000,?,?,?), ref: 6C88A90F
_errno.MSVCR100 ref: 6C8A8B94
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8B9F

Part of subcall function 6C88A665: _fileno.MSVCR100(?,?,?,?,?,?,?,6C88A900,?), ref: 6C88A694
Part of subcall function 6C88A665: _write.MSVCR100(00000000,?,?,?,?,?,?,6C88A900,?), ref: 6C88A69B

free.MSVCR100(?), ref: 6C8A8BB4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _filenofree$__freebuf_close_errno_invalid_parameter_noinfo_write
String ID:
API String ID: 1941134952-0
Opcode ID: 0c03a7350c23a4a37fcfb518264520126cbcfc0aa4ba02ae4b539e9514dbc655
Instruction ID: 906dc6cb1edacd5596b7494e22a41e583ffc41449f5b1797b5907537af954abc
Opcode Fuzzy Hash: 0c03a7350c23a4a37fcfb518264520126cbcfc0aa4ba02ae4b539e9514dbc655
Instruction Fuzzy Hash: 74F0F422917B546BC230167E8F00BCA76989F8637DF150E25D97897EC0E738E40786A0

Function 6C8D22DA Relevance: 9.0, APIs: 6, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,00000000,?,6C8D2452,6C924F60,?,?,?,00000000), ref: 6C8D22E7
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,6C8D2452,6C924F60,?,?,?,00000000), ref: 6C8D22F2

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__cenvarg.LIBCMT ref: 6C8D2313
__dospawn.LIBCMT ref: 6C8D232D
free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D2337
free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D233F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$__cenvarg__dospawn_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 1531270514-0
Opcode ID: 8543a8564058973541d4b16da9987d976771ca10c2661c256dc89a257574c815
Instruction ID: 861ff853a54915c932d743d1542525b7af9d0e0b46b0847ba8bace7a314cf51a
Opcode Fuzzy Hash: 8543a8564058973541d4b16da9987d976771ca10c2661c256dc89a257574c815
Instruction Fuzzy Hash: 3601AD35801108BBCF115F98CE04ADE7A79AF01378F000A60F825A5AA0E732DAA4EB90

Function 6C8D1C42 Relevance: 9.0, APIs: 6, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,00000000,?,6C8D1DB6,?,000000FF,?,00000000,00000000), ref: 6C8D1C4F
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,6C8D1DB6,?,000000FF,?,00000000,00000000), ref: 6C8D1C5A

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__cenvarg.LIBCMT ref: 6C8D1C7B
__dospawn.LIBCMT ref: 6C8D1C94
free.MSVCR100(00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D1C9E
free.MSVCR100(00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D1CA6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$__cenvarg__dospawn_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 1531270514-0
Opcode ID: c42958f78ec69b953dd3a3ff25c0b2641fa45aa731b1d53b66b241d909675eec
Instruction ID: e7aa37b7040328d66f1bf0d2e5d3f7475bef6e8dc276064d24e9440c0fdff3cf
Opcode Fuzzy Hash: c42958f78ec69b953dd3a3ff25c0b2641fa45aa731b1d53b66b241d909675eec
Instruction Fuzzy Hash: 9A016D75801108BBCF115F98DE01ADD7E6AAF01378F114A60F52565AA0E771DA94DB90

Function 6C898163 Relevance: 9.0, APIs: 6, Instructions: 38COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,?,6C898259,?,?,00000104,?), ref: 6C89816A
_errno.MSVCR100(?,?,?,6C898259,?,?,00000104,?), ref: 6C898171
_wfullpath.MSVCR100(?,?,?,?,?,?,6C898259,?,?,00000104,?), ref: 6C898182

Part of subcall function 6C881E61: GetFullPathNameW.KERNEL32(?,?,00000000,?), ref: 6C881EA6

_errno.MSVCR100 ref: 6C89818C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$FullNamePath_wfullpath
String ID:
API String ID: 3755888649-0
Opcode ID: 950bbb1dd7ff244681bc0fb5d5d64dd1d3882148739b8678b9520f6cb5eeacb3
Instruction ID: 1402f3e75ea63710a9f12cd50e227a3523c696fd044da6a7b156292204188952
Opcode Fuzzy Hash: 950bbb1dd7ff244681bc0fb5d5d64dd1d3882148739b8678b9520f6cb5eeacb3
Instruction Fuzzy Hash: EEF06235102244AFCF221F689A007993B61EF82755F110870E9189BB20EB329815CBA1

Function 6C8C79B4 Relevance: 9.0, APIs: 6, Instructions: 37synchronizationCOMMON

Download Yara Rule

APIs

InterlockedFlushSList.KERNEL32(?,00000000,?,?,6C8C79A1,?), ref: 6C8C79C2
WaitForSingleObject.KERNEL32(?,000000FF,?,?,6C8C79A1,?), ref: 6C8C79D6
SetEvent.KERNEL32(?,?,6C8C79A1,?), ref: 6C8C79E3
CloseHandle.KERNEL32(?,?,6C8C79A1,?), ref: 6C8C79F9
CloseHandle.KERNEL32(?,?,6C8C79A1,?), ref: 6C8C79FD
??3@YAXPAX@Z.MSVCR100(?,?,6C8C79A1,?), ref: 6C8C7A00

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseHandle$??3@EventFlushInterlockedListObjectSingleWait
String ID:
API String ID: 751808093-0
Opcode ID: f9d3629a583414aac96fada75b231154c436718703cda58347a70ed3a7f6cf29
Instruction ID: 4e2f41923249323c575ddf265b5ddb8e12e8cfbb6794ac1ab3d568f21be02d28
Opcode Fuzzy Hash: f9d3629a583414aac96fada75b231154c436718703cda58347a70ed3a7f6cf29
Instruction Fuzzy Hash: C6F09077505220ABCB325B59DC88D8ABFB9EF8A3343150626EC5857615DA32E840CAF0

Function 6C88FB0D Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,00000000,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C895BD5
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,6C885B65,?,000000BC,?,00000000,00000000,00000005), ref: 6C8AA1A9

Strings

$, xrefs: 6C88FB47

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: $
API String ID: 2959964966-3993045852
Opcode ID: 0721cb7b740ccc7905d7e1efe5e54e964d3021557f7872640f4d53f6d2193e41
Instruction ID: b2f2567d00aa57c2bf524041b04e225ac6cbb30652258ef16d4e7053a7630b71
Opcode Fuzzy Hash: 0721cb7b740ccc7905d7e1efe5e54e964d3021557f7872640f4d53f6d2193e41
Instruction Fuzzy Hash: 4671163094B209DBDB35CF98C7503EA3BB1AF12359F240E5AD86157DD0C3358A66CB91

Function 6C881AB5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

iswctype.MSVCR100(?,00000008,?,?,?,?,?,?,6C881BF0,?,?,?,00000000), ref: 6C881AFE

Strings

$, xrefs: 6C881AE3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: iswctype
String ID: $
API String ID: 304682654-3993045852
Opcode ID: 23aa5ff8b54acb0defe58cfe22a5ebab8b673f3305e6ff5540b35af7150fa1c6
Instruction ID: 58e1e31a660222c8d11b5593bd30fc219bdd1800b10880643b33ee2206bcbe91
Opcode Fuzzy Hash: 23aa5ff8b54acb0defe58cfe22a5ebab8b673f3305e6ff5540b35af7150fa1c6
Instruction Fuzzy Hash: 2751833150721EEADB308F59CB457DE77A4AB02768F200E26E83196DA0E774CA91CB51

Function 6C8C2A38 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,00000000,?,?,?,?,?,?,?,6C8BD20F,?,00000000,00000000,?), ref: 6C8C2A6A
??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,00000000,?,?,?,?,?,?,?,6C8BD20F,?,00000000,00000000,?), ref: 6C8C2AF8
??_V@YAXPAX@Z.MSVCR100(?,?,?,00000000,00000000,?,?,?,?,?,?,?,6C8BD20F,?,00000000,00000000), ref: 6C8C2C4F

Strings

,, xrefs: 6C8C2C17
,, xrefs: 6C8C2C2C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID: ,$,
API String ID: 0-220654547
Opcode ID: 03894b3d17109734d562bfcd162bd2f8fc99f3d3eba4bf352f169d5fa9c56562
Instruction ID: e4b06ff4286aae3b750ba5b69146ec197040759fda3198fc79de404bf148f733
Opcode Fuzzy Hash: 03894b3d17109734d562bfcd162bd2f8fc99f3d3eba4bf352f169d5fa9c56562
Instruction Fuzzy Hash: 0D616771609741DFC328CF28C694A5BBBE5BF88308F155E2EE49A87691D730E840CB53

Function 6C8BC84D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C8BC85F
LeaveCriticalSection.KERNEL32(?), ref: 6C8BC920
SetEvent.KERNEL32(?), ref: 6C8BC92F

Strings

$, xrefs: 6C8BC8EC
,, xrefs: 6C8BC8D3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave
String ID: $$,
API String ID: 3094578987-53852779
Opcode ID: c087b1914890279092dc506233b958ea752fe8494022d640d61674a14c8fd523
Instruction ID: 559a4f5e072505d8e617ca171cf8ff0d6f0ee0944742d5c919ecd3fe2d62c2df
Opcode Fuzzy Hash: c087b1914890279092dc506233b958ea752fe8494022d640d61674a14c8fd523
Instruction Fuzzy Hash: A5311370A0471ADFCB24DFA9C6D495EBBB1FF08308B108969D556A7B12D330E984CFA0

Function 6C90008A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

__fltout2.LIBCMT ref: 6C9000B9

Part of subcall function 6C8FFD7F: ___dtold.LIBCMT ref: 6C8FFDA5
Part of subcall function 6C8FFD7F: _$I10_OUTPUT.LIBCMT(?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?,00000000,?,?), ref: 6C8FFDC0
Part of subcall function 6C8FFD7F: strcpy_s.MSVCR100(6C9000BE,?,?,?,?,00000016,?,?,?,6C9000BE,00000000,?,?,000000A3,00000016,?), ref: 6C8FFDE0

_errno.MSVCR100(?,?,?,00000000,?,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C9000C5
_invalid_parameter_noinfo.MSVCR100(?,?,?,00000000,?,?,?,?,?,000000A3,?,?,?,?,00000000,00000000), ref: 6C9000CC

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__fptostr.LIBCMT ref: 6C900117

Strings

-, xrefs: 6C900104

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: I10____dtold__fltout2__fptostr_errno_invalid_parameter_invalid_parameter_noinfostrcpy_s
String ID: -
API String ID: 3041646763-2547889144
Opcode ID: 807f0dc09bb91031f0705cc460d71d90981f3e7efd23cd3da827f3e294746c31
Instruction ID: bf5ec86124bc07a77d72b19d990369a8f0f4d225835dd7a22ab2f5e782a6ff8c
Opcode Fuzzy Hash: 807f0dc09bb91031f0705cc460d71d90981f3e7efd23cd3da827f3e294746c31
Instruction Fuzzy Hash: 5021D672B00145ABCB149F7CCD41ADE7B78EF49314F04892DE422E7680EB30D914CB60

Function 6C888ED9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C888F59
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AA694

Strings

P, xrefs: 6C8AA6B7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: P
API String ID: 2959964966-3110715001
Opcode ID: b4594cfbb7066c9c193d30eb55ddf32ecdc70655408ba1b29cc7a16e5209f139
Instruction ID: 2feab293b14d8e07c766a53fe28095d09bbc3ec3ec8ec063d52a72b2d1461b38
Opcode Fuzzy Hash: b4594cfbb7066c9c193d30eb55ddf32ecdc70655408ba1b29cc7a16e5209f139
Instruction Fuzzy Hash: 6E210731247289DFCF316EAC8A805DD77AA9F46358B200D6BE5609BE60D331CC468F91

Function 6C8CACEA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C8C035A: TlsGetValue.KERNEL32(6C8B6185), ref: 6C8C036C

GetCurrentThreadId.KERNEL32 ref: 6C8CAD16
swprintf.LIBCMT(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,6C8CAA8C,?,?,?), ref: 6C8CAD40
_vswprintf_s.LIBCMT(00000401,00000401,?,6C8CAA8C,?,00000002,000000F8,?,6C8CAA8C,?,?,?), ref: 6C8CAD62
_wcslen.LIBCMT(?,00000401,00000401,?,6C8CAA8C,?,00000002,000000F8,?,6C8CAA8C,?,?,?), ref: 6C8CAD68

Strings

[%d:%d:%d:%d(%d)] , xrefs: 6C8CAD35

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentThreadValue_vswprintf_s_wcslenswprintf
String ID: [%d:%d:%d:%d(%d)]
API String ID: 4177499147-3832470304
Opcode ID: ea56c8a3bd33bf0093af061a5581943078b31241ed1cdee9faff1ccddccc8f63
Instruction ID: 02b828474ac496e3bf3996e3b93d95162be5f6e3fd2ea39f985976e76be9806c
Opcode Fuzzy Hash: ea56c8a3bd33bf0093af061a5581943078b31241ed1cdee9faff1ccddccc8f63
Instruction Fuzzy Hash: 3F11E772301200AFC7319F79CD84E9B77B9EF843267158D25F619D7A60DB35C4458792

Function 6C8BB5D5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

memcpy.MSVCR100(?,?,00000018), ref: 6C8BB5E4
??_U@YAPAXI@Z.MSVCR100(00000000,?,?,00000018), ref: 6C8BB5FD
_memset.LIBCMT(00000000,00000000,?), ref: 6C8BB62E
memcpy.MSVCR100(?,?,00000008), ref: 6C8BB654

Strings

,, xrefs: 6C8BB668

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: memcpy$_memset
String ID: ,
API String ID: 2982297706-3772416878
Opcode ID: ce875e42bf1f2ed31ba4c378de0ae8775ba556ddc7d3ab7dc834f6880682d53d
Instruction ID: 31750ffcb9159fface195ac8a9b97055c05e234e9d80de525220affb296595f1
Opcode Fuzzy Hash: ce875e42bf1f2ed31ba4c378de0ae8775ba556ddc7d3ab7dc834f6880682d53d
Instruction Fuzzy Hash: BB21D172601B00AFD734CB28CAD5B6BB7E9EF84314F218929D00A8BB51E274EC458760

Function 6C88498E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strcat_s.MSVCR100(6C885C30,6C885C0F,6C885C20,?,00000083,00000083,?,6C885C24,6C885C0F,6C885C30,00000002,6C885C30,6C885C0F,?,00000000,00000000), ref: 6C8849AD
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,6C885C0F,6C885C30,00000002,6C885C30,6C885C0F,?,00000000,00000000,00000005), ref: 6C8B0ACD
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8B0AD8
_strcspn.LIBCMT(00000000,_.,,00000000,00000000,00000005), ref: 6C8B0AE6

Strings

_.,, xrefs: 6C8B0ADD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __invoke_watson$_strcspnstrcat_s
String ID: _.,
API String ID: 4004410220-2709443920
Opcode ID: c24abe0e53598da45be47b7e7feaf72aa7c74755025496faabfe1692c1f1dac0
Instruction ID: 37c3c9b9c383e2556f154961f596a395b04013bbcbd35031dbe4c693dcda7813
Opcode Fuzzy Hash: c24abe0e53598da45be47b7e7feaf72aa7c74755025496faabfe1692c1f1dac0
Instruction Fuzzy Hash: 95F0CDB3106209BA8B300E6DAF408CB3B19BBC027C7114D36FD28A1E02D732A0568650

Function 6C8B7406 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateTimerQueue.KERNEL32(AFCD3F0C,?,00000000,AFCD3F0C,?,00000000,AFCD3F0C,00000000,6C8B5CBE,6C8B5C86), ref: 6C8B742E
std::exception::exception.LIBCMT(6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B7487
_CxxThrowException.MSVCR100(AFCD3F0C,6C88BDD8,6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B749C

Strings

bad allocation, xrefs: 6C8B7480

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CreateExceptionQueueThrowTimerstd::exception::exception
String ID: bad allocation
API String ID: 3396838967-2104205924
Opcode ID: 8f30cf22735f7fc139537623ae187d38b2b65eae700f80045dc0fdc6ce942b50
Instruction ID: 017e48f00ab39cd9d810f8ddaa176522d151ed3c7324805786b5c493d273ec4f
Opcode Fuzzy Hash: 8f30cf22735f7fc139537623ae187d38b2b65eae700f80045dc0fdc6ce942b50
Instruction Fuzzy Hash: B5112E7161A3569BCB21CF59CA82B9BB7B4AB46329F240C68D445F2F00EB34D644C7A5

Function 6C88BAF9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C88BB00
_malloc_crt.MSVCR100(00000018,00000014,6C88BB81,00000000,00000000,?), ref: 6C88BB0D

Part of subcall function 6C880CD9: malloc.MSVCR100(00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7,00000001,00000001,?,6C8821A9,0000000D), ref: 6C880CE5

std::exception::exception.LIBCMT(?,00000001,00000014,6C88BB81,00000000,00000000), ref: 6C8A72C0
_CxxThrowException.MSVCR100(6C88BB81,6C88BDD8,?,00000001,00000014), ref: 6C8A72D5

Strings

bad allocation, xrefs: 6C8A72B9

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionH_prolog3_catchThrow_malloc_crtmallocstd::exception::exception
String ID: bad allocation
API String ID: 2340149201-2104205924
Opcode ID: 80410879af3f6a3fee4ad82320c3738463f70ad497f051042ba14ace90a9a4af
Instruction ID: 0f6432639812142f5c1f67618aed8769c5df02db9f83321d92b56e49e48099e9
Opcode Fuzzy Hash: 80410879af3f6a3fee4ad82320c3738463f70ad497f051042ba14ace90a9a4af
Instruction Fuzzy Hash: 3C01B575502208AFDB24DF98CE02FED77A4AF88314F108879E105ABF92CB7489089B64

Function 6C88215F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,6C882200,00000008,6C8A75E9,00000000,00000000), ref: 6C882170
_lock.MSVCR100(0000000D), ref: 6C8821A4

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

InterlockedIncrement.KERNEL32(?), ref: 6C8821B1

Part of subcall function 6C882228: _unlock.MSVCR100(0000000D,6C8821C3), ref: 6C88222A

_lock.MSVCR100(0000000C), ref: 6C8821C5

Strings

KERNEL32.DLL, xrefs: 6C88216B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _lock$CriticalEnterHandleIncrementInterlockedModuleSection_unlock
String ID: KERNEL32.DLL
API String ID: 2973837600-2576044830
Opcode ID: 8fd6760a7a2898198fe438f7802f6fa174abfba3736dc7dd4e71d50611703dfc
Instruction ID: 4fc7cb582555f861fdb2a735044700a146c3d1deb80eaeaef95b47b463391d88
Opcode Fuzzy Hash: 8fd6760a7a2898198fe438f7802f6fa174abfba3736dc7dd4e71d50611703dfc
Instruction Fuzzy Hash: CB013C71406B409AD7308F69CA09789FBF0AF51329F204D1ED4E996FA0CB78E644DB65

Function 6C8F4FED Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT(Attempted a typeid of NULL pointer!,6C8F50C8,00000014), ref: 6C8F5008

Part of subcall function 6C8F3564: std::exception::exception.LIBCMT(?,?,?,6C8BB6BA,bad typeid), ref: 6C8F3570

_CxxThrowException.MSVCR100(?,6C88BEA4,6C8F50C8,00000014), ref: 6C8F5016

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

std::bad_exception::bad_exception.LIBCMT(Bad read pointer - no RTTI data!,6C8F50C8,00000014), ref: 6C8F5040

Part of subcall function 6C8F3582: std::bad_exception::bad_exception.LIBCMT(?), ref: 6C8F358D

Strings

Bad read pointer - no RTTI data!, xrefs: 6C8F5038
Attempted a typeid of NULL pointer!, xrefs: 6C8F5000

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: std::bad_exception::bad_exception$Exception$RaiseThrowstd::exception::exception
String ID: Attempted a typeid of NULL pointer!$Bad read pointer - no RTTI data!
API String ID: 3174778160-236372618
Opcode ID: 75d4ea5acb6eb7bb4def994842b98d68d873a2990fab441f02ec004811ae083f
Instruction ID: 90d3330b665945b75a91cb07b5c22f01efb9dc8ad82ecab59322819319469b62
Opcode Fuzzy Hash: 75d4ea5acb6eb7bb4def994842b98d68d873a2990fab441f02ec004811ae083f
Instruction Fuzzy Hash: 95F0FE31502705AAC730DA69CB54EDDB3B46F89398F508DA4E122A7F50D7319F0AA792

Function 6C8C5914 Relevance: 7.8, APIs: 5, Instructions: 273COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C8C591B

Part of subcall function 6C8C557B: __EH_prolog3.LIBCMT ref: 6C8C5582

Part of subcall function 6C8C0376: TlsGetValue.KERNEL32(6C8C5D05,?,00000000,?,6C8B5C86,00000001), ref: 6C8C037C

Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C598F
_CxxThrowException.MSVCR100(?,6C91FE40), ref: 6C8C599D
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C5ADF
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?,?), ref: 6C8C5B67

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_osSpin$Concurrency@@ExceptionH_prolog3H_prolog3_catchOnce@?$_ThrowValueWait@$00@details@
String ID:
API String ID: 3864261231-0
Opcode ID: 478d37f1d673bbad12a813d59f116677b743f86e526f0d8aa95c4ecce4c92068
Instruction ID: 71a74d792ea01ee7861f45fa9f2522ce5fcedea59f3bc846a8a0c3578528bd92
Opcode Fuzzy Hash: 478d37f1d673bbad12a813d59f116677b743f86e526f0d8aa95c4ecce4c92068
Instruction Fuzzy Hash: 7EA168307007099FDF24CF69CA90A9ABBF1BF05318F548969E455DBB41DB34E849EB82

Function 6C873DF0 Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

___libm_error_support.LIBCMT ref: 6C873EA5

Part of subcall function 6C91ADDA: DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,6C8995C3), ref: 6C91ADF8
Part of subcall function 6C91ADDA: _errno.MSVCR100 ref: 6C91AE97

__ctrlfp.LIBCMT ref: 6C91B1EB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecodePointer___libm_error_support__ctrlfp_errno
String ID:
API String ID: 3902546397-0
Opcode ID: 528d1de06b51888d3929da3a1f7c376d44d498a5477042d34542efaef426c28c
Instruction ID: 88d20796672feac6b981aba3ec62c1922c48ccd129eb167e8629369e49ef0073
Opcode Fuzzy Hash: 528d1de06b51888d3929da3a1f7c376d44d498a5477042d34542efaef426c28c
Instruction Fuzzy Hash: A2513D6280C64DA5DB216B25D5462AE7BB8FF66354F108F59F9C851E40FF30C958C263

Function 6C8E1155 Relevance: 7.7, APIs: 5, Instructions: 155COMMONLIBRARYCODE

Download Yara Rule

APIs

_strnicmp.MSVCR100(00000000,00000000,00000000,00000000,00000000), ref: 6C8E1184

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _strnicmp
String ID:
API String ID: 2635805826-0
Opcode ID: 4d90778997455572abc8a987b8e98ddccf28bef58d4b2f909c5efa1e88516f85
Instruction ID: f6f34f7ad53629d0de4d4aaf09a56e8aa042980492c0bd4e3049f98fc9584a0b
Opcode Fuzzy Hash: 4d90778997455572abc8a987b8e98ddccf28bef58d4b2f909c5efa1e88516f85
Instruction Fuzzy Hash: 5D51007180929D9ACB24CFA8CA507E97BB0EF0B729F244ADDD0619B9D3D334CA85D701

Function 6C8D3C8F Relevance: 7.6, APIs: 5, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(6C8D3E00,00000008), ref: 6C8D3CA9
_invalid_parameter_noinfo.MSVCR100(6C8D3E00,00000008), ref: 6C8D3CB4

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(6C8D3E00,00000008), ref: 6C8D3CC8
_errno.MSVCR100(6C8D3E00,00000008), ref: 6C8D3CE1
_errno.MSVCR100(6C8D3E00,00000008), ref: 6C8D3DC3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 4106058386-0
Opcode ID: 1ce72404d21820082e7d03b13e1d72eb7d0015e23829b21b3715527a6691be1e
Instruction ID: 3237189bdab96260ee45dc65f501f06b480616d20974c2fc56430c62b823d554
Opcode Fuzzy Hash: 1ce72404d21820082e7d03b13e1d72eb7d0015e23829b21b3715527a6691be1e
Instruction Fuzzy Hash: 424106399867459AD7314E3A8B003593AB1AB4332EF2B8E58C4A0CBE85D734FD058F50

Function 6C8D79F7 Relevance: 7.6, APIs: 5, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(6C8D7B70,00000008), ref: 6C8D7A11
_invalid_parameter_noinfo.MSVCR100(6C8D7B70,00000008), ref: 6C8D7A1C

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(6C8D7B70,00000008), ref: 6C8D7A30
_errno.MSVCR100(6C8D7B70,00000008), ref: 6C8D7A49
_errno.MSVCR100(6C8D7B70,00000008), ref: 6C8D7B33

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 4106058386-0
Opcode ID: e4c3b17f896672e7e0b57f4444ad502496ae37d34d1af544d307f360ee20a01d
Instruction ID: 8251b0d4ff0437a3a97ee70b2a85f294620559c7f21f74e20cc23aedb6a6baec
Opcode Fuzzy Hash: e4c3b17f896672e7e0b57f4444ad502496ae37d34d1af544d307f360ee20a01d
Instruction Fuzzy Hash: 303139715863154BD7395E29C7707297660EF42318F278EB9E962CBE8CEB7077008750

Function 6C8E0446 Relevance: 7.6, APIs: 5, Instructions: 117stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strncmp.MSVCR100(?,?,00000000,00000080,00000080), ref: 6C8E0476

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: strncmp
String ID:
API String ID: 1114863663-0
Opcode ID: 7fa57c1b83a49c0074dfd75ef93246eb05ecc27c8c77189ceafccc20f183d79c
Instruction ID: 95212e82ac38b2d5a02882ef007d7d58d6322d0a9b5531af87067b15e9fd57c4
Opcode Fuzzy Hash: 7fa57c1b83a49c0074dfd75ef93246eb05ecc27c8c77189ceafccc20f183d79c
Instruction Fuzzy Hash: D141C2304052D99BDB319E68C6407A93BA0AF0732DF244F99E8F16A9D1CB35C145EB90

Function 6C8E0D54 Relevance: 7.6, APIs: 5, Instructions: 111stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strncmp.MSVCR100(00000000,?,00000000,?,?), ref: 6C8E0D91
_errno.MSVCR100(?,?,?), ref: 6C8E0DB7
_invalid_parameter_noinfo.MSVCR100(?,?,?), ref: 6C8E0DC2

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100(?,?,?,?), ref: 6C8E0DE6
_invalid_parameter_noinfo.MSVCR100(?,?,?,?), ref: 6C8E0DF1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameterstrncmp
String ID:
API String ID: 2244377858-0
Opcode ID: 61910172b939837cbd4b9b63766d1c225393b54835ed180ac9bb7a565fc03428
Instruction ID: 2f6a883d88e12d456d302689165d135296edffeac482b2383eef7381e746a986
Opcode Fuzzy Hash: 61910172b939837cbd4b9b63766d1c225393b54835ed180ac9bb7a565fc03428
Instruction Fuzzy Hash: 0741FA319052DA9BDB329F68C6007A93BB0AF0732DF184FA5D8F05B9E2DB348555E750

Function 6C8C6C9D Relevance: 7.6, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCR100(000000C0,AFCD3F0C), ref: 6C8C6CD2

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 6C8C6DD3

Part of subcall function 6C8C97E4: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6C8C9848
Part of subcall function 6C8C97E4: GetLastError.KERNEL32 ref: 6C8C9855
Part of subcall function 6C8C97E4: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C986D
Part of subcall function 6C8C97E4: _CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C987B
Part of subcall function 6C8C97E4: GetLastError.KERNEL32 ref: 6C8C98A2
Part of subcall function 6C8C97E4: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C98BA
Part of subcall function 6C8C97E4: GetLastError.KERNEL32 ref: 6C8C98DD
Part of subcall function 6C8C97E4: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C98F5

Part of subcall function 6C8B867E: _memset.LIBCMT(?,00000000,0000000C,6C8B86BD), ref: 6C8B8683

GetLastError.KERNEL32 ref: 6C8C6D6A
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C6D83
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C6D92

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLast$ExceptionThrow$??2@CreateEventMultipleObjectsWait_memsetmalloc
String ID:
API String ID: 2739790103-0
Opcode ID: baba48812241a1ed5047a5885d426b66f6c0193137dd58728e92155ab24e7a4f
Instruction ID: cc36475334a669359041e1bc3d6ac5d7eca612a98cf8a064ad9bf0ed09a85d9d
Opcode Fuzzy Hash: baba48812241a1ed5047a5885d426b66f6c0193137dd58728e92155ab24e7a4f
Instruction Fuzzy Hash: 3A417E71608301AFC720CF68C946B5ABBF4FB89764F100A29F954D7B90DB35E9088B92

Function 6C8C3E78 Relevance: 7.6, APIs: 5, Instructions: 100COMMONLIBRARYCODE

Download Yara Rule

APIs

QueryDepthSList.KERNEL32(80000000,-00000001,00000000,?,?,?,6C8B94CF,00000000,?,00000000,6C8BF8EF,00000000,00000000,00000000,00000000,00000000), ref: 6C8C3EF6
InterlockedPushEntrySList.KERNEL32(80000008,-000000C8,?,6C8B94CF,00000000,?,00000000,6C8BF8EF,00000000,00000000,00000000,00000000,00000000,?,?,6C8B682D), ref: 6C8C3F0D
QueryDepthSList.KERNEL32(80000008,?,6C8B94CF,00000000,?,00000000,6C8BF8EF,00000000,00000000,00000000,00000000,00000000,?,?,6C8B682D,?), ref: 6C8C3F14
InterlockedFlushSList.KERNEL32(80000008,?,6C8B94CF,00000000,?,00000000,6C8BF8EF,00000000,00000000,00000000,00000000,00000000,?,?,6C8B682D,?), ref: 6C8C3F43

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: List$DepthInterlockedQuery$EntryFlushPush
String ID:
API String ID: 4063097673-0
Opcode ID: a6800e96050d2b076c73f0d23ac73caf2ff484a103dbf5b5a2edd66b5c11f54f
Instruction ID: 61d602802f5fe0b8b93cb5aa7ad5c38d0022db4d3d1138d463f2993f8249b6f2
Opcode Fuzzy Hash: a6800e96050d2b076c73f0d23ac73caf2ff484a103dbf5b5a2edd66b5c11f54f
Instruction Fuzzy Hash: 8C319E75310525ABCB21DF18CA849AA73B8FB4A314B144969E916CBF00D730FD46CBE1

Function 6C8B7100 Relevance: 7.6, APIs: 5, Instructions: 100COMMONLIBRARYCODE

Download Yara Rule

APIs

QueryDepthSList.KERNEL32(?,?,00000000,?,?,?,6C8B69F3,?,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?), ref: 6C8B717E
InterlockedPushEntrySList.KERNEL32(?,-00000014,?,6C8B69F3,?,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B7193
QueryDepthSList.KERNEL32(?,?,6C8B69F3,?,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B719A
InterlockedFlushSList.KERNEL32(?,?,6C8B69F3,?,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B71C9

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: List$DepthInterlockedQuery$EntryFlushPush
String ID:
API String ID: 4063097673-0
Opcode ID: 277af96e5ee44f754b880ae31c18397ddf141326ac5ece00438f114ccab954ae
Instruction ID: b4826cce7f214b5b93ca420a439a2b601637d63f32080214c8a17be9f79969b1
Opcode Fuzzy Hash: 277af96e5ee44f754b880ae31c18397ddf141326ac5ece00438f114ccab954ae
Instruction Fuzzy Hash: 07316275200625AFCB15CF28CA849AA73E8FF4A3187154969E91AEBB01D730F951CFF0

Function 6C8CB25E Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

QueryDepthSList.KERNEL32 ref: 6C8CB2DC
InterlockedPushEntrySList.KERNEL32(?,?), ref: 6C8CB2F3
QueryDepthSList.KERNEL32(?), ref: 6C8CB2FA
InterlockedFlushSList.KERNEL32(?), ref: 6C8CB329

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: List$DepthInterlockedQuery$EntryFlushPush
String ID:
API String ID: 4063097673-0
Opcode ID: 4e7c9c7ceb7cc5f27f21ec974f33ad504cd524a39cd77e8893217df5fa0455c6
Instruction ID: 6b1edd29ff6c8d473663ad844c8dcee31d92489af9973c7afc0f8be1dc81d5c2
Opcode Fuzzy Hash: 4e7c9c7ceb7cc5f27f21ec974f33ad504cd524a39cd77e8893217df5fa0455c6
Instruction Fuzzy Hash: 98319076700925AFCB11CF28CA849BA73E4FB49314B148969E92ADBF00D730F945CBE1

Function 6C88C656 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.MSVCR100(00000001,6C88C6A0,00000010,6C88C872,6C88C8B0,0000000C), ref: 6C88C66B

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

_malloc_crt.MSVCR100(00000038,6C88C6A0,00000010,6C88C872,6C88C8B0,0000000C), ref: 6C8A8F66
InitializeCriticalSectionAndSpinCount.KERNEL32(6C921FE8,00000FA0,6C88C6A0,00000010,6C88C872,6C88C8B0,0000000C), ref: 6C8A8F8E
free.MSVCR100(00F021C0), ref: 6C8A8FA0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$CountEnterInitializeSpin_lock_malloc_crtfree
String ID:
API String ID: 954917037-0
Opcode ID: b7e2658deb63901d050c09372273975c2c622484a6bc46f77eb4e8cdc2dc8069
Instruction ID: bf1ec307b48099264ead5552fac119c60977f9f242d841c512bd2d85f2beba91
Opcode Fuzzy Hash: b7e2658deb63901d050c09372273975c2c622484a6bc46f77eb4e8cdc2dc8069
Instruction Fuzzy Hash: BB31C53160A2019FDB30EFADD680949B7F1BF2A324B614A2DE49587E96CB34E945DF40

Function 6C8B75A4 Relevance: 7.6, APIs: 5, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z.MSVCR100(00000000,00000001,00000001,00000000,AFCD3F0C,?,6C8B5C86), ref: 6C8B75FB
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6C8B7622
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR100(6C8B5CC6), ref: 6C8B7663
?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR100(?,?,?,?,?,?,?,?,6C8B5CC6), ref: 6C8B7692
?Block@Context@Concurrency@@SAXXZ.MSVCR100(?,?,?,?,?,?,?,?,6C8B5CC6), ref: 6C8B76B6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@$Spin$??0scoped_lock@critical_section@?unlock@critical_section@?wait_for_multiple@event@A@@details@Block@Context@Once@?$_V12@V12@@Wait@$0
String ID:
API String ID: 358966004-0
Opcode ID: ee897638fd9e0a94ca161ae97740ea0d7e2b7bdec68b3d333ed981da3b6ecda5
Instruction ID: 82da6955e7187f2d8ef45a4fdcd051c69f2b97e56c7ae02f19b19a8b95b15bae
Opcode Fuzzy Hash: ee897638fd9e0a94ca161ae97740ea0d7e2b7bdec68b3d333ed981da3b6ecda5
Instruction Fuzzy Hash: D5315E711487469FC721CF28C641B9AB7E4FB46328F100E2DF4A5A7B90D771D949CBA2

Function 6C88F457 Relevance: 7.6, APIs: 5, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C88F334: DName::operator+.LIBCMT ref: 6C88F3A0

DName::operator+.LIBCMT ref: 6C88F4BA
DName::operator+.LIBCMT ref: 6C88F4C1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 7dd9de2ad013708ad332d111b0564784b0920de66ee41a993f39a7629c50b9b2
Instruction ID: 6254adc6e2520c6e71b16e0cf9b5e2659ab5c7c0af59374a684a743df076d8a5
Opcode Fuzzy Hash: 7dd9de2ad013708ad332d111b0564784b0920de66ee41a993f39a7629c50b9b2
Instruction Fuzzy Hash: 4E319F716062499FC720DFACDA409EAB7F9AF59308B404C6EE5C6CBB41D770A846CB54

Function 6C8968D9 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

_memset.LIBCMT(?,000000FF,00000024), ref: 6C896905
_get_daylight.MSVCR100(?), ref: 6C896941
_get_dstbias.MSVCR100(?), ref: 6C896953
_get_timezone.MSVCR100(?), ref: 6C896965
_gmtime64_s.MSVCR100(?,?), ref: 6C896999
_errno.MSVCR100 ref: 6C8969BF
_gmtime64_s.MSVCR100(?,?), ref: 6C8969CB
_errno.MSVCR100 ref: 6C8A9DE1
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9DEB
_errno.MSVCR100 ref: 6C8A9DF7
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9E01
_gmtime64_s.MSVCR100(?,?), ref: 6C8A9E3A
__allrem.LIBCMT ref: 6C8A9EA5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8A9EC1
__allrem.LIBCMT ref: 6C8A9ED8
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8A9EF6
__allrem.LIBCMT ref: 6C8A9F0D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __allrem_errno_gmtime64_s$Unothrow_t@std@@@__ehfuncinfo$??2@_invalid_parameter_noinfo$_get_daylight_get_dstbias_get_timezone_memset
String ID:
API String ID: 3568092448-0
Opcode ID: 6f64d430561a207e9fe28d6f73c5357b5e0abb56436e842072f3c82658ac8cbf
Instruction ID: c83dc0b5fa1c6025168a3fb48214948d999a757233cdd56ca392f32e0dbda603
Opcode Fuzzy Hash: 6f64d430561a207e9fe28d6f73c5357b5e0abb56436e842072f3c82658ac8cbf
Instruction Fuzzy Hash: C9210772A04616AADF20CFEDCB905DEB3BC9F8621CB24097BD400E7E00E771E9458691

Function 6C8B7785 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C8B778C
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR100(?,00000024,6C8C54DA,00000000,6C8C55E7,00000000,?,00000001,?,00000000,6C8C5EC0,?,?,?,00000000), ref: 6C8B779F

Part of subcall function 6C8BB030: __EH_prolog3.LIBCMT ref: 6C8BB037

malloc.MSVCR100(00000001,?,00000024,6C8C54DA,00000000,6C8C55E7,00000000,?,00000001,?,00000000,6C8C5EC0,?,?,?,00000000), ref: 6C8B77E8
?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR100(?,00000024,6C8C54DA,00000000,6C8C55E7,00000000,?,00000001,?,00000000,6C8C5EC0,?,?,?,00000000), ref: 6C8B783A
_freea_s.MSVCR100(00000000,?,00000024,6C8C54DA,00000000,6C8C55E7,00000000,?,00000001,?,00000000,6C8C5EC0,?,?,?,00000000), ref: 6C8B7853

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@$??0scoped_lock@critical_section@?unlock@critical_section@H_prolog3H_prolog3_V12@@_freea_smalloc
String ID:
API String ID: 911861471-0
Opcode ID: 35ad3c113b149ccbd9b023501b55aae62b6fad468564c0a9f527e6cc8c9a0081
Instruction ID: 1fc74ad9e30ff115b9c56a00c4cba91f7b4b6254b16f0df05e544be36fc790c1
Opcode Fuzzy Hash: 35ad3c113b149ccbd9b023501b55aae62b6fad468564c0a9f527e6cc8c9a0081
Instruction Fuzzy Hash: 5D21E471E013658FDB21CFA8CA90AAEB7B5BF85718B11082DD961BBB50C770D805CBA4

Function 6C89228D Relevance: 7.6, APIs: 5, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock_file.MSVCR100(?,?,?,?,?,?,?,6C892348,0000000C), ref: 6C8922D7
__freebuf.LIBCMT ref: 6C8922E8
_malloc_crt.MSVCR100(?,?,?,?,?,?,?,6C892348,0000000C), ref: 6C89230E
_errno.MSVCR100(?,?,?,?,?,?,6C892348,0000000C), ref: 6C8A8E8D
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6C892348,0000000C), ref: 6C8A8E98

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __freebuf_errno_invalid_parameter_noinfo_lock_file_malloc_crt
String ID:
API String ID: 1322749186-0
Opcode ID: e8a92d63293cceea1894b1910f486cb6287bcd6fc7075f38a9e2189781c11277
Instruction ID: f3a853de63b857b47208f133f7766b730a29a6e4339f22a064c06917b10e6587
Opcode Fuzzy Hash: e8a92d63293cceea1894b1910f486cb6287bcd6fc7075f38a9e2189781c11277
Instruction Fuzzy Hash: 5C21A671902746CAE7309F9DC64579E77A0AF01338F208E2ED4619BEE0DB78D5458B51

Function 6C9176F9 Relevance: 7.6, APIs: 5, Instructions: 78COMMON

Download Yara Rule

APIs

_domain_err.LIBCMT ref: 6C917723

Part of subcall function 6C917351: __ctrlfp.LIBCMT ref: 6C917360
Part of subcall function 6C917351: __except1.LIBCMT ref: 6C91737D

_y0.MSVCR100 ref: 6C917751

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __ctrlfp__except1_domain_err
String ID:
API String ID: 2310245683-0
Opcode ID: f9117cfccb8d6571cc22cf050cab46b0a52abec00d84e3050643a3411b2252ab
Instruction ID: 850bcbfa26bd570990da576e1ae8b70871e933597b09c3dea01bce1f7a083ef8
Opcode Fuzzy Hash: f9117cfccb8d6571cc22cf050cab46b0a52abec00d84e3050643a3411b2252ab
Instruction Fuzzy Hash: 7721E071E0864FE7CF01AFA4E4862CD7BB0FB00758F318A98E89161990EB31C6688795

Function 6C8F8A30 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,?,6C8F8B48,0000000C), ref: 6C8F8A64
GetLastError.KERNEL32(?,?,6C8F8B48,0000000C), ref: 6C8F8A6E
__dosmaperr.LIBCMT(00000000,?,?,6C8F8B48,0000000C), ref: 6C8F8A75
_errno.MSVCR100(?,?,6C8F8B48,0000000C), ref: 6C8F8AA5
__doserrno.MSVCR100(?,?,6C8F8B48,0000000C), ref: 6C8F8AB0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorFileLastType__doserrno__dosmaperr_errno
String ID:
API String ID: 3203400888-0
Opcode ID: f9dbac9f2d55dac59e27c5f67b213a394d0bf07eee28a0fe38600a4ea821cc26
Instruction ID: c43080ee68ec5cb2b97602f1ef9416369d43120802eec13b4cde86b1f304d060
Opcode Fuzzy Hash: f9dbac9f2d55dac59e27c5f67b213a394d0bf07eee28a0fe38600a4ea821cc26
Instruction Fuzzy Hash: C321F4305463459ACB218F6ACA407CD7B60EF43368F288B66D4748BAE2D7788186DF42

Function 6C8C2FB8 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C2FBF
EnterCriticalSection.KERNEL32(?,00000028,6C8BF124,00000000,?,00000000,?,6C8BCACE,?,00000000,00000000,?,?), ref: 6C8C2FCB
??_U@YAPAXI@Z.MSVCR100(00000000,?,?), ref: 6C8C2FF0
LeaveCriticalSection.KERNEL32(?), ref: 6C8C304D
??_V@YAXPAX@Z.MSVCR100(?), ref: 6C8C305B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$EnterH_prolog3Leave
String ID:
API String ID: 4250467438-0
Opcode ID: 270c479b29a38127e866f78cfb17098c85697427f18349a09a21273543c69716
Instruction ID: 07ad0635c5dd99cd996c3dad200df3835e62a936839c4128465c0c8381a2a08c
Opcode Fuzzy Hash: 270c479b29a38127e866f78cfb17098c85697427f18349a09a21273543c69716
Instruction Fuzzy Hash: 10219372701A4A9FDB28CB79C684AAE7BB4BF45304B104829E115DBE51EB30DD41CB62

Function 00FC50E5 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00FC50F3

Part of subcall function 00FC1A90: __FF_MSGBANNER.LIBCMT ref: 00FC1AA9
Part of subcall function 00FC1A90: __NMSG_WRITE.LIBCMT ref: 00FC1AB0
Part of subcall function 00FC1A90: HeapAlloc.KERNEL32(00000000,00000001,00000000,00000001,00000000,?,00FC1550,00000001,000007DB,00000000,00000000,?,?,00FC109E,00000000), ref: 00FC1AD5

_free.LIBCMT ref: 00FC5106

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: AllocHeap_free_malloc
String ID:
API String ID: 2734353464-0
Opcode ID: 43867d8a417a2ec6ee8e185308061b2f583f4e83a888674dac45db968f182215
Instruction ID: c2ece15b5913463c452103190da2594cb741e93264a17c5ed8f91aa78ad0c7ba
Opcode Fuzzy Hash: 43867d8a417a2ec6ee8e185308061b2f583f4e83a888674dac45db968f182215
Instruction Fuzzy Hash: 2611B933C44917ABCB212B74AF0BF5A3794AF417B0B28442DF444D6191EA39D990B690

Function 6C8DC90A Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DC92F
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DC939
__mbsrtowcs_helper.LIBCMT ref: 6C8DC960
_errno.MSVCR100 ref: 6C8DC976
_errno.MSVCR100 ref: 6C8DC990

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__mbsrtowcs_helper_invalid_parameter_noinfo
String ID:
API String ID: 2140840981-0
Opcode ID: ba04e9300f0a9c4809802428bf7184966f77a5d6c996245775e6baa33a4d1385
Instruction ID: 481222a8658252851a28a2c58589f861dda3fff8e18c6466578316eb4dc39b25
Opcode Fuzzy Hash: ba04e9300f0a9c4809802428bf7184966f77a5d6c996245775e6baa33a4d1385
Instruction Fuzzy Hash: 5611E131511655BBCB31BE6C8A0079E73A4AF41724F120E19F8A687A81E730F5518785

Function 6C8DD387 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DD3AE
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DD3B8
__wcsrtombs_helper.LIBCMT ref: 6C8DD3DB
_errno.MSVCR100 ref: 6C8DD3EE
_errno.MSVCR100 ref: 6C8DD403

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__wcsrtombs_helper_invalid_parameter_noinfo
String ID:
API String ID: 1232677100-0
Opcode ID: 61026542368ea2db579b64e3df0bc0f7603e78142273911ca3099828591faec4
Instruction ID: c63765c6ce6c615526b0bf08d95ef92e83ee221ebf3cf403ba9628d62a206c9f
Opcode Fuzzy Hash: 61026542368ea2db579b64e3df0bc0f7603e78142273911ca3099828591faec4
Instruction Fuzzy Hash: B411B932245296DBDB34AF6C8A9049E7B95EF413287130E2BF97097A40E331F8558FB1

Function 6C8975B1 Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

_localtime64_s.MSVCR100(?,?), ref: 6C897600
asctime_s.MSVCR100(?,00000000,?), ref: 6C897613
_errno.MSVCR100 ref: 6C897628
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,00000000,00000000,00000000,?,0000000C,6C8A9E6A,?), ref: 6C8A9D0A
_errno.MSVCR100 ref: 6C8A9D16

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_localtime64_sasctime_s
String ID:
API String ID: 2556715357-0
Opcode ID: a93bbbfa5c59f549fe4b4d0657d179cacf7c36eb2784d32982799d6b80d48d03
Instruction ID: 9ad6c29dcdeec3ac831916d76c079f817a93a9035e67e7768d2a25be2ecd8677
Opcode Fuzzy Hash: a93bbbfa5c59f549fe4b4d0657d179cacf7c36eb2784d32982799d6b80d48d03
Instruction Fuzzy Hash: B611E7317062199ADB319F9D9B50BDE37A89F4A31AF604C25E9009BE40E735C9458791

Function 6C890DAC Relevance: 7.6, APIs: 5, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.MSVCR100(?,?,?,6C891072,?,6C8910A8,0000000C,6C8910DE,Function_000113F7,?,?,00000000,?), ref: 6C890DB6
_isatty.MSVCR100(00000000,?,?,?,6C891072,?,6C8910A8,0000000C,6C8910DE,Function_000113F7,?,?,00000000,?), ref: 6C890DBC
__p__iob.MSVCR100(?,?,6C891072,?,6C8910A8,0000000C,6C8910DE,Function_000113F7,?,?,00000000,?), ref: 6C8A8A2D
_malloc_crt.MSVCR100(00001000,?,?,?,?,6C891072,?,6C8910A8,0000000C,6C8910DE,Function_000113F7,?,?,00000000,?), ref: 6C8A8A71

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __p__iob_fileno_isatty_malloc_crt
String ID:
API String ID: 301265415-0
Opcode ID: 3a6e6818936fa5ab2297f4e7a6d8c6c4a7ac76861a6c113e61fec7ec5cf24f0c
Instruction ID: 351517b3ee0675d476e688b9e874237b158b5ab3eecdf4e12ae352101e9e6df3
Opcode Fuzzy Hash: 3a6e6818936fa5ab2297f4e7a6d8c6c4a7ac76861a6c113e61fec7ec5cf24f0c
Instruction Fuzzy Hash: BF1194729197469ED3708FAEDA40683B7F9DB09398B108D3ED196D2E00E774F4814B61

Function 6C88FAE4 Relevance: 7.6, APIs: 5, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsnicoll_l.MSVCR100(?,?,?,00000000), ref: 6C88FB02
_errno.MSVCR100 ref: 6C8AC7BD
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AC7C8

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo_wcsnicoll_l
String ID:
API String ID: 1358483507-0
Opcode ID: 0b7833512a40ef3923b49f1b234489dc01912afdc8d78dc440f6e63d21675a14
Instruction ID: be5f78d81b55f054168616122c096d06dad4c403ce219ec4541bc8a11fd73cbe
Opcode Fuzzy Hash: 0b7833512a40ef3923b49f1b234489dc01912afdc8d78dc440f6e63d21675a14
Instruction Fuzzy Hash: 4D1123311421B99BDF342E98CA503B936A5BB12769F204D25F8709EF81CB3AC442CBA1

Function 6C892904 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

_fileno.MSVCR100(?,6C8929A0,00000008), ref: 6C892928
_lock_file.MSVCR100(?,?,6C8929A0,00000008), ref: 6C892930

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

Part of subcall function 6C88A665: _fileno.MSVCR100(?,?,?,?,?,?,?,6C88A900,?), ref: 6C88A694
Part of subcall function 6C88A665: _write.MSVCR100(00000000,?,?,?,?,?,?,6C88A900,?), ref: 6C88A69B

_lseek.MSVCR100(00000000,00000000,00000000,?,?,6C8929A0,00000008), ref: 6C89297D
_errno.MSVCR100(6C8929A0,00000008), ref: 6C8A8E56
_invalid_parameter_noinfo.MSVCR100(6C8929A0,00000008), ref: 6C8A8E61

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno$_errno_invalid_parameter_noinfo_lock_lock_file_lseek_write
String ID:
API String ID: 2790466172-0
Opcode ID: e6195623f3d17ed22cdade0a0559b08ca155714906d7b3479bb0386e4fd468f2
Instruction ID: b9d0edaccbfa50bd24ba36628f20cb7407ac8495169947e3832e814191ce5b36
Opcode Fuzzy Hash: e6195623f3d17ed22cdade0a0559b08ca155714906d7b3479bb0386e4fd468f2
Instruction Fuzzy Hash: CD11E772102A445FD7309F7C9E81AAD7794AF422387258F29E0798BFD0DB3CE9464B12

Function 6C88C830 Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

_errno.MSVCR100(6C88C8B0,0000000C), ref: 6C88C8D6
_invalid_parameter_noinfo.MSVCR100(6C88C8B0,0000000C), ref: 6C8A94A7

Part of subcall function 6C88C656: _lock.MSVCR100(00000001,6C88C6A0,00000010,6C88C872,6C88C8B0,0000000C), ref: 6C88C66B

_errno.MSVCR100(6C88C8B0,0000000C), ref: 6C8A94B3
_errno.MSVCR100(6C88C8B0,0000000C), ref: 6C8A94C0
@_EH4_CallFilterFunc@8.LIBCMT(6C923610,?,000000FE,6C88C8B0,0000000C), ref: 6C8A94D6

Part of subcall function 6C88C737: _wsopen_s.MSVCR100(?,?,00000000,?,00000180,00000000,?,?), ref: 6C88C801

Part of subcall function 6C88C8CC: _unlock_file.MSVCR100(?,6C88C8A6), ref: 6C88C8CF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$CallFilterFunc@8_invalid_parameter_noinfo_lock_unlock_file_wsopen_s
String ID:
API String ID: 1609081514-0
Opcode ID: 348d867b7ef05f59d0f08564d5f2e732d487d36ea6cc1ca195a55e5b4905baae
Instruction ID: 39f93fe18352b1fd8c9571e2cb1b687ddd1e8ed3284b6307420c7efcbbe0a3ee
Opcode Fuzzy Hash: 348d867b7ef05f59d0f08564d5f2e732d487d36ea6cc1ca195a55e5b4905baae
Instruction Fuzzy Hash: 9C110A708472199ECB70BFBC8F405AF36A5AF45324B758F20D420DBF49E77A89448B51

Function 6C88BD9A Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6C8B07A6
GetCurrentProcessId.KERNEL32 ref: 6C8B07B2
GetCurrentThreadId.KERNEL32 ref: 6C8B07BA
GetTickCount.KERNEL32 ref: 6C8B07C2
QueryPerformanceCounter.KERNEL32(?), ref: 6C8B07CE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 024bf5145306a4463e4a477742a61581cd65088c5f3f52b6859ef32c88ecbfdf
Instruction ID: 1829aac34b0e3c79cc858154fe96ab8a82fe41ef3c806256fcc66e69ec4fd00b
Opcode Fuzzy Hash: 024bf5145306a4463e4a477742a61581cd65088c5f3f52b6859ef32c88ecbfdf
Instruction Fuzzy Hash: 1F110676E042649BDF218BB8C94858DB7F8FB49369F610921D441F7B00EB709900CFD4

Function 6C897385 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

_calloc_crt.MSVCR100(00000001,00000004,00000000,00000000,0000003D,?,6C8973E6,7622DF80,00000000,00F018B0), ref: 6C8973A8
_wcsdup.MSVCR100(00000000,00000000,00000000,0000003D,?,6C8973E6,7622DF80,00000000,00F018B0), ref: 6C8973C5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_wcsdup
String ID:
API String ID: 1800982338-0
Opcode ID: 5b08de2ed221164f32a8d5774b068affb9a3b21a8141c1f95a01a0211a412f0c
Instruction ID: 8d77fe52a51ee0ca6d69a8545a55cd2b529bf1a79078839e55471f94d95f47eb
Opcode Fuzzy Hash: 5b08de2ed221164f32a8d5774b068affb9a3b21a8141c1f95a01a0211a412f0c
Instruction Fuzzy Hash: 0401DF72A05202DBE7309A6CCE00B9676E99B41778F310A39D961D7B80EBB1D88086A0

Function 6C893164 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT(?,6C8931B0,00000010), ref: 6C893198
_lock_file.MSVCR100(?,?,6C8931B0,00000010), ref: 6C8931A3

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fputwc_nolock.MSVCR100(?,?,?,?,?,?,?,?,6C8931B0,00000010), ref: 6C8931E4
_errno.MSVCR100(6C8931B0,00000010), ref: 6C8A86E9
_invalid_parameter_noinfo.MSVCR100(6C8931B0,00000010), ref: 6C8A86F4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fputwc_nolock_invalid_parameter_noinfo_lock_lock_file_wcslen
String ID:
API String ID: 674470822-0
Opcode ID: 8b7b535dc32fb849e56b163612499c78a1d5cec715efded8406a77a1aa2cd1de
Instruction ID: 42041d16dc3ecfe97745a3a35b74c54e645aa7098cd9703b54e4a6ae16b8b252
Opcode Fuzzy Hash: 8b7b535dc32fb849e56b163612499c78a1d5cec715efded8406a77a1aa2cd1de
Instruction Fuzzy Hash: 12118274906259DBCF30AFACCA015ED7770EF05724B20CD26F4249BAE0DB388D459B55

Function 6C8CC86F Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6C8A76A1,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8CC4DA
free.MSVCR100(00000000,?,?,6C8A76A1,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8CC4DD
DeleteCriticalSection.KERNEL32(00000019,?,?,6C8A76A1,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8CC504
DecodePointer.KERNEL32(00000006,6C8A76A1,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8CC880
TlsFree.KERNEL32(00000019,6C8A76A1,?,6C88B247,6C8820E0,00000008,6C882116,00000001,?), ref: 6C8CC89E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalDeleteSection$DecodeFreePointerfree
String ID:
API String ID: 1464103408-0
Opcode ID: 0ea59fc6b55345e36127869e364a6114e56c88d4bf79d5821b278447045099b6
Instruction ID: b5b4594e677b82adc28cfd8e58d366ef4dff52ab8281b2ad9d97c9eb5a163fca
Opcode Fuzzy Hash: 0ea59fc6b55345e36127869e364a6114e56c88d4bf79d5821b278447045099b6
Instruction Fuzzy Hash: DB01D63271165097C7306B38CA88566B2BDFB426397314B59E8F8D3DE0C72CCC858A61

Function 6C8C780F Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C8C7835
GetLastError.KERNEL32(?,00000000,00000000), ref: 6C8C7842
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000), ref: 6C8C785A
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,00000000,00000000), ref: 6C8C7868
InitializeSListHead.KERNEL32(00000028,?,?,?,?,?,?,00000000,00000000), ref: 6C8C7887

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionHeadInitializeLastListThrow
String ID:
API String ID: 2464499457-0
Opcode ID: 34ef41ae9c354f1c3bbde4a4962bf3fc7381ee6e41ba230432e04ac2e4f60ccb
Instruction ID: c8b7e8df7a73af9873d02e1a7c6d8e582607a094e0333340062adac39b28e152
Opcode Fuzzy Hash: 34ef41ae9c354f1c3bbde4a4962bf3fc7381ee6e41ba230432e04ac2e4f60ccb
Instruction Fuzzy Hash: 4B012DB1900715AFC7309F6AC9C8957FAFCFB052083504D3DE19AC2A01E734E548CB61

Function 6C881635 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,?,?,?,6C8F09E0,?,?), ref: 6C881641
_errno.MSVCR100(00000000,?,?,?,6C8F09E0,?,?), ref: 6C88165B
_errno.MSVCR100(00000000,?,?,?,6C8F09E0,?,?), ref: 6C881685
_errno.MSVCR100(00000000,?,?,?,6C8F09E0,?,?), ref: 6C88168F
_errno.MSVCR100(00000000,?,?,?,6C8F09E0,?,?), ref: 6C8AC355

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 7f0233ba04b6b693044806ee86adc115b60e614443f263a97df727de8bae0fdc
Instruction ID: 96ec2c38d812fdefb08340a42c83664bc6218c941fa546cb7cfb99a5bef9f1af
Opcode Fuzzy Hash: 7f0233ba04b6b693044806ee86adc115b60e614443f263a97df727de8bae0fdc
Instruction Fuzzy Hash: F9019270207385DFDB30AB59C7807A876A89F06329F184A69D5A08AE80EF75DC84CB51

Function 6C8C7DF8 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCR100(00000010), ref: 6C8C7E32

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

GetLastError.KERNEL32 ref: 6C8C7E3E
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C7E55
_CxxThrowException.MSVCR100(00000000,6C9200DC), ref: 6C8C7E6C
??3@YAXPAX@Z.MSVCR100(?), ref: 6C8C7E79

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@??3@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrowmalloc
String ID:
API String ID: 268902965-0
Opcode ID: c21a2e242a4def426faa3f053da753d052893de52c7c635d37abdee127be7ab9
Instruction ID: ee754e35f2bf56cab6e51fbbb5664f0610464007443e3315cfc306cdbc660203
Opcode Fuzzy Hash: c21a2e242a4def426faa3f053da753d052893de52c7c635d37abdee127be7ab9
Instruction Fuzzy Hash: 5401B5B2A1161AABCB21DF68C944BDE3BB8AF05758F104D29E800E7B40D778D604CBD6

Function 6C8C7A84 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,6C8C7A41,00000000,?), ref: 6C8C7AA1
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,6C8C7A41,00000000,?), ref: 6C8C7AB9
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,6C8C7A41,00000000,?), ref: 6C8C7AC7
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,6C8C7A41,00000000,?), ref: 6C8C7AD3
GetLastError.KERNEL32(?,6C8C7A41,00000000,?), ref: 6C8C7AE0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateEventExceptionThrow
String ID:
API String ID: 1718773336-0
Opcode ID: 5c5ca15edc7dccbc5fa0a7b527b3135439bdf2f72a69946505eb8db5e956efe1
Instruction ID: 599e2e4b37cf57cb3222b58e8d4bd0e7cc5073ba22aa19c2d1da0ceb6d9564d3
Opcode Fuzzy Hash: 5c5ca15edc7dccbc5fa0a7b527b3135439bdf2f72a69946505eb8db5e956efe1
Instruction Fuzzy Hash: 25012C71610645AAD731EBAACD48DAF3ABCEB827587544D38F456D2D00EB34E109CA72

Function 6C881C13 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

memcpy.MSVCR100(?,00000000), ref: 6C881C47
_errno.MSVCR100 ref: 6C8A98AC
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A98B6
_wmemset.LIBCMT ref: 6C8A98CA
_errno.MSVCR100 ref: 6C8A98DD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_wmemsetmemcpy
String ID:
API String ID: 286551074-0
Opcode ID: 0fc1868e71f3fb815dc008e129040931b69018a5b417317c345cb06ab3f3e45f
Instruction ID: cbecb485055c11e20b67d0d5bd5072b9659a8cdd7824b6d63f48732170ee9d51
Opcode Fuzzy Hash: 0fc1868e71f3fb815dc008e129040931b69018a5b417317c345cb06ab3f3e45f
Instruction Fuzzy Hash: 0F01DF3254A228EBDF316F98DE007DD3755AF04728F014C26FD285AE90E7B2C995CB81

Function 6C880110 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy.MSVCR100(?,00000000,?), ref: 6C880141
_errno.MSVCR100 ref: 6C8A95AD
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A95B7
_memset.LIBCMT(?,00000000,?), ref: 6C8A95CB
_errno.MSVCR100 ref: 6C8A95DE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_memsetmemcpy
String ID:
API String ID: 2314827996-0
Opcode ID: 24d3509d602729fcf9db17f7d46f62d11e562c21541381a8313e25e63287101c
Instruction ID: 34e71a3fbe8d5047aaba53b6b4c4b9bac520cf570add7047d7fa1ea2d1f92b79
Opcode Fuzzy Hash: 24d3509d602729fcf9db17f7d46f62d11e562c21541381a8313e25e63287101c
Instruction Fuzzy Hash: 3801F23114B358EBCF312E48DE057CE3B51AF05B28F004C26F8185AE90E7728951CF91

Function 6C88E2C0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,?,?,?,6C8ED1C6,?,?,?,00000000,00000000), ref: 6C88E2CC
_errno.MSVCR100(00000000,?,?,?,6C8ED1C6,?,?,?,00000000,00000000), ref: 6C88E2E6
_errno.MSVCR100(00000000,?,?,?,6C8ED1C6,?,?,?,00000000,00000000), ref: 6C88E30C
_errno.MSVCR100(00000000,?,?,?,6C8ED1C6,?,?,?,00000000,00000000), ref: 6C88E316
_errno.MSVCR100(00000000,?,?,?,6C8ED1C6,?,?,?), ref: 6C8AB8E6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: bf0d7c0b0c446c6302ddbf73ced53443c075aaa02c3afb7a1994576bbb1a9f21
Instruction ID: 7c3f6eb7825a2b32301afb13aeef72bbce5a906ec98d5c035f5bb6b0304ce580
Opcode Fuzzy Hash: bf0d7c0b0c446c6302ddbf73ced53443c075aaa02c3afb7a1994576bbb1a9f21
Instruction Fuzzy Hash: 6E01B1385063899FDB306FADC2507A87BA09F46329F100E69E56487F91D7719C44CFA1

Function 6C8C0EF9 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(?,00000000,00000000,000000FF), ref: 6C8C0F2A
GetLastError.KERNEL32 ref: 6C8C0F31
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C0F4A
_CxxThrowException.MSVCR100(00000000,6C91FEB4,00000000), ref: 6C8C0F59
CloseHandle.KERNEL32(?), ref: 6C8C0F61

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHandleLastMultipleObjectsThrowWait
String ID:
API String ID: 1291167946-0
Opcode ID: ba7e64645b5f722e11a64d42e784fd93bacfcbf67b8efc164c93be138cb7208e
Instruction ID: a222e2dbc79b8fcb15b9b98314d328deddd2026bcd85ad382eb68ee50290a159
Opcode Fuzzy Hash: ba7e64645b5f722e11a64d42e784fd93bacfcbf67b8efc164c93be138cb7208e
Instruction Fuzzy Hash: 4501F2727141446ACB3057698E48B5A73AC6B45338F140F35F4A8C2EC0EB34E4849662

Function 6C8C3C63 Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedFlushSList.KERNEL32(00000010,?,6C8BFF09), ref: 6C8C3C6D
InterlockedFlushSList.KERNEL32(00000018,?,6C8BFF09), ref: 6C8C3C78
??_V@YAXPAX@Z.MSVCR100(?,00000000,?,6C8BFF09), ref: 6C8C3CB1
??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,6C8BFF09), ref: 6C8C3CB7
??_V@YAXPAX@Z.MSVCR100(?,?,6C8BFF09), ref: 6C8C3CC8

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: FlushInterlockedList$??3@
String ID:
API String ID: 964362523-0
Opcode ID: 8b2e23aa3912924a66ce4f1c7e62baffef9b81e65807b241814276fad2ac8b05
Instruction ID: 5516451d3ca0436f1394d458900e8262df5297f984bf18c501d4a6c2247c3210
Opcode Fuzzy Hash: 8b2e23aa3912924a66ce4f1c7e62baffef9b81e65807b241814276fad2ac8b05
Instruction Fuzzy Hash: 43014B36206B019BC331AF69DAC089EB3B5AF857283220D2DE11647E21CB31FC56CA52

Function 6C8C3832 Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedFlushSList.KERNEL32(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C383C
InterlockedFlushSList.KERNEL32(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3847
??_V@YAXPAX@Z.MSVCR100(?,00000000,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C387F
??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3885
??_V@YAXPAX@Z.MSVCR100(?,?,6C8BFEBD,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8C3896

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: FlushInterlockedList$??3@
String ID:
API String ID: 964362523-0
Opcode ID: 4c43e4530712305c5396fdf0949cc57dcd300487f7d83d32e1915a21a5589dac
Instruction ID: d252416db767fbba88190ad812ccd58c46969e1386f09dc3459bf1d81ba7b746
Opcode Fuzzy Hash: 4c43e4530712305c5396fdf0949cc57dcd300487f7d83d32e1915a21a5589dac
Instruction Fuzzy Hash: 05016D36206B519FC3359F69DAC099AB3A5EF86328361093CE11647E21CB31FC5BCB52

Function 6C8916B5 Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

_get_osfhandle.MSVCR100(00000000,?,?,6C88D354,?,00000000,00000000), ref: 6C8916BF
SetFilePointer.KERNEL32(00000000,?,00000000,6C88D354,00000000,?,?,6C88D354,?,00000000,00000000), ref: 6C8916D8
_errno.MSVCR100(?,?,6C88D354,?,00000000,00000000), ref: 6C8B036B
GetLastError.KERNEL32(?,6C88D354,?,00000000,00000000), ref: 6C8B037E
__dosmaperr.LIBCMT(00000000,?,6C88D354,?,00000000,00000000), ref: 6C8B038A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr_errno_get_osfhandle
String ID:
API String ID: 1165083932-0
Opcode ID: aea083703833d10d6665a99cf2cda61adcdf0b3b6b64bedd3b39d5b6ba2c8df9
Instruction ID: fa31b5adc17c68fef707ac37aa22aaee7b51cd5774039001bf66b9e21cdd2db2
Opcode Fuzzy Hash: aea083703833d10d6665a99cf2cda61adcdf0b3b6b64bedd3b39d5b6ba2c8df9
Instruction Fuzzy Hash: 5801F9322156946BCB215ABC8E48A8D3B38AF877397250F21F534DBAD0EB30C8118690

Function 6C88AA88 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(6C927580,6C88BD3C,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAA1
DecodePointer.KERNEL32(?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAAE
_msize.MSVCR100(00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AACB

Part of subcall function 6C882231: HeapSize.KERNEL32(00000000,00000000,?,6C88AAD0,00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC), ref: 6C88224B

EncodePointer.KERNEL32(?,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAE7
EncodePointer.KERNEL32(-00000004,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C88AAEF
_realloc_crt.MSVCR100(00000000,00000800,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C892BAF
EncodePointer.KERNEL32(00000000,?,?,?,6C88AA57,?,6C88AA70,0000000C,6C88BAA1,?,?,6C8AF2FC,6C91FC34,?), ref: 6C892BC5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
String ID:
API String ID: 765448609-0
Opcode ID: faefb697d640b5152030b56338163913db8f2ca028584b96e020f89e7ca6247c
Instruction ID: 4a099fb1b636174e5c95130594c161c459e39bb163a024af1824abd8597d4e04
Opcode Fuzzy Hash: faefb697d640b5152030b56338163913db8f2ca028584b96e020f89e7ca6247c
Instruction Fuzzy Hash: 62F0F472615225BBCB119F68DCC88C9BBE9EB6A2A0311453AD849E3601E779E9409BD0

Function 6C8FE3B8 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

_errno.MSVCR100(?,?,6C8FC353,00000000,?,00000000), ref: 6C8FE3C5
_invalid_parameter_noinfo.MSVCR100(?,?,6C8FC353,00000000,?,00000000), ref: 6C8FE3CF

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__get_sys_err_msg.LIBCMT ref: 6C8FE3E2
__cftoe.LIBCMT(00000000,?,?,00000000,000000FF,?,?,6C8FC353,00000000,?,00000000), ref: 6C8FE3F0
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8FE40B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __cftoe__get_sys_err_msg__invoke_watson_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 1727381857-0
Opcode ID: de1987cb8a2fd5f0bb29b1f77e94af8fb5d4e638a57758ef56cf94ea584d224c
Instruction ID: 6909874f2341911c646a824a56ff97c7dfa79613133044f37d58f0c341ae124e
Opcode Fuzzy Hash: de1987cb8a2fd5f0bb29b1f77e94af8fb5d4e638a57758ef56cf94ea584d224c
Instruction Fuzzy Hash: D4F0B4314455286A9F332A9D8E444CF3614AF427BCB204D36F874C7A51D775859347E1

Function 6C883798 Relevance: 7.5, APIs: 5, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,6C882D92,?,?,?,00000000,?), ref: 6C8A93B8
_invalid_parameter_noinfo.MSVCR100(?,6C882D92,?,?,?,00000000,?), ref: 6C8A93C3
_errno.MSVCR100(?,?,6C882D92,?,?,?,00000000,?), ref: 6C8A93CD
_errno.MSVCR100 ref: 6C8A93E4
_invalid_parameter_noinfo.MSVCR100(?,?,6C882D92,?,?,?,00000000,?), ref: 6C8A93EF

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: 9d4c50b1468c12b309b714de0aad033b02f3dc7d332c570a7fa4fceb02b556d6
Instruction ID: 30ec0c71a020f09bc203fa4c9f489d482131eb85ba86495c68521dba3eb63695
Opcode Fuzzy Hash: 9d4c50b1468c12b309b714de0aad033b02f3dc7d332c570a7fa4fceb02b556d6
Instruction Fuzzy Hash: 8E018B31407659ABCF312FAC8E007EA3AA45F02338F141E15F53447FD0D77684659B91

Function 6C88E651 Relevance: 7.5, APIs: 5, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A927E
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9289
_errno.MSVCR100 ref: 6C8A9293
_errno.MSVCR100 ref: 6C8A92A8
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A92B3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: 11b6621097d4d274dfffcce35a815b27455f8bfb62da39c01404daec0c7aa5f5
Instruction ID: 4d1af74029cc0c955771de0e12fdc7e3134b9e0f95b56d0e20d806e74d03adf8
Opcode Fuzzy Hash: 11b6621097d4d274dfffcce35a815b27455f8bfb62da39c01404daec0c7aa5f5
Instruction Fuzzy Hash: E7016235846658AADF312EE88E007DA3B549F42338F100E55E9344AFD0DB778855CBE1

Function 6C892F0F Relevance: 7.5, APIs: 5, Instructions: 41COMMON

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C892F78,0000000C), ref: 6C892F3E

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fread_nolock_s.MSVCR100(?,?,?,?,?,6C892F78,0000000C), ref: 6C892F56

Part of subcall function 6C892E42: memcpy_s.MSVCR100(?,?,?,?), ref: 6C892EEB

Part of subcall function 6C892A86: _unlock_file.MSVCR100(6C892F6D,6C892F6D), ref: 6C892A89

_memset.LIBCMT(?,00000000,000000FF,?,?,6C892F78,0000000C), ref: 6C8A8D02
_errno.MSVCR100(?,?,6C892F78,0000000C), ref: 6C8A8D0A
_invalid_parameter_noinfo.MSVCR100(?,?,6C892F78,0000000C), ref: 6C8A8D15

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fread_nolock_s_invalid_parameter_noinfo_lock_lock_file_memset_unlock_filememcpy_s
String ID:
API String ID: 3226975504-0
Opcode ID: 8ab1d2a6fe5fac616711e008e2e7d35fae06d5f3a2467ffafffc7bd6007a0a0c
Instruction ID: f12cc2db10fb247494a3c79f1af5493041e11c72296656c26df368cc494884c8
Opcode Fuzzy Hash: 8ab1d2a6fe5fac616711e008e2e7d35fae06d5f3a2467ffafffc7bd6007a0a0c
Instruction Fuzzy Hash: 7E014C3180324AEFCF319FACCA045DE7A61BF14754F114935F82515AA0D73986A6DFD1

Function 6C8BF2B7 Relevance: 7.5, APIs: 5, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BF2BE
EnterCriticalSection.KERNEL32(6C8BD93F,00000008,6C8C9035), ref: 6C8BF2D0
??2@YAPAXI@Z.MSVCR100(00000024), ref: 6C8BF2E2

Part of subcall function 6C8802C1: malloc.MSVCR100(?), ref: 6C8802CC

??2@YAPAXI@Z.MSVCR100(00000030), ref: 6C8BF307

Part of subcall function 6C8C7EE6: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C8C7F10
Part of subcall function 6C8C7EE6: GetLastError.KERNEL32(?,00000000,00000000), ref: 6C8C7F1D
Part of subcall function 6C8C7EE6: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000), ref: 6C8C7F35
Part of subcall function 6C8C7EE6: _CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,00000000,00000000), ref: 6C8C7F43

LeaveCriticalSection.KERNEL32(?), ref: 6C8BF329

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@CriticalSection$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateEnterErrorEventExceptionH_prolog3LastLeaveThrowmalloc
String ID:
API String ID: 921447554-0
Opcode ID: c114237461c808622285ad8da5a059da4ca7abdbf89697b66e7e2999c2aff028
Instruction ID: 2a7309f769e08ba27ab02d8c8b30572e0b44acbd207c83b0bb0ca1905066224e
Opcode Fuzzy Hash: c114237461c808622285ad8da5a059da4ca7abdbf89697b66e7e2999c2aff028
Instruction Fuzzy Hash: A3015E38D1A659DFDB21DBB8870939D7BA0BF15708F50096AD404B7F40D7B48A04C792

Function 6C8FED88 Relevance: 7.5, APIs: 5, Instructions: 40stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(?,?,?,6C8FDA01,00000000,?,00000000), ref: 6C8FED96
_invalid_parameter_noinfo.MSVCR100(?,?,?,6C8FDA01,00000000,?,00000000), ref: 6C8FEDA0

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

__get_sys_err_msg.LIBCMT ref: 6C8FEDB9
strncpy_s.MSVCR100(?,?,00000000,?,?,?,?,6C8FDA01,00000000,?,00000000), ref: 6C8FEDC4
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6C8FEDD5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __get_sys_err_msg__invoke_watson_errno_invalid_parameter_invalid_parameter_noinfostrncpy_s
String ID:
API String ID: 161604870-0
Opcode ID: 6d05f789b68c352af06443d823bdcf71e5514fbee980b87ed8ca33245b93062a
Instruction ID: 777fb14a28f79e8de2274229ba9be3835766e3cc81de566d5909ec8b6086b7a9
Opcode Fuzzy Hash: 6d05f789b68c352af06443d823bdcf71e5514fbee980b87ed8ca33245b93062a
Instruction Fuzzy Hash: 0FF08C321411286AAB317E6E9D008EE3A5CDBC16E9B110831F93887E41EB32994687E0

Function 6C88CA4F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_control87.MSVCR100(00000001,?,00000000,?,6C8CCE9B,00000000,00010000,00030000,?,6C8B1D56,?,6C88B983,?,?,6C88B295,00000000), ref: 6C88CA7D
_control87.MSVCR100(00000000,00000000,00000000,?,6C8CCE9B,00000000,00010000,00030000,?,6C8B1D56,?,6C88B983,?,?,6C88B295,00000000), ref: 6C8B24BB
_errno.MSVCR100(00000000,?,6C8CCE9B,00000000,00010000,00030000,?,6C8B1D56,?,6C88B983,?,?,6C88B295,00000000), ref: 6C8B24C4
_invalid_parameter_noinfo.MSVCR100(00000000,?,6C8CCE9B,00000000,00010000,00030000,?,6C8B1D56,?,6C88B983,?,?,6C88B295,00000000), ref: 6C8B24CE
_control87.MSVCR100(00000001,?,00000000,?,6C8CCE9B,00000000,00010000,00030000,?,6C8B1D56,?,6C88B983,?,?,6C88B295,00000000), ref: 6C8B24DA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _control87$_errno_invalid_parameter_noinfo
String ID:
API String ID: 1498936549-0
Opcode ID: bf4e1a7da49c6d64d966f304bc058d75b43548e15341f806baddd6ebdcd0a6cc
Instruction ID: ef59c18ca8864e38f4fa5e7b24769b20cb22ee7cc53692c6c770bad32e5e8360
Opcode Fuzzy Hash: bf4e1a7da49c6d64d966f304bc058d75b43548e15341f806baddd6ebdcd0a6cc
Instruction Fuzzy Hash: 1CF0F07268A7246BD7346E79AA01BDA73949F00BB4F104E29F954ABF80DB3498005294

Function 6C8DA0C4 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DA0DD
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DA0E8

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8DA108
_localtime64_s.MSVCR100(?,?), ref: 6C8DA11A

Part of subcall function 6C8968DC: _memset.LIBCMT(?,000000FF,00000024), ref: 6C896905
Part of subcall function 6C8968DC: _get_daylight.MSVCR100(?), ref: 6C896941
Part of subcall function 6C8968DC: _get_dstbias.MSVCR100(?), ref: 6C896953
Part of subcall function 6C8968DC: _get_timezone.MSVCR100(?), ref: 6C896965
Part of subcall function 6C8968DC: _gmtime64_s.MSVCR100(?,?), ref: 6C896999

_asctime.LIBCMT(?), ref: 6C8DA129

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_asctime_get_daylight_get_dstbias_get_timezone_gmtime64_s_invalid_parameter_invalid_parameter_noinfo_localtime64_s_memset
String ID:
API String ID: 2020581482-0
Opcode ID: c0881b744be6fdab028108959874afcb34b3833011441a9cc4727db01877db9d
Instruction ID: 10da98340aaca56e7780675edc6351e573b2ca50358cb5f8f9a71ac042d9a2b4
Opcode Fuzzy Hash: c0881b744be6fdab028108959874afcb34b3833011441a9cc4727db01877db9d
Instruction Fuzzy Hash: 18F04431605248DEDF209FA9CB45BDA37F8AB05328F264C75C405D7E40EB35E9489B61

Function 6C8DB0EC Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DB105
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DB110

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8DB130
_localtime64_s.MSVCR100(?,?), ref: 6C8DB142

Part of subcall function 6C8968DC: _memset.LIBCMT(?,000000FF,00000024), ref: 6C896905
Part of subcall function 6C8968DC: _get_daylight.MSVCR100(?), ref: 6C896941
Part of subcall function 6C8968DC: _get_dstbias.MSVCR100(?), ref: 6C896953
Part of subcall function 6C8968DC: _get_timezone.MSVCR100(?), ref: 6C896965
Part of subcall function 6C8968DC: _gmtime64_s.MSVCR100(?,?), ref: 6C896999

__wasctime.LIBCMT(?), ref: 6C8DB151

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$__wasctime_get_daylight_get_dstbias_get_timezone_gmtime64_s_invalid_parameter_invalid_parameter_noinfo_localtime64_s_memset
String ID:
API String ID: 957981164-0
Opcode ID: 7b4a0e995380c3c842aef5f9b5c039c8ab827e26124d66baacb3e9b2602e5c25
Instruction ID: 50d6f1e1172835a008c0beab997eb9ed9c35af69be1bb41febd618a4be7b0d2a
Opcode Fuzzy Hash: 7b4a0e995380c3c842aef5f9b5c039c8ab827e26124d66baacb3e9b2602e5c25
Instruction Fuzzy Hash: 85F04F316052099EDF20AFA9CA55BEE37F8AB05358F160C75D004DBF40FB35E5488B61

Function 6C8DAFF1 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8DB00A
_invalid_parameter_noinfo.MSVCR100 ref: 6C8DB015

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8DB02D
__localtime32_s.LIBCMT(?,?), ref: 6C8DB03F

Part of subcall function 6C8D9784: _errno.MSVCR100(?,?,?,?), ref: 6C8D97A0
Part of subcall function 6C8D9784: _invalid_parameter_noinfo.MSVCR100(?,?,?,?), ref: 6C8D97AA

__wasctime.LIBCMT(?), ref: 6C8DB04E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$__localtime32_s__wasctime_invalid_parameter
String ID:
API String ID: 2302537511-0
Opcode ID: 6480d376cfac4daba136ff8ef009d47938477f6f3323ed3f6dea82dde1785da3
Instruction ID: f2f3a2aba81b49e2059ea15da26fd2bc88e5ed75c5752ca78b5a466eb46274f3
Opcode Fuzzy Hash: 6480d376cfac4daba136ff8ef009d47938477f6f3323ed3f6dea82dde1785da3
Instruction Fuzzy Hash: 3FF06D31605208DECB24AFA9CA40BDE37E8AF4A368F160825D010DBA40EF34E9489B24

Function 6C8BBCC9 Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C8CAC51: CreateThread.KERNEL32(00000000,00000000,-00000018,6C8C0ED5,00010000,?), ref: 6C8CAC8D
Part of subcall function 6C8CAC51: GetLastError.KERNEL32 ref: 6C8CAC97
Part of subcall function 6C8CAC51: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8CACAF
Part of subcall function 6C8CAC51: _CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8CACBD

GetLastError.KERNEL32 ref: 6C8BBCEF
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8BBD07
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8BBD15
SetThreadPriority.KERNEL32(00000000,0000000F), ref: 6C8BBD1D
GetLastError.KERNEL32 ref: 6C8BBD27

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThreadThrow$CreatePriority
String ID:
API String ID: 3804766065-0
Opcode ID: 37b7d40a5a693b5cd37f1cbb76f0c9302aee9c6fc3b2b875c033ee7006a18a63
Instruction ID: ff3a7143236f1c22f4623b5ad01a2be3c05d118b7c826166284646634b6ddc00
Opcode Fuzzy Hash: 37b7d40a5a693b5cd37f1cbb76f0c9302aee9c6fc3b2b875c033ee7006a18a63
Instruction Fuzzy Hash: 1BF0B47174020666EB30AA658E5DBAB36A86F0174DF540D74B415F5F81FB74D00482A5

Function 6C8D91AF Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D91C8
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D91D3

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8D91EB
__localtime32_s.LIBCMT(?,?), ref: 6C8D91FD

Part of subcall function 6C8D9784: _errno.MSVCR100(?,?,?,?), ref: 6C8D97A0
Part of subcall function 6C8D9784: _invalid_parameter_noinfo.MSVCR100(?,?,?,?), ref: 6C8D97AA

_asctime.LIBCMT(?), ref: 6C8D920C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$__localtime32_s_asctime_invalid_parameter
String ID:
API String ID: 344951201-0
Opcode ID: 596f74d837553ed2475c8281e60c542187a88c157b2e099007dffb998d329b43
Instruction ID: 2522daa126fde41cf254f201bd5ddc8feb89ee067d384dc8bcd95dd3a8ad6d75
Opcode Fuzzy Hash: 596f74d837553ed2475c8281e60c542187a88c157b2e099007dffb998d329b43
Instruction Fuzzy Hash: 76F012316052089ECF20EFADCA54BCA77F85B4A368F560D65D401D7A40EF34E5488B61

Function 6C8BB795 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

_memset.LIBCMT(?,00000000,0000000C), ref: 6C8BB7A0
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB7A8

Part of subcall function 6C8BB6C7: __EH_prolog3.LIBCMT ref: 6C8BB6CE

?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR100 ref: 6C8BB7B2
GetCurrentProcess.KERNEL32(?,?), ref: 6C8BB7C4
GetProcessAffinityMask.KERNEL32(00000000), ref: 6C8BB7CB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Version@$Concurrency@@Manager@1@ProcessResource$AffinityCurrentH_prolog3Mask_memset
String ID:
API String ID: 4257252171-0
Opcode ID: de93ef1d47f3be2f9765db28b628b3259c746c792c1705af9eb44ff4fc659dc0
Instruction ID: 618cb05f994ff55e534d92dd3a27fbc1b273f9e3bdfb7a445127c086c17884af
Opcode Fuzzy Hash: de93ef1d47f3be2f9765db28b628b3259c746c792c1705af9eb44ff4fc659dc0
Instruction Fuzzy Hash: 34F05B71610104BBDB319F64CD89E9E3BECEF0A348B100821F559D6A50E734D944CBB5

Function 6C88A745 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C88A780
__doserrno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B0417
_errno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B041F
_errno.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B0432
_invalid_parameter_noinfo.MSVCR100(?,6C8F84F4,?,?,?,?,?,?,6C8AFDEB,?,00000000,00000000,00000002,?,00000002,?), ref: 6C8B043D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __doserrno_errno$_invalid_parameter_noinfo
String ID:
API String ID: 2315031519-0
Opcode ID: bbbf8eed634742feea3981eb702a0b920671bbe7912da8b3bb606ad2d241f563
Instruction ID: cba9653f70dc6835faf6b80c22639beb566bf7c82cc2bdbdeeec3f0281b194d2
Opcode Fuzzy Hash: bbbf8eed634742feea3981eb702a0b920671bbe7912da8b3bb606ad2d241f563
Instruction Fuzzy Hash: 07F096712562444BDB316B68C7407B97BB49F4332DF100D64D5648BFD1DBB898458651

Function 6C8D3E1C Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D3E27
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D3E32

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8D3E44
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D3E4F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
String ID:
API String ID: 1328987296-0
Opcode ID: 65f35390fdd11f5728a3a183b6d088c9fa2923940387f3ab765e33d2bd27433a
Instruction ID: f2232a6238a554a67eeb5b4bd02b73957deee8cd239dd0cf84c37fd04bbf0a63
Opcode Fuzzy Hash: 65f35390fdd11f5728a3a183b6d088c9fa2923940387f3ab765e33d2bd27433a
Instruction Fuzzy Hash: FEF0E2314016185ACF302F7C9A003E93AE06F41338F158F34A1788BFE0CB30A8408B90

Function 00FC467C Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00FC4688

Part of subcall function 00FC2AB6: __getptd_noexit.LIBCMT ref: 00FC2AB9
Part of subcall function 00FC2AB6: __amsg_exit.LIBCMT ref: 00FC2AC6

__getptd.LIBCMT ref: 00FC469F
__amsg_exit.LIBCMT ref: 00FC46AD
__lock.LIBCMT ref: 00FC46BD
__updatetlocinfoEx_nolock.LIBCMT ref: 00FC46D1

Memory Dump Source

Source File: 00000005.00000002.3342740785.0000000000FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000005.00000002.3342710347.0000000000FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342772667.0000000000FC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342801478.0000000000FC9000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000005.00000002.3342829167.0000000000FCB000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_fc0000_HOMA2 Calculator.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 19f9fb71d1d237a4072e578a4e2439a8103f0663003e01fc43ab2003343edf51
Instruction ID: 457feff1e7e7ef646053262f6d1de24e92570bc5f0a764c59812e6bca674ac65
Opcode Fuzzy Hash: 19f9fb71d1d237a4072e578a4e2439a8103f0663003e01fc43ab2003343edf51
Instruction Fuzzy Hash: E2F06D32A047169BD661BB749F17F4EB7A0AF01B21F10410DE401A76D6CB6C6901FA95

Function 6C8C007C Relevance: 7.5, APIs: 5, Instructions: 32memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C8BB834: __EH_prolog3.LIBCMT ref: 6C8BB83B

TlsAlloc.KERNEL32 ref: 6C8C009D
GetLastError.KERNEL32 ref: 6C8C00AD
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C00C6
_CxxThrowException.MSVCR100(00000000,6C91FEB4,00000000), ref: 6C8C00D5
Concurrency::details::UMSThreadScheduler::OneShotStaticConstruction.LIBCMT ref: 6C8C00DA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AllocConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConstructionErrorExceptionH_prolog3LastScheduler::ShotStaticThreadThrow
String ID:
API String ID: 3767078539-0
Opcode ID: 627366d029afba99542af7e4507c456f73ce059307b4448d965677bcc6630e5f
Instruction ID: 42ff8ad2fab5c804550411a3b594c8cb4bf10a6a771c864893a19677637d5dae
Opcode Fuzzy Hash: 627366d029afba99542af7e4507c456f73ce059307b4448d965677bcc6630e5f
Instruction Fuzzy Hash: 51F0897166421556CB306B74CA0A6AA36A8AB42728F144F39E469D2EC0FB38D408D656

Function 6C8C324B Relevance: 7.5, APIs: 5, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C3252
??_V@YAXPAX@Z.MSVCR100(00000000,00000000,6C8C8255,?,00000000,6C8C8F77,00000000), ref: 6C8C3276
??_V@YAXPAX@Z.MSVCR100(?,00000000,6C8C8255,?,00000000,6C8C8F77,00000000), ref: 6C8C328B
??_V@YAXPAX@Z.MSVCR100(00000100,?,00000000,6C8C8255,?,00000000,6C8C8F77,00000000), ref: 6C8C3293
DeleteCriticalSection.KERNEL32(?), ref: 6C8C32A6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalDeleteH_prolog3Section
String ID:
API String ID: 478171351-0
Opcode ID: e9e9b489216131d7429ef9b19cd0da483b55ab9245b784581010972766acd688
Instruction ID: 9ff741df512636d93d0a17fd6da532ffe30faca0096284812051d5a166a6151a
Opcode Fuzzy Hash: e9e9b489216131d7429ef9b19cd0da483b55ab9245b784581010972766acd688
Instruction Fuzzy Hash: D8F06D36502700DFC7309F38CA85A8AB7B1FF48328B20493DE45A57E65CB31EC49CA51

Function 6C881D35 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 283COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 6C88392E
_mbtowc_l.MSVCR100(?,?,?,?), ref: 6C8839AD

Strings

', xrefs: 6C881D46

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __aulldvrm_mbtowc_l
String ID: '
API String ID: 1725609986-1997036262
Opcode ID: 785c0b9564e628bd1a7ed70372aa626ec1bd4d713f0a62b14de94660fb780cb1
Instruction ID: 4bb9d0acc29144f930c90f33ba6e01c68b78a52836a20a491980c5f79694e43a
Opcode Fuzzy Hash: 785c0b9564e628bd1a7ed70372aa626ec1bd4d713f0a62b14de94660fb780cb1
Instruction Fuzzy Hash: 8BC19FB1A0622D8BDB70CA18CE80798B7B0AF45319F5049E9D718A7E81DB749EC5CF58

Function 6C88E324 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

free.MSVCR100(00000000), ref: 6C88EDE4

Strings

, xrefs: 6C88ED0F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-3916222277
Opcode ID: ae4e53d39c897ac87bafd41e25f75f7f425d61bd2e2313c8ba328f38ae4f36e6
Instruction ID: 28944ed1edd28ef557edcfb0835ae55eb2db2ecc8dfe8957b376ea2ce2d253b4
Opcode Fuzzy Hash: ae4e53d39c897ac87bafd41e25f75f7f425d61bd2e2313c8ba328f38ae4f36e6
Instruction Fuzzy Hash: B071C73990626D8EDB30DA68CE887D9B7B4AF05319F100AE9C95867E81D7745FC9CF80

Function 6C87442D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6C8744BD

Part of subcall function 6C898900: __87except.LIBCMT ref: 6C89893B

Strings

pow, xrefs: 6C874495, 6C8744B2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: 7bd6d642508dbb665dca3b130629967b702a8bf0ea1f51963699fead82eaab80
Instruction ID: 2918c65144f6c7fbce5f43ef06aab6fe186b846956861b645dee40d4b0da68bd
Opcode Fuzzy Hash: 7bd6d642508dbb665dca3b130629967b702a8bf0ea1f51963699fead82eaab80
Instruction Fuzzy Hash: 86512C61A0D10996D7316A18C70135E7BE4DBC375CF304E68E4E542A98FF3988A8DE77

Function 6C8BD0C1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,?,?,00000000,?,00000000), ref: 6C8BD1B0
_memset.LIBCMT(00000000,00000000,?,00000000,?,?,00000000,?,00000000), ref: 6C8BD1C3

Strings

$, xrefs: 6C8BD1F4
,, xrefs: 6C8BD1F0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memset
String ID: $$,
API String ID: 2102423945-53852779
Opcode ID: 78317c09046f200d96166056200ee0860819ba3a296969d6b915bb36821915cd
Instruction ID: b8610a1b75f606a9eae283578eb1d087710030a64d0e404c05154ac21b692d6c
Opcode Fuzzy Hash: 78317c09046f200d96166056200ee0860819ba3a296969d6b915bb36821915cd
Instruction Fuzzy Hash: 87419331A04228BFDB219FACCE84AEEBBB4EF08354F044966E809B7704D7719D4587A1

Function 6C88DAD9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C8AEF68
DName::operator+.LIBCMT ref: 6C8AEF6F

Part of subcall function 6C88E04B: DName::operator+.LIBCMT ref: 6C88E109

Strings

CV: , xrefs: 6C8AEF60

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: CV:
API String ID: 168861036-3725821052
Opcode ID: e9fe1e07d69909f8a8a15d944c786ff193ba4e16a16affe46854ff492e23ad00
Instruction ID: ac7f6eb167d19fcd6402dbab8536a47f51dace8854c2407b3e688fded059a27b
Opcode Fuzzy Hash: e9fe1e07d69909f8a8a15d944c786ff193ba4e16a16affe46854ff492e23ad00
Instruction Fuzzy Hash: 9E41D531A0A18AAFDF25CF69DA40A9977B9EF4A308B24499BD491D7B90C734D442CF40

Function 6C88E7D6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107COMMON

Download Yara Rule

Strings

2, xrefs: 6C88E858
l, xrefs: 6C88E7FD
, xrefs: 6C88E824

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 41bb874059927015d8fdb171d313159ee89a8b3e03f2107ee9021189f19d3389
Instruction ID: 0e6316278c14148961ee90b006a9218fbc4f8c2d4516124e9b2ca48b2cd2e277
Opcode Fuzzy Hash: 41bb874059927015d8fdb171d313159ee89a8b3e03f2107ee9021189f19d3389
Instruction Fuzzy Hash: 27411378C4726D9EDB308E189DE83D97BB1BB06309F5009DAC4A8A6D91E3744BC5CF91

Function 6C8F3E6C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

?_inconsistency@@YAXXZ.MSVCR100(E06D7363,1FFFFFFF,19930522), ref: 6C8F3E78

Part of subcall function 6C8F377C: DecodePointer.KERNEL32(6C8F37B8,00000008,6C8F42DF,6C8F4300,0000000C,6C8F4357,?,?,00000003,00000000,6C8F43B0,00000008,6C8ACB36,?,00000000,00000003), ref: 6C8F378E
Part of subcall function 6C8F377C: ?terminate@@YAXXZ.MSVCR100(?,00000000,00000003,?), ref: 6C8F37AE

?terminate@@YAXXZ.MSVCR100(E06D7363,1FFFFFFF,19930522), ref: 6C8F3E7F

Part of subcall function 6C8F3712: _getptd.MSVCR100(6C8F3750,00000008,6C8F37B3,?,00000000,00000003,?), ref: 6C8F371E
Part of subcall function 6C8F3712: _abort.LIBCMT(6C8F3750,00000008,6C8F37B3,?,00000000,00000003,?), ref: 6C8F3740

__TypeMatch.MSVCR100(csm,00000000,?,6C8B2710,00000000,E06D7363), ref: 6C8F3EBE

Strings

csm, xrefs: 6C8F3EBA, 6C8F3EBD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ?terminate@@$?_inconsistency@@DecodeMatchPointerType_abort_getptd
String ID: csm
API String ID: 2680980455-1018135373
Opcode ID: 916a34a70e900325b369222c2f0413fc353b66ebd987d5748ca5069d3291ba5c
Instruction ID: b099187c85aa4e57ebb8765cfa4a5383c18157dfb90279a858e3dd32507d261f
Opcode Fuzzy Hash: 916a34a70e900325b369222c2f0413fc353b66ebd987d5748ca5069d3291ba5c
Instruction Fuzzy Hash: 26115E71A04209AFDB10CF9CC680B89B7B4EF18398F1444A5DE6497B01C331ED4BCB52

Function 6C8D72B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D72D4
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D72DF

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

Strings

B, xrefs: 6C8D730B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_invalid_parameter_noinfo
String ID: B
API String ID: 340685940-1255198513
Opcode ID: 7191924f825d44c04533769325deaa2f23df3f0f2dc8b8bfeaeb675c9c8400d0
Instruction ID: 7dd5359f30ef6eb7e3ce1be0fe424763248cddff7287893b6abedfae221e45bb
Opcode Fuzzy Hash: 7191924f825d44c04533769325deaa2f23df3f0f2dc8b8bfeaeb675c9c8400d0
Instruction Fuzzy Hash: 4E01C0719002499FDF209FA9CC00BEEBBB4FF09368F00062AF824A6280E7749504CBA5

Function 6C884202 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcslen.LIBCMT(?), ref: 6C88422C
_errno.MSVCR100 ref: 6C8A8FDB
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8FE6

Strings

I, xrefs: 6C884232

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo_wcslen
String ID: I
API String ID: 3151729805-3707901625
Opcode ID: a946e649708c495ba3de64228eefbbd13c8b602ca7283c3ef24064f5e4a28dd5
Instruction ID: 6c1603eaf3654a981364a7019d6df5d90a928f06b55d603c63354193d0f9d08a
Opcode Fuzzy Hash: a946e649708c495ba3de64228eefbbd13c8b602ca7283c3ef24064f5e4a28dd5
Instruction Fuzzy Hash: CA01DB72C0125A9BDF109FA5CD006EF7BB5AF4832CF104A26E534A56C0D779C612CFA5

Function 6C890A05 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_strlen.LIBCMT(?), ref: 6C890A2F
_errno.MSVCR100 ref: 6C8A8F41
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A8F4C

Strings

I, xrefs: 6C890A3A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo_strlen
String ID: I
API String ID: 1245117036-3707901625
Opcode ID: 104c0a01e2b9b4bfe5cf8e790197371b81950b518ee4aa113952663ec273a45e
Instruction ID: 3cc7cb669a2f038d07261104687c1f0f1e8f8d4380f83a992a7b94d086eac8cc
Opcode Fuzzy Hash: 104c0a01e2b9b4bfe5cf8e790197371b81950b518ee4aa113952663ec273a45e
Instruction Fuzzy Hash: A101A271C0025AABDF209FA8C804AEE7BB5BF44728F104A2AE434B6280D779C5018FA4

Function 6C8F3F34 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37stringCOMMON

Download Yara Rule

APIs

?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F42

Part of subcall function 6C8F377C: DecodePointer.KERNEL32(6C8F37B8,00000008,6C8F42DF,6C8F4300,0000000C,6C8F4357,?,?,00000003,00000000,6C8F43B0,00000008,6C8ACB36,?,00000000,00000003), ref: 6C8F378E
Part of subcall function 6C8F377C: ?terminate@@YAXXZ.MSVCR100(?,00000000,00000003,?), ref: 6C8F37AE

?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F4D
?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6C8F3F78
?raw_name@type_info@@QBEPBDXZ.MSVCR100(0000005E,?,00000000,?,00000000,00000000), ref: 6C8F3F96
strcmp.MSVCR100(00000000,0000005E,?,00000000,?,00000000,00000000), ref: 6C8F3F9C

Strings

csm, xrefs: 6C8F3F52

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ?_inconsistency@@$?raw_name@type_info@@?terminate@@DecodePointerstrcmp
String ID: csm
API String ID: 2672297707-1018135373
Opcode ID: 0e10fbcdc216a47d976a5216acc1823d21fb8472fe0e0d95f87f5171ea74f30f
Instruction ID: 6f4fb5c1b5c89a6feaa8badc1483de81e350389450ed653584540f4077288920
Opcode Fuzzy Hash: 0e10fbcdc216a47d976a5216acc1823d21fb8472fe0e0d95f87f5171ea74f30f
Instruction Fuzzy Hash: 9EF09636501A119B9B308E5A8600449B3B8DF457E93994F29DCB49BF10C730FD078AE3

Function 6C8FE9F4 Relevance: 6.3, APIs: 4, Instructions: 279COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8FEA0F
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FEA1A

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_errno.MSVCR100 ref: 6C8FEA33
_invalid_parameter_noinfo.MSVCR100 ref: 6C8FEA3E

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
String ID:
API String ID: 1328987296-0
Opcode ID: 8dbf596d3a0d2537a024ccf3c58277b8f47f141a5c8f322144fc1925e4b4baf9
Instruction ID: 093bed8aa7eb12f7e5ccbb419f0819dcf397771a1b3ecf86ef4357b57d939f07
Opcode Fuzzy Hash: 8dbf596d3a0d2537a024ccf3c58277b8f47f141a5c8f322144fc1925e4b4baf9
Instruction Fuzzy Hash: 54A13630A042599BCF31CF698A805DE7B76BF9A384F148969FC65A7744E230DD52CBE0

Function 6C8846C1 Relevance: 6.3, APIs: 4, Instructions: 262COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8B13EC
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B13F7
_errno.MSVCR100 ref: 6C8B1402
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B140D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 0f7806659183300477434c852ae5586eb72dadc6bc092987c5a806937287d50d
Instruction ID: 05eb985744ea913442e730fb330641bcb684cc1f1917c2d038a3a0e6a7555e8b
Opcode Fuzzy Hash: 0f7806659183300477434c852ae5586eb72dadc6bc092987c5a806937287d50d
Instruction Fuzzy Hash: AB916B36A062A98BCF21CF688A9019D7B7DAFCB309F144855EC6497F44D730DD10CBA1

Function 6C88B73E Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

IsValidCodePage.KERNEL32(-00000030,00000000,?,00000000), ref: 6C88B7A7
GetCPInfo.KERNEL32(00000000,?), ref: 6C88B7BA
_memset.LIBCMT(0000001D,00000000,00000101), ref: 6C88B7D2
_memset.LIBCMT(0000001D,00000000,00000101,00000000,?,00000000), ref: 6C8AA8ED

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _memset$CodeInfoPageValid
String ID:
API String ID: 1608968462-0
Opcode ID: c1749d326e0a160ec232b181f2a79027bc64a26aa84775c38a650308f6c2d334
Instruction ID: 67eaf6c1ab4658af1731f26060bb462a38bc783c8fb66b4b8869753919dc3dbe
Opcode Fuzzy Hash: c1749d326e0a160ec232b181f2a79027bc64a26aa84775c38a650308f6c2d334
Instruction Fuzzy Hash: 7E51F6319012559BDF358FA9C9802FEBBB4EF45308F19886AD8A59BE42D339D506CF90

Function 6C8B6CDB Relevance: 6.1, APIs: 4, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,00000000), ref: 6C8B6DB6
_memset.LIBCMT(00000000,00000000,?,00000000,00000000), ref: 6C8B6DC9
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,00000000), ref: 6C8B6DD0
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?,?,?,?,?,00000000), ref: 6C8B6E1B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@_memset
String ID:
API String ID: 4058414921-0
Opcode ID: 02c29f9761b99ddc029193a570bd265482a5d84b0799f06c3c99b3e26f5d0e6e
Instruction ID: 4fffd3d5fd674f8a07e2d0bdb3b5fefe8fb574477346d325a871ec582c76b98c
Opcode Fuzzy Hash: 02c29f9761b99ddc029193a570bd265482a5d84b0799f06c3c99b3e26f5d0e6e
Instruction Fuzzy Hash: ED51BC30105301CFD729CF29C681B16B7E0FF88329F148E6DE5AA9BA91D731E845CB92

Function 6C8B8F20 Relevance: 6.1, APIs: 4, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,6C8C0AF2), ref: 6C8B8FFA
_memset.LIBCMT(00000000,00000000,?,00000000,6C8C0AF2), ref: 6C8B900D
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,6C8C0AF2), ref: 6C8B9014
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?,?,?,?,?,6C8C0AF2), ref: 6C8B905F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@_memset
String ID:
API String ID: 4058414921-0
Opcode ID: 5983db6b842bcae40d4583103fe5b848ae5f9aaa5e5f5186c16b2b6f210820bc
Instruction ID: 1222b930efdc857a44eb60d296bc78643db5aba119476c0505596bd86c9d4cdc
Opcode Fuzzy Hash: 5983db6b842bcae40d4583103fe5b848ae5f9aaa5e5f5186c16b2b6f210820bc
Instruction Fuzzy Hash: 15515C305097018FD725CF29C680716B7F0FF89328F148A6DE4AA9BB95D771E845CB92

Function 6C8C3CD0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,00000000), ref: 6C8C3DAB
_memset.LIBCMT(00000000,00000000,?,00000000,00000000), ref: 6C8C3DBE
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,00000000), ref: 6C8C3DC5
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?,?,?,?,?,00000000), ref: 6C8C3E10

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@_memset
String ID:
API String ID: 4058414921-0
Opcode ID: 4cd6f5a79e85ee8f6a411988e73ee4a94e67648964a1f09978b2e61defb7a15e
Instruction ID: 05479d1a2a7f1ae391e9bdc4cff5563a0723945361b6dd1833993ca710243263
Opcode Fuzzy Hash: 4cd6f5a79e85ee8f6a411988e73ee4a94e67648964a1f09978b2e61defb7a15e
Instruction Fuzzy Hash: 97515A342053418FD725CF29C680656B7F0FF89329F148E6DE5AA8BA95D730E846CB92

Function 6C893D0D Relevance: 6.1, APIs: 4, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

_mbsdec.MSVCR100(?,?), ref: 6C893D7C
_errno.MSVCR100 ref: 6C8B0E88
_invalid_parameter_noinfo.MSVCR100 ref: 6C8B0E94
_errno.MSVCR100 ref: 6C8B0EC3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_mbsdec
String ID:
API String ID: 1897159254-0
Opcode ID: ac2fc793a16b45e7da48b9635dc514201799cdcd9146e502d463fede157ae603
Instruction ID: 2f5c9791029ebc19f7c4bc6197002d31ba6fbd4e90232e0cf23f9584a6080b46
Opcode Fuzzy Hash: ac2fc793a16b45e7da48b9635dc514201799cdcd9146e502d463fede157ae603
Instruction Fuzzy Hash: 52314C751492C49FD7328F2C87A029D3BA19B87314B254CA8E4E99FB11D3309CC6D791

Function 6C8C389E Relevance: 6.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000), ref: 6C8C3967
_memset.LIBCMT(00000000,00000000,?,00000000,00000000,00000000), ref: 6C8C3979
??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,00000000,00000000), ref: 6C8C3980
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(00000000,00000000), ref: 6C8C39C7

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@_memset
String ID:
API String ID: 4058414921-0
Opcode ID: 86bb6908df84d07d5b21b56c783c1ee1a3dac44e83d7373ef325b9ebfac86aaa
Instruction ID: 29cc550e3b264b8069c22d173ac9c34563f05654aa0567d40e0cf377531cb5da
Opcode Fuzzy Hash: 86bb6908df84d07d5b21b56c783c1ee1a3dac44e83d7373ef325b9ebfac86aaa
Instruction Fuzzy Hash: 3941A030A00305DFDB25CF29C681B9AB7F0FF45328F108A6DC5569BA91D770E946CB92

Function 6C8C0F74 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,762330B0,?,?,6C8C0F1D,00000000), ref: 6C8C0F8C
??3@YAXPAX@Z.MSVCR100(?,?,?,6C8C0F1D,00000000), ref: 6C8C106D
LeaveCriticalSection.KERNEL32(?,?,?,6C8C0F1D,00000000), ref: 6C8C107A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$??3@EnterLeave
String ID:
API String ID: 3906572401-0
Opcode ID: 5495f1955d172fe70d11fa41d13181028f2ae54220a9d0138767cdbf56a9c04e
Instruction ID: fe453abd843284e0bae001bd21394f9b60c06fa88f2c58bb1aa4f8f185541372
Opcode Fuzzy Hash: 5495f1955d172fe70d11fa41d13181028f2ae54220a9d0138767cdbf56a9c04e
Instruction Fuzzy Hash: 99417D74704645DFC335CF29C2C0A96B7F4FF09344B108A69E9598BA10E731E945DB92

Function 6C8C85DB Relevance: 6.1, APIs: 4, Instructions: 108threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C8C85EB
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C8620
_CxxThrowException.MSVCR100(6C8B38B0,6C91FE78,?,?), ref: 6C8C862E
std::exception::exception.LIBCMT(?,?), ref: 6C8C8703

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
String ID:
API String ID: 1840351702-0
Opcode ID: 63bdf6c85cecfa6b10d5b51d01470dbbe2de7b361eca23fa41a17b6370adde39
Instruction ID: 0090de95553b113d3aaac6dd3982645f24684b52c9738ec843b2d50105547e26
Opcode Fuzzy Hash: 63bdf6c85cecfa6b10d5b51d01470dbbe2de7b361eca23fa41a17b6370adde39
Instruction Fuzzy Hash: 5241C371645248DFDF21CF65C2C8A9DBBB0AF0031CF144C6AD85267A51D770ED89CB92

Function 6C8819A5 Relevance: 6.1, APIs: 4, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_isleadbyte_l.MSVCR100(?,?,?,?,?,?), ref: 6C8892C2
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 6C8892E8
_errno.MSVCR100(?,?,?,?), ref: 6C8AA17D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide_errno_isleadbyte_l
String ID:
API String ID: 911568377-0
Opcode ID: c36aef1b16f624231faeb37626b7bcfaeffb260a032be42b57de606484885275
Instruction ID: abec042589e2e22b07f42a149a9974f6b03c923af49ad650ae4a2c34d8437a7a
Opcode Fuzzy Hash: c36aef1b16f624231faeb37626b7bcfaeffb260a032be42b57de606484885275
Instruction Fuzzy Hash: 6B31D33160624AEFDB20DFA8CD80AAD7BB6BF02314B144A6AE4758BD91E731D941CF50

Function 6C88EF9C Relevance: 6.1, APIs: 4, Instructions: 99COMMONLIBRARYCODE

Download Yara Rule

APIs

__isctype_l.LIBCMT(7FFFFFFF,00000001,00000000,00000099,7FFFFFFF,00000000,00000000,00000000,00000000,00000099,7FFFFFFF,00000000), ref: 6C8AA2E4
_isleadbyte_l.MSVCR100(00000008,00000000,00000099,7FFFFFFF,00000000,00000000,00000000,00000000,00000099), ref: 6C8AA320
__crtLCMapStringA.MSVCR100(00000000,?,00000100,00000000,00000001,7FFFFFFF,00000003,?,00000001,00000099,7FFFFFFF,00000000,00000000,00000000,00000000,00000099), ref: 6C8AA36D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: String__crt__isctype_l_isleadbyte_l
String ID:
API String ID: 150061899-0
Opcode ID: f7d9de18de3688a9384fe264b6b44a006c77173d38ef939bd1b8464381d42120
Instruction ID: 7095560300efab7f078be271b7c15cc86783763e01a6604d22eae5faa81d3868
Opcode Fuzzy Hash: f7d9de18de3688a9384fe264b6b44a006c77173d38ef939bd1b8464381d42120
Instruction Fuzzy Hash: C131593190924DAFDF21CB98C945FEE7FB4AF01318F0448A9E4549BA82C775D546CFA0

Function 6C87F6A8 Relevance: 6.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

_CallDestructExceptionObject.LIBCMT ref: 6C87F721
_global_unwind2.MSVCR100(?), ref: 6C87F72D
_local_unwind2.MSVCR100(?,?), ref: 6C87F73A
_local_unwind2.MSVCR100(?,000000FF), ref: 6C87F790

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _local_unwind2$CallDestructExceptionObject_global_unwind2
String ID:
API String ID: 277650583-0
Opcode ID: a9c57badb05076d457bd60b1244720519eeb5ec2f6905369dde1fe81f98cf5ae
Instruction ID: 2f2a1c5c19a4ba23e87a9f154d1279b5b9848c7d0bcb613ad49c35864d07ed5f
Opcode Fuzzy Hash: a9c57badb05076d457bd60b1244720519eeb5ec2f6905369dde1fe81f98cf5ae
Instruction Fuzzy Hash: 0A31D532A002089BCB30DFADCD809AEB7A4FB153A4F458965EC199B244E734FA15C7F0

Function 6C8B6508 Relevance: 6.1, APIs: 4, Instructions: 91sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ.MSVCR100(6C8B6670,0000002C,6C8B69F9,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B652C

Part of subcall function 6C8B6E51: _SpinWait.LIBCMT(00000FA0,00000FA0,?,6C8BAD21,00000000), ref: 6C8B6E6B

?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100(6C8B6670,0000002C,6C8B69F9,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B6572
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ.MSVCR100(6C8B6670,0000002C,6C8B69F9,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B65C2
Sleep.KERNEL32(00000001,6C8B6670,0000002C,6C8B69F9,00000000,-00000004,-00000004,00000000,00000000,?,6C8BF96F,?,?,6C8B9C78,?), ref: 6C8B65E2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@Spin$AcquireLock@details@ReaderWrite@_Writer$A@@details@Once@?$_SleepWaitWait@$0
String ID:
API String ID: 947146699-0
Opcode ID: 9a75af2f04a68c00376cc927a08d475414b5a25a080ec22e479ff570d7123f17
Instruction ID: 2b2c9bac90c9a9091d90a26f1be4a9ea3e80b4667c0c51419d800a382640cf26
Opcode Fuzzy Hash: 9a75af2f04a68c00376cc927a08d475414b5a25a080ec22e479ff570d7123f17
Instruction Fuzzy Hash: 8D414171A017498FEB28CFA8C7447CEBBB1AF04318F140929D451B7B81CB75E918CBA5

Function 6C88489C Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A986D
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9878
_errno.MSVCR100 ref: 6C8A9881
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A988C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: c3d6eaa9eee9f134ec7c17922ac70990d059539d88e92a874fd5c09d6225e68c
Instruction ID: 232ca5cf589762e65597ea8cc27d29024e0b64bfb5ca8ec6ab29976543530cc9
Opcode Fuzzy Hash: c3d6eaa9eee9f134ec7c17922ac70990d059539d88e92a874fd5c09d6225e68c
Instruction Fuzzy Hash: 6E21F977A072758BDB349F29CE106B633B4FFC2B587644959E8918BF50E3329941C390

Function 6C896D21 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D8E
_get_osfhandle.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D98
GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896D9F
DuplicateHandle.KERNEL32(00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C896DA6

Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?,?,?,?,6C88A865,?,6C88A880,00000010), ref: 6C88A795
Part of subcall function 6C88A78A: _get_osfhandle.MSVCR100(?), ref: 6C88A7B8
Part of subcall function 6C88A78A: CloseHandle.KERNEL32(00000000), ref: 6C88A7BF

_errno.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C8B0539
__doserrno.MSVCR100(?,00000000,?,?,?,6C896CEC,?,?,6C896D08,00000010), ref: 6C8B0544

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _get_osfhandle$CurrentHandleProcess$CloseDuplicate__doserrno_errno
String ID:
API String ID: 4219055303-0
Opcode ID: 281181b6ec3e7ac681acadf54f59f32ccba861654bfcb2dc67ac906c8b155e73
Instruction ID: c77c5110701ef7eb03ebd44bd57f0b929e98da9aca2c2e18cb30c1b53da51d32
Opcode Fuzzy Hash: 281181b6ec3e7ac681acadf54f59f32ccba861654bfcb2dc67ac906c8b155e73
Instruction Fuzzy Hash: D1312731204685AFDF11CF68C6C4E953BF9EF0A308B1545A9E944DFB62D731EA05CB50

Function 6C8896F6 Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

_towlower_l.MSVCR100(?,?,?), ref: 6C88973E

Part of subcall function 6C882939: iswctype.MSVCR100(?,00000001,?,?,?,?,?,?,?), ref: 6C88297D

_towlower_l.MSVCR100(?,?,?,?,?), ref: 6C88974E
_errno.MSVCR100 ref: 6C8AC6CA
_invalid_parameter_noinfo.MSVCR100 ref: 6C8AC6D5

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _towlower_l$_errno_invalid_parameter_noinfoiswctype
String ID:
API String ID: 2204055994-0
Opcode ID: ba0f12c23ae9cc6553eda531eafe76f1f3573c430cfd055574d5848509f427d6
Instruction ID: 96a36d8e8a43e42d4dc743abc853caad54d3a15d0a55a7ffb9d0256d454a05c2
Opcode Fuzzy Hash: ba0f12c23ae9cc6553eda531eafe76f1f3573c430cfd055574d5848509f427d6
Instruction Fuzzy Hash: CC21387650225A87DF30EEE99F806BA36A8BF01618B600C16E860DBE91E734CD41D7B0

Function 6C8BA7E0 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

Part of subcall function 6C8BA9A9: _fabs.LIBCMT(00000000,00000000,00000000,00000000,?,6C8BA8D7,00000000,00000000,?,6C8BA6BD), ref: 6C8BA9E1

sqrt.MSVCR100(?,?,?,?,?), ref: 6C8BA85F
_fabs.LIBCMT(?,?,?,?,?), ref: 6C8BA86D

Part of subcall function 6C901157: __ctrlfp.LIBCMT ref: 6C901170
Part of subcall function 6C901157: __except1.LIBCMT ref: 6C9011BC

_fabs.LIBCMT(?,?,?,?,?), ref: 6C8BA88E
exp.MSVCR100(?,?,?,?,?), ref: 6C8BA89C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fabs$__ctrlfp__except1sqrt
String ID:
API String ID: 2723176039-0
Opcode ID: 56a70770359811d0e23ad2ede32f262bff5bb255fbde349cdd7208e3a7c3cfca
Instruction ID: 6b144bb232f895721c59c411800139b712725a6138edb8fa706469d233ac7b77
Opcode Fuzzy Hash: 56a70770359811d0e23ad2ede32f262bff5bb255fbde349cdd7208e3a7c3cfca
Instruction Fuzzy Hash: F4210472E00508E7CB146FA8E5884EDFFB4FF45254F2188A9E4A4B2780DF31EA249794

Function 6C8B7D24 Relevance: 6.1, APIs: 4, Instructions: 76timeCOMMON

Download Yara Rule

APIs

?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,000000FF), ref: 6C8B7D63
GetLastError.KERNEL32 ref: 6C8B7D70
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,000000FF), ref: 6C8B7D82

Part of subcall function 6C8B7406: CreateTimerQueue.KERNEL32(AFCD3F0C,?,00000000,AFCD3F0C,?,00000000,AFCD3F0C,00000000,6C8B5CBE,6C8B5C86), ref: 6C8B742E
Part of subcall function 6C8B7406: std::exception::exception.LIBCMT(6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B7487
Part of subcall function 6C8B7406: _CxxThrowException.MSVCR100(AFCD3F0C,6C88BDD8,6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B749C

DeleteTimerQueueTimer.KERNEL32(00000000,?,000000FF), ref: 6C8B7D88

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Timer$Concurrency@@QueueQueue@details@Shared$CreateDeleteErrorExceptionLastThrowstd::exception::exception
String ID:
API String ID: 3155262267-0
Opcode ID: 57f5c814f8f9f65e3b42b3919432e7aae4fde34f911cebbf00f3a221f6f17410
Instruction ID: 811c8ccdef8823ff9749e53e955c8eda2df5c0df2e72e68003eeb4ffc6b74537
Opcode Fuzzy Hash: 57f5c814f8f9f65e3b42b3919432e7aae4fde34f911cebbf00f3a221f6f17410
Instruction Fuzzy Hash: D72186306003149FD7318E19CE8492677F5EF413A6B188E29E469ABB94DB30EC01CB71

Function 6C895FCE Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

_wcspbrk.LIBCMT(?,6C896018,?,00000000,6C896602,?,?,?,?,?,?,6C8959BB), ref: 6C895FF5
_calloc_crt.MSVCR100(00000004,00000001,?,00000000,6C896602,?,?,?,?,?,?,6C8959BB), ref: 6C89603C
free.MSVCR100(00000000,?,00000000,6C896602,?,?,?,?,?,?,6C8959BB), ref: 6C896078
_wmatch.LIBCMT ref: 6C8A7738

Part of subcall function 6C895F95: _malloc_crt.MSVCR100(00000008,?,6C8CCE77,?,00000000,-00000002,6C924BD8), ref: 6C895F9C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_malloc_crt_wcspbrk_wmatchfree
String ID:
API String ID: 588445202-0
Opcode ID: 9ced1a3a7bdce8cc56ce2aae9f3b679f6113f7b90caa390b9593318b135b98c2
Instruction ID: ab7d26f3ce2019439d35296bb7f56d80a09538fc4d843e2775c31fa7d7706183
Opcode Fuzzy Hash: 9ced1a3a7bdce8cc56ce2aae9f3b679f6113f7b90caa390b9593318b135b98c2
Instruction Fuzzy Hash: AE21A4B6759910CFCB71CF2DDB80455B7F5EF86724335092AD494EBA50E632E8418BC0

Function 6C8CCB67 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

_mbspbrk.MSVCR100(?,6C8CCC20,?,00000000,6C8CC07C,?,?,?,?,?,?,6C8A7432), ref: 6C8CCB8B
_match.LIBCMT ref: 6C8CCB98
_calloc_crt.MSVCR100(00000004,00000002,?,00000000,6C8CC07C,?,?,?,?,?,?,6C8A7432), ref: 6C8CCBCC
free.MSVCR100(?,?,00000000,6C8CC07C,?,?,?,?,?,?,6C8A7432), ref: 6C8CCC08

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _calloc_crt_match_mbspbrkfree
String ID:
API String ID: 518297505-0
Opcode ID: 3af9156fd968177b4800d2fd4fdce0beda07a18b46986b5936cbc0cbffd05c8d
Instruction ID: 336251ba730495db37d41f6923f7172e99a0037b5e088e1c850c78e484da292e
Opcode Fuzzy Hash: 3af9156fd968177b4800d2fd4fdce0beda07a18b46986b5936cbc0cbffd05c8d
Instruction Fuzzy Hash: 5C11EB72B09910AFCB32AF5DCA40415B7F9EB9A7243354D6AD4D4D7A12D730D8418742

Function 6C8C8EC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCR100(00000010), ref: 6C8C8F10
GetLastError.KERNEL32 ref: 6C8C8F1C
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C8F33
_CxxThrowException.MSVCR100(00000000,6C9200DC), ref: 6C8C8F4A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow
String ID:
API String ID: 887365526-0
Opcode ID: 79f8e1abb99a49978f45abc6a8e65f9e4b13ec9bd464bd5e7187efc2b843191f
Instruction ID: b5ed28ac47072573d552f5b522ee4dfb82d65fac3af94c21ae541744a37ba932
Opcode Fuzzy Hash: 79f8e1abb99a49978f45abc6a8e65f9e4b13ec9bd464bd5e7187efc2b843191f
Instruction Fuzzy Hash: 0721F6317616059FD720DB78CA44B9A37E4BF05328F104E7AA868E7AD0E734D904CBA2

Function 6C8CBFDC Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,6C926CD0,00000104,?,?,?,?,?,?,6C8A7432), ref: 6C8CBFFA
_parse_cmdline.LIBCMT ref: 6C8CC025
_malloc_crt.MSVCR100(?,?,?,?,?,?,?,6C8A7432), ref: 6C8CC048
_parse_cmdline.LIBCMT ref: 6C8CC061

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _parse_cmdline$FileModuleName_malloc_crt
String ID:
API String ID: 3364912563-0
Opcode ID: a493574e966e19ea94456676d178a30e23f89bed8d5d29a6d72a562b4834d9ec
Instruction ID: f96c039f2f221a6d9da1685e62991706d49a0d46b1e45787bae79f9e05eb17fa
Opcode Fuzzy Hash: a493574e966e19ea94456676d178a30e23f89bed8d5d29a6d72a562b4834d9ec
Instruction Fuzzy Hash: 00117F72705214ABDB20DBB9CD40ADE37FCEB46774F200A26E541E7AC1D770EA008791

Function 6C8DB84F Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

_strlen.LIBCMT(?), ref: 6C8DB871
MultiByteToWideChar.KERNEL32(?,00000009,?,000000FF,00000000,00000000), ref: 6C8DB897
_errno.MSVCR100 ref: 6C8DB8A1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide_errno_strlen
String ID:
API String ID: 4023183037-0
Opcode ID: 01521953c857eaacbc9801e53be8b099127e4f7865f198727c26702ca6b1e482
Instruction ID: 5842fab2b407762cc90f876d3b454a4c1a5f0808f5ca755e0c01464a665f6cf3
Opcode Fuzzy Hash: 01521953c857eaacbc9801e53be8b099127e4f7865f198727c26702ca6b1e482
Instruction Fuzzy Hash: 25112731905269AFEB309B69C904ABD7BB4EF022BDF250BA5E0705B5D0DB319885D750

Function 6C8C0B09 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32(?,?,00000000,?,?,?,6C8C0A36,00000000,00000001,?,?,6C8C0A58), ref: 6C8C0B2B
QueryDepthSList.KERNEL32(?,?,00000000,?,?,?,6C8C0A36,00000000,00000001,?,?,6C8C0A58), ref: 6C8C0B3F
CloseHandle.KERNEL32(?,?,?,?,6C8C0A36,00000000,00000001,?,?,6C8C0A58), ref: 6C8C0B61
InterlockedPushEntrySList.KERNEL32(?,-00000004,?,?,?,6C8C0A36,00000000,00000001,?,?,6C8C0A58), ref: 6C8C0B79

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: List$CloseDepthEntryHandleInterlockedPushQueryValue
String ID:
API String ID: 94243546-0
Opcode ID: 78e9bcaee23a14a68a1accb9cbd0f570bb58c70603159e9e612b1ce983f5cc7e
Instruction ID: b9796c23cff1ec9c880c18f711279c4a296b42b1a5116a8426988adcac42b92c
Opcode Fuzzy Hash: 78e9bcaee23a14a68a1accb9cbd0f570bb58c70603159e9e612b1ce983f5cc7e
Instruction Fuzzy Hash: F421F571601254ABDB35CF24C588B9E77F8FF41369F100939E84ADB680DB30E948CBA1

Function 6C8C8719 Relevance: 6.1, APIs: 4, Instructions: 68threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C8C8726
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C8753
_CxxThrowException.MSVCR100(6C8B38B0,6C91FE78,?,?), ref: 6C8C8761
std::exception::exception.LIBCMT(?,?), ref: 6C8C87BE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
String ID:
API String ID: 1840351702-0
Opcode ID: 839ad998d7fe34547e95910df24ba8b3dfd461b48d76c369cc9efca5d8086cfd
Instruction ID: 24b2a7499f4540a5760152e122111673ddc609020425754c0b5e02007fb7d50e
Opcode Fuzzy Hash: 839ad998d7fe34547e95910df24ba8b3dfd461b48d76c369cc9efca5d8086cfd
Instruction Fuzzy Hash: 6021D475744249AFCB30DB69C6C89AEBBB4AF42308B144D3AD111A3E10EB30E95CCB52

Function 6C88CD87 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C88CE28,00000014), ref: 6C88CDD4

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fgetwc_nolock.MSVCR100(?,?,?,6C88CE28,00000014), ref: 6C88CDE9
_errno.MSVCR100(6C88CE28,00000014), ref: 6C892E04
_invalid_parameter_noinfo.MSVCR100(6C88CE28,00000014), ref: 6C8A86B0

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fgetwc_nolock_invalid_parameter_noinfo_lock_lock_file
String ID:
API String ID: 3916178533-0
Opcode ID: d86b4993c6abe2456bffb69ecf767a00f9e8f88baca6144cc2e126eaa22bbdbd
Instruction ID: dfaaa942b617f7e6e202165f457601a6fc768b8eb86136bae07f8cd27d222a01
Opcode Fuzzy Hash: d86b4993c6abe2456bffb69ecf767a00f9e8f88baca6144cc2e126eaa22bbdbd
Instruction Fuzzy Hash: 9D1193319472599FDB30AFACC7840AD76B0AF44328B308D3AE465D7E95D73889869B90

Function 6C88F300 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C88F313
DName::operator+.LIBCMT ref: 6C88F31A
DName::operator+.LIBCMT ref: 6C88F3A0
DName::operator+.LIBCMT ref: 6C8AE932

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: 2d74e652d1eddbfc2695cdaf57885fccb6fbfe3527c88b8499a48b5d84604d8c
Instruction ID: f502c3be948b500c1a8eb641f26cc0808de7932af04bbc0bd1d1218de0b56d31
Opcode Fuzzy Hash: 2d74e652d1eddbfc2695cdaf57885fccb6fbfe3527c88b8499a48b5d84604d8c
Instruction Fuzzy Hash: 7921A4749462899FCB30DF68C650AE9BBF4AF1A208F184C6BD5C597F50D730A945CF10

Function 6C8C78E2 Relevance: 6.1, APIs: 4, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C78E9
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100 ref: 6C8C78F8
??2@YAPAXI@Z.MSVCR100(00000038), ref: 6C8C7938
WaitForSingleObject.KERNEL32(?,000000FF,00000004,6C8C7803), ref: 6C8C798B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??2@AcquireConcurrency@@H_prolog3Lock@details@ObjectReaderSingleWaitWrite@_Writer
String ID:
API String ID: 355943780-0
Opcode ID: b495df96af613e6b9b713dc45d41c02b25e22a45ed8a15e5c2d47eb915100cb8
Instruction ID: b7308c3319cfd1cfb0cdae691880e0d4cfdbcfe10bfa78589b0427e4b9917448
Opcode Fuzzy Hash: b495df96af613e6b9b713dc45d41c02b25e22a45ed8a15e5c2d47eb915100cb8
Instruction Fuzzy Hash: 7E219F70B066129BD725CF28CA40758B7B1BF41728F204B68D4659BED0DB74F949CB92

Function 6C8C222C Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8C225F
_CxxThrowException.MSVCR100(?,6C920034), ref: 6C8C2274
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C229A
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8C22B3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_os$ExceptionThrowstd::exception::exception
String ID:
API String ID: 3087931431-0
Opcode ID: 915d10a00e38928f3360524e55130d59c45691fd0ce89a8c4ac78658a71d63a1
Instruction ID: aaf0873f1b5ff5c712480af4d0ea7bb35365dcff604059446b2ca9d2a6fb01f6
Opcode Fuzzy Hash: 915d10a00e38928f3360524e55130d59c45691fd0ce89a8c4ac78658a71d63a1
Instruction Fuzzy Hash: 3611BF36B05205E7CF20DFACC6C8C9EF7A86F453147209A3EE42197E80CB78D5498643

Function 6C8B90E6 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8B9107

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(?,6C91FE98), ref: 6C8B911C
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8B913A
SetEvent.KERNEL32(?), ref: 6C8B9185

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_osCopy_strEventExceptionThrowstd::exception::_std::exception::exception
String ID:
API String ID: 1689211050-0
Opcode ID: 815ed074c052a5d218bfe71789fbc85d4ab9073ba11ed6b2313326b11cc00997
Instruction ID: 8329753bdf9a8d4c974d0b0e2163056127775040ccc786f78faf685eda98edc1
Opcode Fuzzy Hash: 815ed074c052a5d218bfe71789fbc85d4ab9073ba11ed6b2313326b11cc00997
Instruction Fuzzy Hash: 96117F72900208EFCB15DF68C9859DE7B78EF55368B108875E819ABB11EB34EA45CBD0

Function 6C88F2FC Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C88F313
DName::operator+.LIBCMT ref: 6C88F31A
DName::operator+.LIBCMT ref: 6C88F3A0
DName::operator+.LIBCMT ref: 6C8AE932

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: bddf79b7a0371d53103e971424d113d842cbdc3d04bc45487b43b1cae1d1bc71
Instruction ID: f35c094e665aa62fae0e65b85d3878bc1482ec6e9b360c1a0949176719c332ff
Opcode Fuzzy Hash: bddf79b7a0371d53103e971424d113d842cbdc3d04bc45487b43b1cae1d1bc71
Instruction Fuzzy Hash: C12181719062899FCB30DF68CA509ED7BF8AF1A308F04486AE58997F50E730A945CF10

Function 6C8C6750 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C8C6793
GetLastError.KERNEL32 ref: 6C8C67A0
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C67B8
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C67C6

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionLastThrow
String ID:
API String ID: 1394060424-0
Opcode ID: 627d1357d4a020175f6d1a2bec49cb435076c7d81f59d481c793884943c20482
Instruction ID: 8db72917cd430c038ba7c279f49d4adfdda5cecb462b677c06fb9170bdaf9e1c
Opcode Fuzzy Hash: 627d1357d4a020175f6d1a2bec49cb435076c7d81f59d481c793884943c20482
Instruction Fuzzy Hash: B4115BB1600700AFC330DF6AC985A6BBBE8BF996147514D3EF19AC3E10D634E849CB65

Function 6C8B933A Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8B935C

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(?,6C91FE78,?), ref: 6C8B9371

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

SignalObjectAndWait.KERNEL32(?,?,000000FF,00000001), ref: 6C8B93BA
SetEvent.KERNEL32(?), ref: 6C8B93C9

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Exception$Copy_strEventObjectRaiseSignalThrowWaitstd::exception::_std::exception::exception
String ID:
API String ID: 1437111950-0
Opcode ID: d36f534c811ca441e90f8340893e0a64e09ffaaf8276331db6ba32aa2e5ebdd1
Instruction ID: 17f19b609939fe1ee5c973f971cf2918c8fd61c21615bfdb12a05e3bca3b7b07
Opcode Fuzzy Hash: d36f534c811ca441e90f8340893e0a64e09ffaaf8276331db6ba32aa2e5ebdd1
Instruction Fuzzy Hash: B111CB35100705AFC722DF69C884E8A7BB5FF49368B148A34E416D7B90DF30D908CB90

Function 6C8C575B Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C8C5762
Concurrency::unsupported_os::unsupported_os.LIBCMT(?,?,00000010), ref: 6C8C5773

Part of subcall function 6C8B8594: std::exception::exception.LIBCMT(?), ref: 6C8B85A8

_CxxThrowException.MSVCR100(?,6C92006C,?,?,00000010), ref: 6C8C5781

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

Part of subcall function 6C8C5622: ?wait@event@Concurrency@@QAEII@Z.MSVCR100(000000FF,?,00000000,?,6C8C5801,?,?,?,00000010), ref: 6C8C5643
Part of subcall function 6C8C5622: ?reset@event@Concurrency@@QAEXXZ.MSVCR100(000000FF,?,00000000,?,6C8C5801,?,?,?,00000010), ref: 6C8C564A

Part of subcall function 6C8C0376: TlsGetValue.KERNEL32(6C8C5D05,?,00000000,?,6C8B5C86,00000001), ref: 6C8C037C

??2@YAPAXI@Z.MSVCR100(00000010,?,?,?,00000010), ref: 6C8C57B3

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@Exception$??2@?reset@event@?wait@event@Concurrency::unsupported_os::unsupported_osH_prolog3_catchRaiseThrowValuestd::exception::exception
String ID:
API String ID: 882889270-0
Opcode ID: 24b8e566123d4a021bdf6596ba88a26562199c7a3ce84a53399e168ccfa37b3d
Instruction ID: f2a9b967b0bc9668147ffc5b4f758355c9c6141066f25ef7cea9228ea6d12eed
Opcode Fuzzy Hash: 24b8e566123d4a021bdf6596ba88a26562199c7a3ce84a53399e168ccfa37b3d
Instruction Fuzzy Hash: 9511AC70A41305DBCF20DF38CA90A9DB7A5AF05318B148D79D415ABF11CB38D859EB92

Function 6C8C218F Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8C21CF

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(6C8B3A58,6C920018,?), ref: 6C8C21E4
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(?,6C8B3A58,6C920018,?), ref: 6C8C21EC
std::exception::exception.LIBCMT(?), ref: 6C8C2219

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policystd::exception::exception$Concurrency@@Copy_strElementExceptionKey@2@@Policy@SchedulerThrowValue@std::exception::_
String ID:
API String ID: 2461868040-0
Opcode ID: 57dc6de6896e13cc74489c2caf3c2ab83be75e264cdf0dad83c2621fd81f768f
Instruction ID: eb3131dd3b391b5abbda86000cd9d61c0398390122ee52b31ef9809f942bf4b8
Opcode Fuzzy Hash: 57dc6de6896e13cc74489c2caf3c2ab83be75e264cdf0dad83c2621fd81f768f
Instruction Fuzzy Hash: D9112972B00108FBCB21DF6CD9848DEBB699F81254B10993BE515A7B50CF38EA09C792

Function 6C88FCB3 Relevance: 6.1, APIs: 4, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcslen.LIBCMT(00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FCD5
_wcslen.LIBCMT(00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FCE8
_wcsnicoll.MSVCR100(00000000,00000000,00000000,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C88FD05
___mbtow_environ.LIBCMT ref: 6C8B086D

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _wcslen$___mbtow_environ_wcsnicoll
String ID:
API String ID: 3727037093-0
Opcode ID: 83d00dcfdaf537fb358598376e75fdc515b2a4b6a4e205723763c75e1986d048
Instruction ID: d504a12c057562b395ac1b5450dc32a23ddeb15c73ae58c6ba96d4ca6f56853c
Opcode Fuzzy Hash: 83d00dcfdaf537fb358598376e75fdc515b2a4b6a4e205723763c75e1986d048
Instruction Fuzzy Hash: 6601DB7290A165A7CB314A6DCB40A4A37FDDF9179C7254C39DC84D7F00E735D9828690

Function 6C8923EC Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

_fileno.MSVCR100(?,?,00000001,?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C892431
_lseek.MSVCR100(00000000,?,00000001,?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C892438
_errno.MSVCR100(?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C8A8D1F
_ftell_nolock.MSVCR100(?,?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C8A8D33

Part of subcall function 6C88A665: _fileno.MSVCR100(?,?,?,?,?,?,?,6C88A900,?), ref: 6C88A694
Part of subcall function 6C88A665: _write.MSVCR100(00000000,?,?,?,?,?,?,6C88A900,?), ref: 6C88A69B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _fileno$_errno_ftell_nolock_lseek_write
String ID:
API String ID: 2052885585-0
Opcode ID: e23e1c0d1d23114a4bbc024b3759f70314cc6b3292a722d7c69b4346edb33bb2
Instruction ID: 3f2b8f3b1be8612fbd5d710ffa420c0391cfee682c9e0782be0bf46f8ebb5e33
Opcode Fuzzy Hash: e23e1c0d1d23114a4bbc024b3759f70314cc6b3292a722d7c69b4346edb33bb2
Instruction Fuzzy Hash: F0010072401B559FDB318E6DCA04BCA37A8AF0237CF148E1AE8349AED0E73DD5068B50

Function 6C892214 Relevance: 6.1, APIs: 4, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

_strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892232
_strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892241
__fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C89225D
___wtomb_environ.LIBCMT ref: 6C8B0817

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _strlen$___wtomb_environ__fassign
String ID:
API String ID: 1283471604-0
Opcode ID: d55596b22300f5abed6c146b293a0c4fed9d84db320bb636b13ba8bcf4b5a033
Instruction ID: 5da2366c217b19dacf5cbb01c6d5e9fc333f7ab7d01f1e45a9ef6bb53d1bdf6d
Opcode Fuzzy Hash: d55596b22300f5abed6c146b293a0c4fed9d84db320bb636b13ba8bcf4b5a033
Instruction Fuzzy Hash: 1201F973D0D51497CB318AECCA08A45B3ECEB41B99B344C3EF894A3910E739D84082D2

Function 6C8C0393 Relevance: 6.1, APIs: 4, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C039A

Part of subcall function 6C8BB4E1: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6C8BB503

??0SchedulerPolicy@Concurrency@@QAA@IZZ.MSVCR100(?,00000000,6C924628,0000000C,6C8C0342,?,?,?,6C8B617E,?,6C8C558F,00000000,6C8C5EC0,?,?,?), ref: 6C8C03DD
memcpy.MSVCR100(?,?,00000024,6C924628,0000000C,6C8C0342,?,?,?,6C8B617E,?,6C8C558F,00000000,6C8C5EC0,?,?), ref: 6C8C03F8
??3@YAXPAX@Z.MSVCR100(?,?,6C8B617E,?,6C8C558F,00000000,6C8C5EC0,?,?,?,00000000,?,?,?,6C8C5DCC,00000001), ref: 6C8C0422

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency@@Spin$??3@H_prolog3Once@?$_Policy@SchedulerWait@$00@details@memcpy
String ID:
API String ID: 3595554022-0
Opcode ID: c85c4207e039d5f6d5aedcc6ad60428009aabd6ff80002d89426ee3787a6a65d
Instruction ID: e2763197389be081f847c1b0357c541623556bd041c46b1a6140c21f50a98903
Opcode Fuzzy Hash: c85c4207e039d5f6d5aedcc6ad60428009aabd6ff80002d89426ee3787a6a65d
Instruction Fuzzy Hash: 25119E71B162548BDF20CF68CE80BAD73B0AF09318F200878E510EBF90DB39DA448B65

Function 6C882B2A Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

_msize.MSVCR100(?), ref: 6C882B59
realloc.MSVCR100(?,?), ref: 6C882B65
_memset.LIBCMT(00000000,00000000,?), ref: 6C882B7E
_errno.MSVCR100 ref: 6C8AF352

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_memset_msizerealloc
String ID:
API String ID: 1728161066-0
Opcode ID: 5429b36844b1c51c28563ff91aa890585944cbb2be13d04acb69f0e001fb0dba
Instruction ID: da24c905f3c6157c978849e03bc34bebdd97695249bb0e79f896246993388bdb
Opcode Fuzzy Hash: 5429b36844b1c51c28563ff91aa890585944cbb2be13d04acb69f0e001fb0dba
Instruction Fuzzy Hash: 09F04937207216BFDB344DA9DDCCD9B3B59DBC0678B244D3AF91886E40EA3488048290

Function 6C887F02 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

_calloc_crt.MSVCR100(00000001,00000164), ref: 6C887F23
InterlockedDecrement.KERNEL32(?), ref: 6C895B3B
___free_lc_time.LIBCMT ref: 6C8B1681
free.MSVCR100(00000000,00000000), ref: 6C8B1687

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecrementInterlocked___free_lc_time_calloc_crtfree
String ID:
API String ID: 1841316378-0
Opcode ID: 4cedc0d3b37b6b819dd67c46165726af080afa52a45be450a431e31163c8f96e
Instruction ID: add40fd65cd7894b73f0930fd3a8b0d58ccd4aae672596c0d296b386a8eb9807
Opcode Fuzzy Hash: 4cedc0d3b37b6b819dd67c46165726af080afa52a45be450a431e31163c8f96e
Instruction Fuzzy Hash: B001FE3234A3056BD720567D9E4075676EDD78336CF240D3AE519EBF40EB71DC018260

Function 6C8CAAC5 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 6C8CACEA: GetCurrentThreadId.KERNEL32 ref: 6C8CAD16
Part of subcall function 6C8CACEA: swprintf.LIBCMT(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,6C8CAA8C,?,?,?), ref: 6C8CAD40
Part of subcall function 6C8CACEA: _vswprintf_s.LIBCMT(00000401,00000401,?,6C8CAA8C,?,00000002,000000F8,?,6C8CAA8C,?,?,?), ref: 6C8CAD62
Part of subcall function 6C8CACEA: _wcslen.LIBCMT(?,00000401,00000401,?,6C8CAA8C,?,00000002,000000F8,?,6C8CAA8C,?,?,?), ref: 6C8CAD68

_fwprintf.LIBCMT(6C922048,?), ref: 6C8CAB11

Part of subcall function 6C8D49A4: _errno.MSVCR100(6C8D4A30,0000000C,6C8CA97A,?), ref: 6C8D49C0
Part of subcall function 6C8D49A4: _invalid_parameter_noinfo.MSVCR100(6C8D4A30,0000000C,6C8CA97A,?), ref: 6C8D49CB

__aullrem.LIBCMT ref: 6C8CAB28
fflush.MSVCR100(00000032,00000000), ref: 6C8CAB45

Part of subcall function 6C88FECF: _lock_file.MSVCR100(?,6C88FF18,0000000C), ref: 6C88FEE9
Part of subcall function 6C88FECF: _fflush_nolock.MSVCR100(?,6C88FF18,0000000C), ref: 6C88FEF5

OutputDebugStringW.KERNEL32(?), ref: 6C8CAB54

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentDebugOutputStringThread__aullrem_errno_fflush_nolock_fwprintf_invalid_parameter_noinfo_lock_file_vswprintf_s_wcslenfflushswprintf
String ID:
API String ID: 2952570019-0
Opcode ID: 9ae47f18684670cc4b8c1dfb7ecdc24e5e84dae4544332d0962a55145851f077
Instruction ID: 1520128a61628c254e1fef65ae1d247d40c53adf805a8da8fee9d9dc6a915e9f
Opcode Fuzzy Hash: 9ae47f18684670cc4b8c1dfb7ecdc24e5e84dae4544332d0962a55145851f077
Instruction Fuzzy Hash: 25118E31B14248AFCF60CF64CE0AB993BB8FB15718F204469E484E6940EB35DA48CB10

Function 6C893DD5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,00000000), ref: 6C8AAA85
_invalid_parameter_noinfo.MSVCR100(00000000,00000000), ref: 6C8AAA90
_errno.MSVCR100(00000000,00000000,00000000), ref: 6C8AAA99
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,00000000), ref: 6C8AAAA4

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: dadaf8a595f0c1cbaa57641133ffbf19a09de834fc34bf6b7a23a5bd6981d78f
Instruction ID: 6eb25bd9457581b885f2340299956ec0ffb69546240fe5ed9edf7d959f5945b9
Opcode Fuzzy Hash: dadaf8a595f0c1cbaa57641133ffbf19a09de834fc34bf6b7a23a5bd6981d78f
Instruction Fuzzy Hash: 4D11E1305052599BDF31AFA8C6007EE7BE0AB41318F148D79C4215BE80EB719A46CEC0

Function 6C8C0A85 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C8C0376: TlsGetValue.KERNEL32(6C8C5D05,?,00000000,?,6C8B5C86,00000001), ref: 6C8C037C

Concurrency::unsupported_os::unsupported_os.LIBCMT(?,00000000,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8C0AAB

Part of subcall function 6C8B816F: std::exception::exception.LIBCMT(?,00000000,?,?,6C8C0AB0,?,00000000), ref: 6C8B8183

_CxxThrowException.MSVCR100(?,6C91FFD4,?,00000000,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8C0AB9

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

TlsSetValue.KERNEL32(00000000), ref: 6C8C0AD4
TlsSetValue.KERNEL32(00000000,?,?,?,?,00000000,?,6C8B5C86,00000001), ref: 6C8C0AFE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Value$Exception$Concurrency::unsupported_os::unsupported_osRaiseThrowstd::exception::exception
String ID:
API String ID: 1973407479-0
Opcode ID: e7aef08759bc1b8901514967891bc69bf02d933ca3595ed9aa7f21f341229b0a
Instruction ID: f5a7b3f72b79ec83a05b8b7efab5d489d1170f17ef2dfd9c3b501dc0945dff03
Opcode Fuzzy Hash: e7aef08759bc1b8901514967891bc69bf02d933ca3595ed9aa7f21f341229b0a
Instruction Fuzzy Hash: 0201D471605214ABDB32DB6CCA44A9EBBB8EF42398B010976E05593B50DB30E8048B95

Function 6C8B8C86 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 6C8C0376: TlsGetValue.KERNEL32(6C8C5D05,?,00000000,?,6C8B5C86,00000001), ref: 6C8C037C

SetEvent.KERNEL32(?), ref: 6C8B8CD8
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8B8CEA

Part of subcall function 6C8B6B4E: _memset.LIBCMT(?,00000000,0000003E,00000002,6C8C0AF2), ref: 6C8B6B6D

_CxxThrowException.MSVCR100(?,6C91FEEC), ref: 6C8B8CF8
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8B8D00

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_os$EventExceptionThrowValue_memset
String ID:
API String ID: 3607046972-0
Opcode ID: afbd9e144e768777325e0f9e6e893415d7143aca41ee23b1b3fcdc9de3b5ff8e
Instruction ID: 98c08e9ce311e3d46e00836f7b6353216596cbdb29c12c75729fb2cf5872925c
Opcode Fuzzy Hash: afbd9e144e768777325e0f9e6e893415d7143aca41ee23b1b3fcdc9de3b5ff8e
Instruction Fuzzy Hash: 200128B0901605ABD7309738CA54A997779AB41318F154D2AD865F2F91DF30E408C750

Function 6C8B874F Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(?), ref: 6C8B8770

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(?,6C91FE98), ref: 6C8B8785
TlsGetValue.KERNEL32(?), ref: 6C8B8796
Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6C8B87AE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::unsupported_os::unsupported_osCopy_strExceptionThrowValuestd::exception::_std::exception::exception
String ID:
API String ID: 3937123494-0
Opcode ID: 6d271f970ddd362d6c3b26e46668d8011d51a3da6faae9e6f758681db088775f
Instruction ID: e19dba5ba96dffac1efe282690567d8a01ba5f8773e62b34a45eb53379ddd07a
Opcode Fuzzy Hash: 6d271f970ddd362d6c3b26e46668d8011d51a3da6faae9e6f758681db088775f
Instruction Fuzzy Hash: 6601B57690010AABC720EF69CA84C89FBB8AF4531C7148972E91477F11DB30D948CBA4

Function 6C8C7EE6 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C8C7F10
GetLastError.KERNEL32(?,00000000,00000000), ref: 6C8C7F1D
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000), ref: 6C8C7F35
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,00000000,00000000), ref: 6C8C7F43

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionLastThrow
String ID:
API String ID: 1394060424-0
Opcode ID: 293e7edeae373fc1b36fa870ebc27f600f51b4e9d9ebc398ba050b2c24363cf4
Instruction ID: 24e36adb1503e2b7e3688f51f3d21c9eccfc7444f52f42c9943e9f5ad62abef5
Opcode Fuzzy Hash: 293e7edeae373fc1b36fa870ebc27f600f51b4e9d9ebc398ba050b2c24363cf4
Instruction Fuzzy Hash: 71011AB1500705AFC7309F6A8DC495BBAECBB142487904D3DE09AD2A41E734E948CBA1

Function 6C8B7DE5 Relevance: 6.0, APIs: 4, Instructions: 46timeCOMMON

Download Yara Rule

APIs

?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,00000000), ref: 6C8B7E0C

Part of subcall function 6C8B7406: CreateTimerQueue.KERNEL32(AFCD3F0C,?,00000000,AFCD3F0C,?,00000000,AFCD3F0C,00000000,6C8B5CBE,6C8B5C86), ref: 6C8B742E
Part of subcall function 6C8B7406: std::exception::exception.LIBCMT(6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B7487
Part of subcall function 6C8B7406: _CxxThrowException.MSVCR100(AFCD3F0C,6C88BDD8,6C8B5C86,00000001,AFCD3F0C,?,00000000,AFCD3F0C), ref: 6C8B749C

GetLastError.KERNEL32 ref: 6C8B7E19
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,00000000), ref: 6C8B7E2B
DeleteTimerQueueTimer.KERNEL32(00000000,?,00000000), ref: 6C8B7E31

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Timer$Concurrency@@QueueQueue@details@Shared$CreateDeleteErrorExceptionLastThrowstd::exception::exception
String ID:
API String ID: 3155262267-0
Opcode ID: 72850113de2463302a391aad1fc21fd88e867b3867f9c7cba700668e50b4f7d6
Instruction ID: f7dd9dc36dc245a510c7f4adcd5e27b3778b0248a2a544fbed6c24871e8d5c59
Opcode Fuzzy Hash: 72850113de2463302a391aad1fc21fd88e867b3867f9c7cba700668e50b4f7d6
Instruction Fuzzy Hash: 1801D6322107049BD7355B18CE84F6B73A8EF41B29F110938F557A6B90DB30EC058AB1

Function 6C895B46 Relevance: 6.0, APIs: 4, Instructions: 45stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_strlen.LIBCMT(00000001,?,00000000,00000000,?,6C8CCA68,?,00000000,00000001,6C926CD0), ref: 6C895B5C
malloc.MSVCR100(00000001,00000001,?,00000000,00000000,?,6C8CCA68,?,00000000,00000001,6C926CD0), ref: 6C895B65

Part of subcall function 6C880233: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C880CEA,00000001,00000001,00000001,?,6C88AB90,00000018,6C88AA18,0000000C,6C8A74F7), ref: 6C880263

strcpy_s.MSVCR100(00000000,00000001,00000001,?,00000000,00000000,?,6C8CCA68,?,00000000,00000001,6C926CD0), ref: 6C895B77
__invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,00000000,00000001,6C926CD0), ref: 6C8A9624

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AllocateHeap__invoke_watson_strlenmallocstrcpy_s
String ID:
API String ID: 2148476615-0
Opcode ID: f51a26993abf4da8e1a4fee8cda051f0ad1970d8c374e1880202262cd7a37b5d
Instruction ID: d13a0a63afd7431f2d5dd5984b77c93aae0001a86ad252f0c5bd78ee5bbfdf04
Opcode Fuzzy Hash: f51a26993abf4da8e1a4fee8cda051f0ad1970d8c374e1880202262cd7a37b5d
Instruction Fuzzy Hash: 2BF0E23320A1197E87300AF9AE848CB7A5ADB862F97250C35E70986D10EB32C41681B0

Function 6C8C7A0E Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C8C7A84: GetLastError.KERNEL32(?,6C8C7A41,00000000,?), ref: 6C8C7AA1
Part of subcall function 6C8C7A84: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,6C8C7A41,00000000,?), ref: 6C8C7AB9
Part of subcall function 6C8C7A84: _CxxThrowException.MSVCR100(?,6C91FEB4,00000000,?,6C8C7A41,00000000,?), ref: 6C8C7AC7
Part of subcall function 6C8C7A84: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,6C8C7A41,00000000,?), ref: 6C8C7AD3
Part of subcall function 6C8C7A84: GetLastError.KERNEL32(?,6C8C7A41,00000000,?), ref: 6C8C7AE0

CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,00000000,?), ref: 6C8C7A46
GetLastError.KERNEL32 ref: 6C8C7A53
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C7A6B
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C7A79

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateEventExceptionThrow
String ID:
API String ID: 1718773336-0
Opcode ID: 02b72abd0d8d8b799a93abc572a8476dcc5802b9ef031857d48644052f246f7a
Instruction ID: 0af0e33ebaa115a11e88401914ce0a895101b7feb5e3333a5d7605612ddb7ffa
Opcode Fuzzy Hash: 02b72abd0d8d8b799a93abc572a8476dcc5802b9ef031857d48644052f246f7a
Instruction Fuzzy Hash: 5E018FB16003159FC730DFA989C5956FBF8BB042087548E3EE05AD3E40D734E908CB60

Function 6C8CB44C Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8CB453
??_U@YAPAXI@Z.MSVCR100(00000100,00000000,6C8B686B,00000000,?,?,?,6C8C5DCC,00000001), ref: 6C8CB474
_memset.LIBCMT(00000000,00000000,00000100,00000000,6C8B686B,00000000,?,?,?,6C8C5DCC,00000001), ref: 6C8CB485
??_U@YAPAXI@Z.MSVCR100(00000100,00000000,00000000,00000100,00000000,6C8B686B,00000000,?,?,?,6C8C5DCC,00000001), ref: 6C8CB4B1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: H_prolog3_memset
String ID:
API String ID: 2828583354-0
Opcode ID: ec5a7706a95bff6afc486cb841d93a4ca0042cfab8f8d0884fd2955db771ff48
Instruction ID: 7b7790384e2b795a5a395c2c0fda99775d0726722fd0d9ffb82fcfd52603bdd1
Opcode Fuzzy Hash: ec5a7706a95bff6afc486cb841d93a4ca0042cfab8f8d0884fd2955db771ff48
Instruction Fuzzy Hash: C611A2B0945B408FD3219F1A8581256FBE4FF48718F904C2ED1DA8BF50D3B4A944CF94

Function 6C8C9120 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?), ref: 6C8C913F

Part of subcall function 6C8B5B2E: _SpinWait.LIBCMT(00000FA0), ref: 6C8B5B4A

SetEvent.KERNEL32(?,?,?,?,?,6C8C7FF8), ref: 6C8C9157
InterlockedPushEntrySList.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C8C7FF8), ref: 6C8C9173
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C8C7FF8), ref: 6C8C9192

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Spin$Event$Concurrency@@EntryInterlockedListOnce@?$_PushWaitWait@$00@details@
String ID:
API String ID: 470319525-0
Opcode ID: 6a9cb2cda684d722af5ce4efae3b823c12f166148212a3f99757364658b5c66b
Instruction ID: 2bb8de850e7b5fa1e8b982d5e6f2b66551b2edabf3e4ad2ddd5fd199d0741632
Opcode Fuzzy Hash: 6a9cb2cda684d722af5ce4efae3b823c12f166148212a3f99757364658b5c66b
Instruction Fuzzy Hash: 48015A31600214AFCB358B25CA497CAB7F8FB06319F0159BAE44A96A00E734E509CBA1

Function 6C884E90 Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.MSVCR100(6C884EF0,0000000C,6C8A9FD5,?,?,6C889233,?), ref: 6C884E9C
_lock.MSVCR100(0000000C), ref: 6C884EB3

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

Part of subcall function 6C884F0C: _unlock.MSVCR100(0000000C,6C884EDD), ref: 6C884F0E

_getptd.MSVCR100 ref: 6C8B0771

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _getptd$CriticalEnterSection_lock_unlock
String ID:
API String ID: 2319614578-0
Opcode ID: 4a2ee01fe5e9e138049febdbf78bdeb6654ebcbfc0f1bd51dc7fbc1a54fa6510
Instruction ID: 070ea8c459ac0da3959aab336f351f1b8ee70aee3c5c3683f012d0a1275cb14c
Opcode Fuzzy Hash: 4a2ee01fe5e9e138049febdbf78bdeb6654ebcbfc0f1bd51dc7fbc1a54fa6510
Instruction Fuzzy Hash: FA01F732A4B250DBD730AB7C8701B8977A0BF8132CF208D68D0106BFC1DB358809DB56

Function 6C8D2A9D Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(00000000,00000000,?,6C8D2C13,?,000000FF,?,00000000,00000000), ref: 6C8D2AAA
_invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,6C8D2C13,?,000000FF,?,00000000,00000000), ref: 6C8D2AB5

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

free.MSVCR100(00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D2AF9
free.MSVCR100(00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C8D2B01

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$_errno_invalid_parameter_invalid_parameter_noinfo
String ID:
API String ID: 4554520-0
Opcode ID: 7489f14a858a2df1f135fe11fdccf1669d527d62b1b11e8f728a0b8671d5f736
Instruction ID: 0302643771b3fa96aa713b908260b3ba998edc7daf6707471fbaf907aae09e19
Opcode Fuzzy Hash: 7489f14a858a2df1f135fe11fdccf1669d527d62b1b11e8f728a0b8671d5f736
Instruction Fuzzy Hash: 8B01A271801108BFCF215F98CD04ADD7A75EF01368F1146A0F429555A0E7318A94DB90

Function 6C893567 Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

free.MSVCR100(?,?,00000000,?,?,6C924F80,6C8A846C), ref: 6C8935BB

Part of subcall function 6C88014E: RtlFreeHeap.NTDLL(00000000,00000000,?,6C8A7602,00000000), ref: 6C880164

free.MSVCR100(?,?,?,00000000,?,?,6C924F80,6C8A846C), ref: 6C8935C3
_errno.MSVCR100(?,?,?,6C8A846C,?), ref: 6C8A831F
_invalid_parameter_noinfo.MSVCR100(?,?,?,6C8A846C,?), ref: 6C8A832A

Part of subcall function 6C8933B8: _wcslen.LIBCMT(?,00000000,6C924F80,00000000,?,?,?,?,?,6C893598,00000000,6C8A846C,?,?,00000000), ref: 6C89340B

Part of subcall function 6C89373E: _memset.LIBCMT(?,00000000,00000044,6C924F80,00000000,00000000), ref: 6C893786
Part of subcall function 6C89373E: _calloc_crt.MSVCR100(?,00000001,6C924F80,00000000,00000000), ref: 6C8937E4
Part of subcall function 6C89373E: __doserrno.MSVCR100(6C924F80,00000000,00000000), ref: 6C89384A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: free$FreeHeap__doserrno_calloc_crt_errno_invalid_parameter_noinfo_memset_wcslen
String ID:
API String ID: 1030453172-0
Opcode ID: 91a7d71734837c5b8f8d16bab574b0639bdf106c428656ce29e236cd97c71266
Instruction ID: 83ccdb6aa836f8846ac66ddd17dd330d234bc4ba775d72386df2cc47cead67a4
Opcode Fuzzy Hash: 91a7d71734837c5b8f8d16bab574b0639bdf106c428656ce29e236cd97c71266
Instruction Fuzzy Hash: 7701367540114CFBCF215F98CE00ADE7B79EF05368F104A61F525666B0E771CA65DB60

Function 6C88BBB9 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C88BBC0
__AdjustPointer.MSVCR100(00000000,?,00000004,6C88BCE1,00000000,?), ref: 6C88BBEF
__AdjustPointer.MSVCR100(00000000,?,00000001,00000004,6C88BCE1,00000000,?), ref: 6C8A71EB
memcpy.MSVCR100(?,00000000,00000003,00000004,6C88BCE1,00000000,?,?,?), ref: 6C8A7211

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: AdjustPointer$H_prolog3_catchmemcpy
String ID:
API String ID: 738859832-0
Opcode ID: 84debd8589c4bc3428ea1f4016166b8e0ad043377f7f2b8af4072e7a82cafdce
Instruction ID: ebaac24da801d240de0221fb2f1bf31ea3b6ebc41bf9e20ff59bd10c461caef1
Opcode Fuzzy Hash: 84debd8589c4bc3428ea1f4016166b8e0ad043377f7f2b8af4072e7a82cafdce
Instruction Fuzzy Hash: C5012C71005204AAEF319E44DE01FEA3BA6EF40318F104929F95559D60DB72AD69EA90

Function 6C8C1664 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCR100(?,?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002), ref: 6C8C1680
_memset.LIBCMT(?,00000000,00000000,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152), ref: 6C8C16A1
??3@YAXPAX@Z.MSVCR100(?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002,?), ref: 6C8C16AC
??3@YAXPAX@Z.MSVCR100(?,?,?,6C8C1550,?,6C8C16DB,?,?,?,6C8C1514,?,?,6C8C129E,?,6C8C1152,00000002), ref: 6C8C16B2

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$_memset
String ID:
API String ID: 1722558631-0
Opcode ID: 397c62b95008557440e7930a0a277eadf08179e2dea02e24e4dcad8741e9d07c
Instruction ID: b069533e4fea5dbf5d75713b20458a2310213a2ea6cc233f8869a48009f462a8
Opcode Fuzzy Hash: 397c62b95008557440e7930a0a277eadf08179e2dea02e24e4dcad8741e9d07c
Instruction Fuzzy Hash: 5DF06D723017019BD3318F5DEAC0E4673E4EF80368B248D3DE09987E61DB30ED868A55

Function 6C891201 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(00000000,6C8B085F,?,00000000,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891204
_malloc_crt.MSVCR100(00000002,?,?,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891233
memcpy.MSVCR100(00000000,00000000,00000002,?,?,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C891242
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,6C88FD74,?,6C88FD98,0000000C), ref: 6C89124B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: EnvironmentStrings$Free_malloc_crtmemcpy
String ID:
API String ID: 202606007-0
Opcode ID: 3b7d6d795b3b428ef4e8f5150334fa20d0855e3ed5fa7240490f162050e0a1ce
Instruction ID: 2fe28a81d1a76138daef56bc517ca0d32286af00af5e0bd2bdd6d78a70b43cb5
Opcode Fuzzy Hash: 3b7d6d795b3b428ef4e8f5150334fa20d0855e3ed5fa7240490f162050e0a1ce
Instruction Fuzzy Hash: ACF0E9776061105ECB31B7797D4888B573CEEC125831A0C29E405C3A01FB20C941C2B1

Function 6C8CAC51 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,-00000018,6C8C0ED5,00010000,?), ref: 6C8CAC8D
GetLastError.KERNEL32 ref: 6C8CAC97
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8CACAF
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8CACBD

Part of subcall function 6C8CABC4: GetModuleHandleA.KERNEL32(00000000), ref: 6C8CABDB
Part of subcall function 6C8CABC4: GetModuleFileNameW.KERNEL32(6C870000,?,00000104), ref: 6C8CABF7
Part of subcall function 6C8CABC4: LoadLibraryW.KERNEL32(?), ref: 6C8CAC08

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Module$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorExceptionFileHandleLastLibraryLoadNameThreadThrow
String ID:
API String ID: 488853443-0
Opcode ID: b4960e5f931727ea1229851e94b00f4605d3c66d3679ceb190a47048298f278e
Instruction ID: 606008b15d4c9b5fd88cb660d2c5081cf49c016de9dd4466499b5f4ee31f799c
Opcode Fuzzy Hash: b4960e5f931727ea1229851e94b00f4605d3c66d3679ceb190a47048298f278e
Instruction Fuzzy Hash: A4F0C231604206ABCF159FA4CD0ABEE3B28BF04718F15043CF516D5A51DB34C9159BA5

Function 6C8C81EA Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C81F1

Part of subcall function 6C8C9242: InterlockedFlushSList.KERNEL32(?,?,?,6C8C8213,00000000,6C8C8F77,00000000), ref: 6C8C925E

CloseHandle.KERNEL32(?,00000000,6C8C8F77,00000000), ref: 6C8C8224
CloseHandle.KERNEL32(?,00000000,6C8C8F77,00000000), ref: 6C8C8231
??3@YAXPAX@Z.MSVCR100(?,?,00000000,6C8C8F77,00000000), ref: 6C8C8256

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseHandle$??3@FlushH_prolog3InterlockedList
String ID:
API String ID: 3972622424-0
Opcode ID: 80c69d271d5b3dd054219cfce1c7e90bb1ae6f510aa3a323e2217b7cea2ed038
Instruction ID: 8604f776b37708398afd2492ebd11d1be972abcdb6077d0a5659203a8e998ead
Opcode Fuzzy Hash: 80c69d271d5b3dd054219cfce1c7e90bb1ae6f510aa3a323e2217b7cea2ed038
Instruction Fuzzy Hash: 8E018C31702B419BDB209FB9CA85F9E73A4BF49628F504C1DE4A5A7B40CB34EA058B65

Function 6C89218C Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

_strnlen.LIBCMT(?,00007FFF,6C8921F8,00000010), ref: 6C8921B1
_lock.MSVCR100(00000007,6C8921F8,00000010), ref: 6C8921C6

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

Part of subcall function 6C892214: _strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892232
Part of subcall function 6C892214: _strlen.LIBCMT(00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C892241
Part of subcall function 6C892214: __fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6C8921D8,?,6C8921F8,00000010), ref: 6C89225D

Part of subcall function 6C892183: _unlock.MSVCR100(00000007,6C8921E8,6C8921F8,00000010), ref: 6C892185

_errno.MSVCR100(6C8921F8,00000010), ref: 6C8B0837
_invalid_parameter_noinfo.MSVCR100(6C8921F8,00000010), ref: 6C8B0842

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _strlen$CriticalEnterSection__fassign_errno_invalid_parameter_noinfo_lock_strnlen_unlock
String ID:
API String ID: 3718102437-0
Opcode ID: 31984aa58e03a0c76788b2d90d08aef902116c570423579710d73652724a4f71
Instruction ID: 52470368016d450756af28e988db076d60b72a627c4e4853753afa5d987fd35d
Opcode Fuzzy Hash: 31984aa58e03a0c76788b2d90d08aef902116c570423579710d73652724a4f71
Instruction Fuzzy Hash: 34F0903194625AAADB305F7CDF057DD36A0AF40368F208C35A028DEFD0DF389685DA94

Function 6C89236E Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C8923D0,0000000C), ref: 6C892398

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fseek_nolock.MSVCR100(?,?,?,6C8923D0,0000000C), ref: 6C8923A9

Part of subcall function 6C8923EC: _fileno.MSVCR100(?,?,00000001,?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C892431
Part of subcall function 6C8923EC: _lseek.MSVCR100(00000000,?,00000001,?,?,6C8923AE,?,?,?,6C8923D0,0000000C), ref: 6C892438

Part of subcall function 6C892364: _unlock_file.MSVCR100(?,6C8923C0), ref: 6C892367

_errno.MSVCR100(6C8923D0,0000000C), ref: 6C8A8D64
_invalid_parameter_noinfo.MSVCR100(6C8923D0,0000000C), ref: 6C8A8D6F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fileno_fseek_nolock_invalid_parameter_noinfo_lock_lock_file_lseek_unlock_file
String ID:
API String ID: 4149153117-0
Opcode ID: 945ecd01a9e0a9a8ebcb3ac4a0fd287ddd52ca30f3096cde28ccfd4eb83593ae
Instruction ID: 82c41d6e968af9454e5202a8d36411457ba3affa9425d2d5ee868b430b399f0f
Opcode Fuzzy Hash: 945ecd01a9e0a9a8ebcb3ac4a0fd287ddd52ca30f3096cde28ccfd4eb83593ae
Instruction Fuzzy Hash: 3FF04431C42259EACF35AF7CCE056DD7A616F01328F118D31E4246BEE0DB398585EB51

Function 6C8C6E7A Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8C6E81
EnterCriticalSection.KERNEL32(?,00000008,6C8C92D1), ref: 6C8C6E93
??2@YAPAXI@Z.MSVCR100(00000038), ref: 6C8C6EBB

Part of subcall function 6C8BB834: __EH_prolog3.LIBCMT ref: 6C8BB83B

LeaveCriticalSection.KERNEL32(?), ref: 6C8C6EDB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalH_prolog3Section$??2@EnterLeave
String ID:
API String ID: 3492688627-0
Opcode ID: d315b8c0cefb41b8934aea70546a1795816efbdb996dec027709faef4560c99a
Instruction ID: 5b467201c81c4e7a2ad8e8f678049aa7d432f2ed11be61875dbb6960ec923a84
Opcode Fuzzy Hash: d315b8c0cefb41b8934aea70546a1795816efbdb996dec027709faef4560c99a
Instruction Fuzzy Hash: 7CF03170A063648EDB30DB69CA897AA76B4AB05719F508C7AD059D2E40D778D648CB22

Function 6C880841 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

_memmove.LIBCMT(?,00000000,?), ref: 6C880872
_errno.MSVCR100 ref: 6C8A95F4
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A95FE
_errno.MSVCR100 ref: 6C8A960A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_memmove
String ID:
API String ID: 3898388434-0
Opcode ID: 2e998d1568a2c84ccd5ed2564f24117d1b0d34df2c28f38bec209859c6260524
Instruction ID: b4150d46897ae546d13ab9d8c4512babd688c14d918cb7138e0312ff09ddbc9f
Opcode Fuzzy Hash: 2e998d1568a2c84ccd5ed2564f24117d1b0d34df2c28f38bec209859c6260524
Instruction Fuzzy Hash: 96F0273114B359EBDF316E9CAE487DA3794AF05768F004835F8148AE50EBB6C885CBA1

Function 6C892543 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

_lock.MSVCR100(00000007,6C892598,0000000C), ref: 6C892561

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

Part of subcall function 6C8926C3: wcsnlen.MSVCR100(?,00007FFF,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8926ED
Part of subcall function 6C8926C3: wcsnlen.MSVCR100(?,00007FFF,?,00007FFF,?,?,?,00000007,00000007,?,6C892576,?,?,6C892598,0000000C), ref: 6C8926F8
Part of subcall function 6C8926C3: _calloc_crt.MSVCR100(00000002,00000002), ref: 6C892717
Part of subcall function 6C8926C3: wcscpy_s.MSVCR100(00000000,00000002,?), ref: 6C89272E
Part of subcall function 6C8926C3: wcscpy_s.MSVCR100(?,00000002,?,00000000,00000002,?), ref: 6C89274B
Part of subcall function 6C8926C3: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C892789
Part of subcall function 6C8926C3: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C8927A5
Part of subcall function 6C8926C3: _calloc_crt.MSVCR100(00000000,00000001), ref: 6C8927B2

_errno.MSVCR100(6C892598,0000000C), ref: 6C8B10A2
_invalid_parameter_noinfo.MSVCR100(6C892598,0000000C), ref: 6C8B10AC
_errno.MSVCR100(6C892598,0000000C), ref: 6C8B10B8

Part of subcall function 6C89253A: _unlock.MSVCR100(00000007,6C89258F,6C892598,0000000C), ref: 6C89253C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ByteCharMultiWide_calloc_crt_errnowcscpy_swcsnlen$CriticalEnterSection_invalid_parameter_noinfo_lock_unlock
String ID:
API String ID: 813033701-0
Opcode ID: f964f47fccb19d93b077c9f82557f9670367fd58bea239e82f50697e2c484df6
Instruction ID: cc6dccda8f49e531b7e44a1b62218e64a277fe6b09348a976058b4e08a282fb6
Opcode Fuzzy Hash: f964f47fccb19d93b077c9f82557f9670367fd58bea239e82f50697e2c484df6
Instruction Fuzzy Hash: 76F09035642245EADB31AF7CCA15BCD3760AF05328F508835E020DEF90EB798A469B40

Function 6C8B5C48 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR100 ref: 6C8B5C68

Part of subcall function 6C8C504E: ?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ.MSVCR100(?,?,?,?,?,?,?,6C8B5C6D), ref: 6C8C509A

__uncaught_exception.MSVCR100 ref: 6C8B5C6D
Concurrency::unsupported_os::unsupported_os.LIBCMT(00000001), ref: 6C8B5C93
_CxxThrowException.MSVCR100(6C8B5CA8,6C91FE24,00000001), ref: 6C8B5CA1

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Collection@details@Concurrency@@StructuredTask$Abort@_Cancel@_Concurrency::unsupported_os::unsupported_osExceptionThrow__uncaught_exception
String ID:
API String ID: 176145414-0
Opcode ID: 432f8260689b0a23581ee4b1546af4687ba12e6cfce5d22902547bfd6fe30244
Instruction ID: e7001fe87e010bf13dc3e370e57bd8ea05f0c82a278b6fd3232bd256dcb30cd5
Opcode Fuzzy Hash: 432f8260689b0a23581ee4b1546af4687ba12e6cfce5d22902547bfd6fe30244
Instruction Fuzzy Hash: 01F082309003086ACF209769C725B9C77568F4268CF118DAA48257BF52DB76E44FCB11

Function 6C8915F6 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C891658,0000000C), ref: 6C891621

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fwrite_nolock.MSVCR100(?,?,?,?,6C891658,0000000C), ref: 6C891636

Part of subcall function 6C89153C: memcpy.MSVCR100(?,?,?), ref: 6C8915D5

Part of subcall function 6C891674: _unlock_file.MSVCR100(6C89164D,6C89164D), ref: 6C891677

_errno.MSVCR100(6C891658,0000000C), ref: 6C8A8E41
_invalid_parameter_noinfo.MSVCR100(6C891658,0000000C), ref: 6C8A8E4C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fwrite_nolock_invalid_parameter_noinfo_lock_lock_file_unlock_filememcpy
String ID:
API String ID: 1711487722-0
Opcode ID: 1f29c2619ebe350d0a6fcf6e7b043fb9c657524114e4cf0b7ae970e0e1a32b24
Instruction ID: 057c3d7bfdf39328efef2a645615d673b0b7a17538d9fcd6cd9c10d613c49141
Opcode Fuzzy Hash: 1f29c2619ebe350d0a6fcf6e7b043fb9c657524114e4cf0b7ae970e0e1a32b24
Instruction Fuzzy Hash: BCF08C70806259EFCF22AFAC8B004DE3A64AF00714F144D25E42456EA0C735CA64EF91

Function 6C8B8E9F Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8B8EA6
CloseHandle.KERNEL32(?,00000004,6C8B8BA2), ref: 6C8B8ED0
CloseHandle.KERNEL32(?,00000004,6C8B8BA2), ref: 6C8B8EE4
??3@YAXPAX@Z.MSVCR100(?), ref: 6C8B8F14

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CloseHandle$??3@H_prolog3
String ID:
API String ID: 236738836-0
Opcode ID: 28a9243e4d03e5470254f960fd2d8964ca129a016c962b6579bb267cf67487cc
Instruction ID: 31c60ef99d5e59a9b4a0dc6dcf61464f38c5ed6cd2fe693a3067923a2b1801ea
Opcode Fuzzy Hash: 28a9243e4d03e5470254f960fd2d8964ca129a016c962b6579bb267cf67487cc
Instruction Fuzzy Hash: 6EF03CB5A017018BE7309F78CA9479A72A4BF0021DF604C6CD5ADABF40DF75E808DB60

Function 6C88A934 Relevance: 6.0, APIs: 4, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock_file.MSVCR100(?,?,?,?,?,?,?,6C88A990,0000000C), ref: 6C88A961

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fclose_nolock.MSVCR100(?,?,?,?,?,?,?,6C88A990,0000000C), ref: 6C88A96C

Part of subcall function 6C88A8DF: __freebuf.LIBCMT ref: 6C88A903
Part of subcall function 6C88A8DF: _fileno.MSVCR100(?,?,?), ref: 6C88A909
Part of subcall function 6C88A8DF: _close.MSVCR100(00000000,?,?,?), ref: 6C88A90F

Part of subcall function 6C88A9AC: _unlock_file.MSVCR100(?,6C88A981,?,?,?,?,?,?,6C88A990,0000000C), ref: 6C88A9AD

_errno.MSVCR100(?,?,?,?,?,?,6C88A990,0000000C), ref: 6C8A8BC3
_invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6C88A990,0000000C), ref: 6C8A8BCE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: __freebuf_close_errno_fclose_nolock_fileno_invalid_parameter_noinfo_lock_lock_file_unlock_file
String ID:
API String ID: 1403730806-0
Opcode ID: 9861f9f3e672e0815d4156a0b82e31f5e9b22a6104f16c924789ce697ea74e0d
Instruction ID: c974a8357324985b4deb3d22bce4c589a5037074271768343d0c1938872afe22
Opcode Fuzzy Hash: 9861f9f3e672e0815d4156a0b82e31f5e9b22a6104f16c924789ce697ea74e0d
Instruction Fuzzy Hash: 71F09670807755AAD7309B7C8A007DE77A05F01338F218E259474A6EC0CB7C59469F59

Function 6C8BC7DC Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BC7E3
EnterCriticalSection.KERNEL32(?,00000004,6C8B87CA,?), ref: 6C8BC7F6

Part of subcall function 6C8B892E: TlsSetValue.KERNEL32(?,?,?,?,?), ref: 6C8B895B
Part of subcall function 6C8B892E: GetCurrentThread.KERNEL32 ref: 6C8B898C

LeaveCriticalSection.KERNEL32(?), ref: 6C8BC830
SetEvent.KERNEL32(?), ref: 6C8BC83F

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalSection$CurrentEnterEventH_prolog3LeaveThreadValue
String ID:
API String ID: 2643705923-0
Opcode ID: cf966233ca2406d09bf33b64129ccca993fba08ae7869f4ea634d33120b06657
Instruction ID: 6950e9add85f5bcf4b1c18ca28f8174e544e971ed0fe9e7f00869aff0f11f50e
Opcode Fuzzy Hash: cf966233ca2406d09bf33b64129ccca993fba08ae7869f4ea634d33120b06657
Instruction Fuzzy Hash: E2F08C705002649BDF22AF28CA9C7DD7BB1AF0130DF044876E9156EF46D735D988CBA1

Function 6C8C72EE Relevance: 6.0, APIs: 4, Instructions: 32timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(00000000,000000FF), ref: 6C8C730C
DeleteTimerQueueTimer.KERNEL32(00000000,00000000,000000FF), ref: 6C8C7331

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Timer$Concurrency@@DeleteQueueQueue@details@Shared
String ID:
API String ID: 1377234465-0
Opcode ID: 4e16abebda8792f62333e143440febb94cdef0d35ca359b3dadc32ced49d9565
Instruction ID: 80ee8aec24f5be26d3a53334ec2dc8d6bc2332df93cb990d2a45694a6b4dba3c
Opcode Fuzzy Hash: 4e16abebda8792f62333e143440febb94cdef0d35ca359b3dadc32ced49d9565
Instruction Fuzzy Hash: 97F02731104614A7DA310728CE09F0B7B68EB8233DF644B28E47A93AE0DF71D80285E2

Function 6C8950D2 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C895128,0000000C), ref: 6C8950F4

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_fputwc_nolock.MSVCR100(?,?,6C895128,0000000C), ref: 6C895102

Part of subcall function 6C8950C8: _unlock_file.MSVCR100(?,6C89511B,6C895128,0000000C), ref: 6C8950CB

_errno.MSVCR100(6C895128,0000000C), ref: 6C8A86CF
_invalid_parameter_noinfo.MSVCR100(6C895128,0000000C), ref: 6C8A86DA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fputwc_nolock_invalid_parameter_noinfo_lock_lock_file_unlock_file
String ID:
API String ID: 1553310528-0
Opcode ID: 518615665868e3b5767c23bde701db0710c64696c6b2a711d1d971ec0ddd1659
Instruction ID: 39a12920b1eb33bc9313c84fda9ab94eb0df034cd842cbff0d080c74e108e7f5
Opcode Fuzzy Hash: 518615665868e3b5767c23bde701db0710c64696c6b2a711d1d971ec0ddd1659
Instruction Fuzzy Hash: 85F08931803355A9DB306F6DDA017EE3A60AF01729F114D75A4249BFD0DB3C99459B54

Function 6C88CA89 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

_wfsopen.MSVCR100(?,?,00000080), ref: 6C88CAA5
_errno.MSVCR100 ref: 6C88D061
_errno.MSVCR100 ref: 6C8A94E0
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A94EA

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo_wfsopen
String ID:
API String ID: 972587971-0
Opcode ID: 33518f1f829daef67386d686cdd8cb7bfa0aef1fa8333d9c5588fbc4d1558859
Instruction ID: 8be418d4ab97e970559ae4daff7ce5887d6471316ea1c90747ec777fc462d168
Opcode Fuzzy Hash: 33518f1f829daef67386d686cdd8cb7bfa0aef1fa8333d9c5588fbc4d1558859
Instruction Fuzzy Hash: FEE092312472696BDB31BEACAD00ADA3B649F45B58B040D32F8549BF10EB72D8458BC0

Function 6C8C23B9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002), ref: 6C8C23C6

Part of subcall function 6C8C214D: std::exception::exception.LIBCMT(6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8C216C
Part of subcall function 6C8C214D: _CxxThrowException.MSVCR100(?,6C920018,6C8C1FE2), ref: 6C8C2181

std::exception::exception.LIBCMT(?,00000008,00000002), ref: 6C8C23DE
_CxxThrowException.MSVCR100(?,6C920034,?,00000008,00000002), ref: 6C8C23F3
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000002), ref: 6C8C23FD

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Policy$Concurrency@@ElementExceptionKey@2@@Policy@SchedulerThrowValue@std::exception::exception
String ID:
API String ID: 1427302437-0
Opcode ID: c15bc345848480418c371f9cdbec07b9f493820596ca0ee172da9d485e1b76b2
Instruction ID: 07631148f7fef282cba8040f5c2439e15e76c6c2b28b4dcc893a217cb176f18e
Opcode Fuzzy Hash: c15bc345848480418c371f9cdbec07b9f493820596ca0ee172da9d485e1b76b2
Instruction Fuzzy Hash: 58F08275714108EBCB14DBADC645ECE7BB89B44388F009525AA25A7A90DB38EA48CB52

Function 6C8D6E6B Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100(6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C8D6E83
_invalid_parameter_noinfo.MSVCR100(6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C8D6E8E

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_lock_file.MSVCR100(00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C8D6E9B
_ungetc_nolock.MSVCR100(?,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C8D6EAB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_invalid_parameter_noinfo_lock_file_ungetc_nolock
String ID:
API String ID: 3962069902-0
Opcode ID: b50cdc5ec82fa3b37fedb02e55bda2ff4061a1f376bee84e08c03566b54ab934
Instruction ID: 776873299071b5ea07115f6edaa10ca266cd22800925cc0cf412ea0c51a8d262
Opcode Fuzzy Hash: b50cdc5ec82fa3b37fedb02e55bda2ff4061a1f376bee84e08c03566b54ab934
Instruction Fuzzy Hash: B0F01231402249EADB306FBCDA016DE37A1AF00338F218E75E024D9EE0DB3595459F05

Function 6C8C7084 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

SetThreadPriority.KERNEL32(?,?), ref: 6C8C709E
GetLastError.KERNEL32 ref: 6C8C70A8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C70C0
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C70CE

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastPriorityThreadThrow
String ID:
API String ID: 152467346-0
Opcode ID: ac68514536cc1e5833f5c67a7e8dcf382c44c4c4c272e88a43b2814a1f129f84
Instruction ID: 1d3a61a0ef75981fc592a298193cf087d3459bacd2128cb79f54df1e4c8446ff
Opcode Fuzzy Hash: ac68514536cc1e5833f5c67a7e8dcf382c44c4c4c272e88a43b2814a1f129f84
Instruction Fuzzy Hash: 17F08C31600206AEDB249F64C948EAA77A9BF10308B104939A41496A21EA34E908CBA1

Function 6C8C71BD Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

SetThreadPriority.KERNEL32(?,?), ref: 6C8C71D7
GetLastError.KERNEL32 ref: 6C8C71E1
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6C8C71F9
_CxxThrowException.MSVCR100(?,6C91FEB4,00000000), ref: 6C8C7207

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastPriorityThreadThrow
String ID:
API String ID: 152467346-0
Opcode ID: 72df798412a767d1dd75cf08ca4e8d581941dfbe129dded7805e51151cb0f40e
Instruction ID: 4b2e6ee5a2a3c703b7d66f377714e19681e2f6b4bce2ab11de30f9a623692576
Opcode Fuzzy Hash: 72df798412a767d1dd75cf08ca4e8d581941dfbe129dded7805e51151cb0f40e
Instruction Fuzzy Hash: 84F0A0B1610205AFDB20EF65CE08EAE3BB8BF00318B004939E429D6A51EB34E408CB65

Function 6C8D35DC Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

_errno.MSVCR100(6C8D3648,0000000C), ref: 6C8D35F4
_invalid_parameter_noinfo.MSVCR100(6C8D3648,0000000C), ref: 6C8D35FF

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

_lock_file.MSVCR100(?,6C8D3648,0000000C), ref: 6C8D360E
_fgetwc_nolock.MSVCR100(?,6C8D3648,0000000C), ref: 6C8D361B

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fgetwc_nolock_invalid_parameter_invalid_parameter_noinfo_lock_file
String ID:
API String ID: 648411476-0
Opcode ID: c8b0668308b2bbf494ee212e4b37178329587f4820e8b962a26f857d03a3bc3f
Instruction ID: 909ca7f2778fb92d299fcafa0fafabb777b42da56d793320d03eed141193eae4
Opcode Fuzzy Hash: c8b0668308b2bbf494ee212e4b37178329587f4820e8b962a26f857d03a3bc3f
Instruction Fuzzy Hash: DBF03030403245AADB306F78DA017ED3A70AF00368F618975B4549BFD0DB398D86AB55

Function 6C891868 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

_lock_file.MSVCR100(?,6C8918B8,0000000C), ref: 6C891887

Part of subcall function 6C88A557: _lock.MSVCR100(?,?,?,6C8D6EA0,00000040,6C8D6ED8,0000000C,6C8A8676,00000000,?), ref: 6C88A584

_ftell_nolock.MSVCR100(?,6C8918B8,0000000C), ref: 6C891894

Part of subcall function 6C8917C4: _fileno.MSVCR100(?), ref: 6C8917DD
Part of subcall function 6C8917C4: _lseek.MSVCR100(00000000,00000000,00000001), ref: 6C8917F5

Part of subcall function 6C8918D4: _unlock_file.MSVCR100(?,6C8918A9,6C8918B8,0000000C), ref: 6C8918D7

_errno.MSVCR100(6C8918B8,0000000C), ref: 6C8A8DF8
_invalid_parameter_noinfo.MSVCR100(6C8918B8,0000000C), ref: 6C8A8E03

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_fileno_ftell_nolock_invalid_parameter_noinfo_lock_lock_file_lseek_unlock_file
String ID:
API String ID: 2873353448-0
Opcode ID: 8f97c70a78080a2d2dc2067d220a746448b89dcbc7f8fb61fa4c77cf7fd93d1b
Instruction ID: 508719da98f84c90e038b64497fcd4ef7e362cf8cda43119d0062d9778547ee5
Opcode Fuzzy Hash: 8f97c70a78080a2d2dc2067d220a746448b89dcbc7f8fb61fa4c77cf7fd93d1b
Instruction Fuzzy Hash: AAF03030846259FADB31AF7CCE017DD3AA4AF01329F204E35A024AAFD0DF78C585AB55

Function 6C8BFE3B Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C8BFE42

Part of subcall function 6C8BFE93: __EH_prolog3.LIBCMT ref: 6C8BFE9A
Part of subcall function 6C8BFE93: ??3@YAXPAX@Z.MSVCR100(?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFEC0
Part of subcall function 6C8BFE93: ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6C8BFF0A
Part of subcall function 6C8BFE93: ??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF1E
Part of subcall function 6C8BFE93: ??_V@YAXPAX@Z.MSVCR100(?,?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF26
Part of subcall function 6C8BFE93: TlsFree.KERNEL32(?,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF30
Part of subcall function 6C8BFE93: InterlockedPopEntrySList.KERNEL32(6C924618,6C924624,?,?,?,?,00000008,6C8BFE5E,00000004,6C8BFE27), ref: 6C8BFF91

DeleteCriticalSection.KERNEL32(?,00000004,6C8BFE27), ref: 6C8BFE6B
DeleteCriticalSection.KERNEL32(?), ref: 6C8BFE74

Part of subcall function 6C8BFAE0: InterlockedFlushSList.KERNEL32(?,?,?,6C8BF44A), ref: 6C8BFAEB
Part of subcall function 6C8BFAE0: InterlockedFlushSList.KERNEL32(?,?,?,6C8BF44A), ref: 6C8BFB05
Part of subcall function 6C8BFAE0: ??3@YAXPAX@Z.MSVCR100(00000000,?,?,6C8BF44A), ref: 6C8BFB43
Part of subcall function 6C8BFAE0: ??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8BF44A), ref: 6C8BFB54
Part of subcall function 6C8BFAE0: ??3@YAXPAX@Z.MSVCR100(?,?,?,?,6C8BF44A), ref: 6C8BFB5A
Part of subcall function 6C8BFAE0: ??_V@YAXPAX@Z.MSVCR100(?,?,?,6C8BF44A), ref: 6C8BFB6A

??3@YAXPAX@Z.MSVCR100(00000004), ref: 6C8BFE81

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@$InterlockedList$CriticalDeleteFlushH_prolog3Section$EntryFree
String ID:
API String ID: 2014981224-0
Opcode ID: f4e4f4ccd367f889f9e0bbbcc3113bd07a24de9c9fe20f0758402b8db36622a8
Instruction ID: 5a14e53ba6654e0278343863860a2bc73d8846481c9294a7f1618ee1b3e07dda
Opcode Fuzzy Hash: f4e4f4ccd367f889f9e0bbbcc3113bd07a24de9c9fe20f0758402b8db36622a8
Instruction Fuzzy Hash: EDE030BA9011569BCB149BA8CA46688B778BF44308F540835D214A7F10DB74A928CBA4

Function 6C8CB762 Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

_lock.MSVCR100(00000004), ref: 6C8CB76A

Part of subcall function 6C880C43: EnterCriticalSection.KERNEL32(00000001,00000001,?,6C8821A9,0000000D), ref: 6C880C5E

DecodePointer.KERNEL32 ref: 6C8CB776
EncodePointer.KERNEL32(?), ref: 6C8CB781
_unlock.MSVCR100(00000004), ref: 6C8CB78E

Part of subcall function 6C880C67: LeaveCriticalSection.KERNEL32(?,6C88AB87,0000000A,6C88ABD0,?,6C8821A9,0000000D), ref: 6C880C76

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CriticalPointerSection$DecodeEncodeEnterLeave_lock_unlock
String ID:
API String ID: 4086609935-0
Opcode ID: 8b0924ee377bdc5c47c81c3d853f4bb3b5ea883112d6e5544da1ae966d62ee9f
Instruction ID: 1d1dae46ae2146314c51e446f90a45be7992bb9bad64e03f7f59d1a2857927d6
Opcode Fuzzy Hash: 8b0924ee377bdc5c47c81c3d853f4bb3b5ea883112d6e5544da1ae966d62ee9f
Instruction Fuzzy Hash: 00D0C272701294ABCF201BA4A90DA883F65F781BAAF100435F31C8AA40EB319800CBD4

Function 6C8FCB44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMONLIBRARYCODE

Download Yara Rule

APIs

__IsNonwritableInCurrentImage.LIBCMT ref: 6C8FCC30
__DestructExceptionObject.MSVCR100(?,00000001), ref: 6C8FCC42

Strings

csm, xrefs: 6C8FCC1A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: CurrentDestructExceptionImageNonwritableObject
String ID: csm
API String ID: 574919218-1018135373
Opcode ID: e4f707d59db3b64b00df8a3fc422ca70e6b03e64f97064a42883b4a0cb0eab06
Instruction ID: 85936876039a669c2e659b344e4ed30f35eb6593589ef8dc5bc68af5ecfbdad8
Opcode Fuzzy Hash: e4f707d59db3b64b00df8a3fc422ca70e6b03e64f97064a42883b4a0cb0eab06
Instruction Fuzzy Hash: 91516234600205DFCB34DF69C594AAEB7B1FF88328F148969EC669B792C730EA41CB50

Function 6C8BB13F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

Part of subcall function 6C8B615A: TlsGetValue.KERNEL32(?,6C8C558F,00000000,6C8C5EC0,?,?,?,00000000,?,?,?,6C8C5DCC,00000001), ref: 6C8B616F

std::exception::exception.LIBCMT(?), ref: 6C8BB171

Part of subcall function 6C8F3502: std::exception::_Copy_str.LIBCMT(6C8C2171,?,?,6C8C2171,6C8C1FE2,?,6C8C1FE2,00000001), ref: 6C8F351D

_CxxThrowException.MSVCR100(?,6C91FF4C,?), ref: 6C8BB186

Part of subcall function 6C8977D4: RaiseException.KERNEL32(?,?,6C8AF317,?,?,?,?,?,6C8AF317,?,6C88BDD8,6C927580), ref: 6C897813

Strings

Lock already taken as a writer, xrefs: 6C8BB16A

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: Exception$Copy_strRaiseThrowValuestd::exception::_std::exception::exception
String ID: Lock already taken as a writer
API String ID: 323788321-3737755527
Opcode ID: 5ef43ebc146b033d761e551fc7e77e6c311ace162a6580ac9c2f1ee5e503fc11
Instruction ID: 40c3a6bec12262277155429b65cea409d4ac7af9dc4d4c75c42aa0183e212401
Opcode Fuzzy Hash: 5ef43ebc146b033d761e551fc7e77e6c311ace162a6580ac9c2f1ee5e503fc11
Instruction Fuzzy Hash: 5A21B431A012059FCB21CF58C9D4AAEB3B0FF45329F108A69D539BB750DB30E90ACB90

Function 6C8C32C7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCR100(?), ref: 6C8C3389

Strings

,, xrefs: 6C8C3375
,, xrefs: 6C8C3366

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ??3@
String ID: ,$,
API String ID: 613200358-220654547
Opcode ID: c0eeba00fb3113b34de27425374de461b486df08bae8b5085271dd9f4f0fceee
Instruction ID: 2c83c5ba4cfdc7682f08cdbdbf1d2bbf1f457406d807c5502a4d1f5a15d3c56f
Opcode Fuzzy Hash: c0eeba00fb3113b34de27425374de461b486df08bae8b5085271dd9f4f0fceee
Instruction Fuzzy Hash: 0C31F671A05208DFCB11CF59D6808DEF7B5FF84314B25899AD815AB611D731EE82CF92

Function 6C8D5FDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D5FF8
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D6003

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

Strings

I, xrefs: 6C8D6012

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_invalid_parameter_noinfo
String ID: I
API String ID: 340685940-3707901625
Opcode ID: dee889e2ef0f346de69c0c7a482fb04a0b733b2ac91e53adef15ffc27b276a98
Instruction ID: 1a1663191734823b6a6cbff8cc1ea71f7855590aa5c22e2d6c104c5512a0aca7
Opcode Fuzzy Hash: dee889e2ef0f346de69c0c7a482fb04a0b733b2ac91e53adef15ffc27b276a98
Instruction Fuzzy Hash: 9D01A271C0024E9BDF209FAAC900AEEBBB5FF44368F108A25E534B61D0E7359505CFA5

Function 6C8D5EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8D5EDC
_invalid_parameter_noinfo.MSVCR100 ref: 6C8D5EE7

Part of subcall function 6C8FAEAE: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6C8CB84F,?,6C8CC3D3,00000003,6C8A74A4,6C88AA18,0000000C,6C8A74F7,00000001,00000001), ref: 6C8FAEB5

Strings

I, xrefs: 6C8D5EFB

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_invalid_parameter_noinfo
String ID: I
API String ID: 340685940-3707901625
Opcode ID: e32427f639a7dc2cec75437fb7cf387d2a2c7562de0bd3ae32efb8a49512bb7c
Instruction ID: f6d6a969dfdb02a7ef14c1afc60456e7384fa6099d80cf1e44bc6b3b1b0d8d0e
Opcode Fuzzy Hash: e32427f639a7dc2cec75437fb7cf387d2a2c7562de0bd3ae32efb8a49512bb7c
Instruction Fuzzy Hash: 4F018671C0024E9BDF109FAAC804ADEBBB5FF44368F104625F534A6190E7759515CFA5

Function 6C8C3434 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(6C8B3F00), ref: 6C8C3458
_CxxThrowException.MSVCR100(6C8B3F00,6C91FE78,6C8B3F00), ref: 6C8C346D

Strings

count, xrefs: 6C8C3478

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionThrowstd::exception::exception
String ID: count
API String ID: 4279132481-2245608546
Opcode ID: d2103b9e4678c6ae93cb174d041aff2f4325edcf957e3ec1ccd15cd7f4eb0135
Instruction ID: f743066e75017832143b6cd356b8d50c3bf19f056f4ae3cc15f4f212b8371557
Opcode Fuzzy Hash: d2103b9e4678c6ae93cb174d041aff2f4325edcf957e3ec1ccd15cd7f4eb0135
Instruction Fuzzy Hash: 31F0367250012CB7CB319F89C5819CE7B68BB55364B40C926E95567E10D735DA0ACF92

Function 6C88380F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.MSVCR100 ref: 6C8A931E
_invalid_parameter_noinfo.MSVCR100 ref: 6C8A9329

Strings

B, xrefs: 6C883844

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: B
API String ID: 2959964966-1255198513
Opcode ID: 3393d93fd42d188c5bfc2d9a1213c1dfa9bde3f474556dc49e0ecf46112e7932
Instruction ID: 28177666ec30498243fcc51fe91ba93f5adc7bd439d6da42dc8fcec7bd7a0c99
Opcode Fuzzy Hash: 3393d93fd42d188c5bfc2d9a1213c1dfa9bde3f474556dc49e0ecf46112e7932
Instruction Fuzzy Hash: B0F0627490424EABDF149F69C8015EEBBB5FF84328F108625E824722D0D77581158FA4

Function 6C897D2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,6C88B0D8,6C88BDD8,00000000,00000001), ref: 6C897D51
free.MSVCR100(?), ref: 6C897D77

Strings

csm, xrefs: 6C897D32

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecodePointerfree
String ID: csm
API String ID: 2443025543-1018135373
Opcode ID: 0276526072a3b50fbf3bbabd5da0069184b676a9f54cbf2c162894fd21db4f30
Instruction ID: b3044456c860531c073b76946e576064a5bdb47b8e10db32405ab4704c42a56c
Opcode Fuzzy Hash: 0276526072a3b50fbf3bbabd5da0069184b676a9f54cbf2c162894fd21db4f30
Instruction Fuzzy Hash: 33F0B474205B009FDB348E2ACB4052A73FD6F0071B7280E2CD096CAD74DF20D885C680

Function 6C897D1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,6C88B0D8,6C88BDD8,00000000,00000001), ref: 6C897D51
free.MSVCR100(?), ref: 6C897D77

Strings

csm, xrefs: 6C897D32

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: DecodePointerfree
String ID: csm
API String ID: 2443025543-1018135373
Opcode ID: 81cef4f11cb362c65bc43abf9bcb310bf698cd4a18c9ea992e0df99e4a2b6e02
Instruction ID: 6857a06c4b9cbc59c51e665c48d45601faf7767079000f63508d305adecd5646
Opcode Fuzzy Hash: 81cef4f11cb362c65bc43abf9bcb310bf698cd4a18c9ea992e0df99e4a2b6e02
Instruction Fuzzy Hash: 1FF0597020A701CFDB318F39CA4052A77F6BF012467040EADD082C6C65DB20D884DB80

Function 6C8F583C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6C8F5871
DName::DName.LIBCMT ref: 6C8F587D

Strings

{flat}, xrefs: 6C8F586C

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: a5af7e24b03c53413de0ab076ae9c4e193776540f684d9162af37a9b83818d7e
Instruction ID: 94f80950810227e7f50f0e900e76f63598e9761af6e8f1df1a0d182ec982b27d
Opcode Fuzzy Hash: a5af7e24b03c53413de0ab076ae9c4e193776540f684d9162af37a9b83818d7e
Instruction Fuzzy Hash: F5F0A0311643489FCB20CF98D540BE53BA4EB46799F14C441E86C0FB42C730D442CF90

Function 6C8BC644 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT(6C8BC69C), ref: 6C8BC660
_CxxThrowException.MSVCR100(00010000,6C91FE78,6C8BC69C), ref: 6C8BC675

Strings

version, xrefs: 6C8BC683

Memory Dump Source

Source File: 00000005.00000002.3343751122.000000006C871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C870000, based on PE: true

Associated: 00000005.00000002.3343727000.000000006C870000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343819566.000000006C923000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343871806.000000006C925000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000005.00000002.3343922255.000000006C928000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6c870000_HOMA2 Calculator.jbxd

Similarity

API ID: ExceptionThrowstd::exception::exception
String ID: version
API String ID: 4279132481-3206337475
Opcode ID: 2f4c46fcddd55d0647c381aa854c26bbc7e31a9cd2b1a59dc10375e313c913a7
Instruction ID: 63514327676b06311842f281d362e8b0c54b736ac4fc696208e7a348697a24fc
Opcode Fuzzy Hash: 2f4c46fcddd55d0647c381aa854c26bbc7e31a9cd2b1a59dc10375e313c913a7
Instruction Fuzzy Hash: D2F01CB140010DBBCB20EF59C642FCD7B68AB45348F50D92AA82567A51EB709A8DCB91

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report nHOMA2CalculatorWindowsSetup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\HOMA Calculator v2.2.3\HOMA Calculator.url

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\RBGUIFramework.dll (copy)

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-42761.tmp

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-AUQQQ.tmp

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\is-PSQK4.tmp

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcp100.dll (copy)

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator Libs\msvcr100.dll (copy)

C:\Program Files\HOMA Calculator v2.2.3\HOMA2 Calculator.exe (copy)

C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator Validation.xls (copy)

C:\Program Files\HOMA Calculator v2.2.3\HOMA2Calculator.xls (copy)

C:\Program Files\HOMA Calculator v2.2.3\is-47NV3.tmp

C:\Program Files\HOMA Calculator v2.2.3\is-N1UTF.tmp

C:\Program Files\HOMA Calculator v2.2.3\is-TOAGV.tmp

C:\Program Files\HOMA Calculator v2.2.3\is-VCAJS.tmp

C:\Program Files\HOMA Calculator v2.2.3\unins000.dat

C:\Program Files\HOMA Calculator v2.2.3\unins000.exe (copy)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator on the Web.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 (Excel).lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3 Validation (Excel).lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\HOMA Calculator v2.2.3.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOMA Calculator v2.2.3\Uninstall HOMA Calculator.lnk

C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_setup64.tmp

C:\Users\user\AppData\Local\Temp\is-0M8BV.tmp\_isetup\_shfoldr.dll

Windows Analysis Report
nHOMA2CalculatorWindowsSetup.exe

Function 00FC1000 Relevance: 51.0, APIs: 20, Strings: 9, Instructions: 276
libraryloaderCOMMON

Function 6C8802C1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53
COMMONLIBRARYCODE

Function 6C880233 Relevance: 12.1, APIs: 8, Instructions: 60
memoryCOMMONLIBRARYCODE

Function 00FC1380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41
windowCOMMON

Function 6C880B4E Relevance: 4.6, APIs: 3, Instructions: 54
memoryCOMMONLIBRARYCODE

Function 6C88014E Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMONLIBRARYCODE

Function 6C880282 Relevance: 3.0, APIs: 2, Instructions: 28
COMMONLIBRARYCODE

Function 6C8CA3DD Relevance: 98.2, APIs: 38, Strings: 18, Instructions: 204
libraryloaderCOMMONLIBRARYCODE

Function 6C8BBE38 Relevance: 61.6, APIs: 31, Strings: 4, Instructions: 336
libraryloaderCOMMONLIBRARYCODE

Function 6C8981A1 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 316
COMMON