Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO 455U90897QD.exe

Overview

General Information

Sample name:PO 455U90897QD.exe
Analysis ID:1540336
MD5:d37c9c617ae3238019e8453d65039a83
SHA1:29b460636dea6e38c3d8e40300935b1fe065d8ea
SHA256:7bca7793aeb04884b5a80ded877398755a3ec5d9e254bd838d08ae000a27f350
Tags:exeuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found potential string decryption / allocating functions
One or more processes crash
PE file contains an invalid checksum
PE file does not import any functions
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • PO 455U90897QD.exe (PID: 6216 cmdline: "C:\Users\user\Desktop\PO 455U90897QD.exe" MD5: D37C9C617AE3238019E8453D65039A83)
    • WerFault.exe (PID: 1112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 232 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PO 455U90897QD.exeAvira: detected
Source: PO 455U90897QD.exeReversingLabs: Detection: 44%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.3% probability
Source: PO 455U90897QD.exeJoe Sandbox ML: detected
Source: PO 455U90897QD.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004120380_2_00412038
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004271610_2_00427161
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0047E1FA0_2_0047E1FA
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004212BE0_2_004212BE
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004433900_2_00443390
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004433910_2_00443391
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0041A46B0_2_0041A46B
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0041240C0_2_0041240C
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004465660_2_00446566
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0041D7500_2_0041D750
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004037E00_2_004037E0
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004278590_2_00427859
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004128180_2_00412818
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0040F8900_2_0040F890
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0042397B0_2_0042397B
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00409A400_2_00409A40
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00411B630_2_00411B63
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0047CBF00_2_0047CBF0
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0044EBBC0_2_0044EBBC
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00412C380_2_00412C38
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0044ED9A0_2_0044ED9A
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00423EBF0_2_00423EBF
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00424F700_2_00424F70
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_0041AF0D0_2_0041AF0D
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: String function: 0041171A appears 37 times
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: String function: 004021E0 appears 45 times
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: String function: 0041718C appears 47 times
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: String function: 0040E6D0 appears 81 times
Source: C:\Users\user\Desktop\PO 455U90897QD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 232
Source: PO 455U90897QD.exeStatic PE information: No import functions for PE file found
Source: PO 455U90897QD.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.winEXE@2/5@0/0
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6216
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7f570ae4-d532-4f5e-b3ab-d1ccf0a3148fJump to behavior
Source: PO 455U90897QD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PO 455U90897QD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PO 455U90897QD.exeReversingLabs: Detection: 44%
Source: unknownProcess created: C:\Users\user\Desktop\PO 455U90897QD.exe "C:\Users\user\Desktop\PO 455U90897QD.exe"
Source: C:\Users\user\Desktop\PO 455U90897QD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 232
Source: C:\Users\user\Desktop\PO 455U90897QD.exeSection loaded: apphelp.dllJump to behavior
Source: PO 455U90897QD.exeStatic PE information: real checksum: 0xa2135 should be: 0xcfe4f
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\PO 455U90897QD.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_004223BC LdrInitializeThunk,0_2_004223BC
Source: PO 455U90897QD.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: C:\Users\user\Desktop\PO 455U90897QD.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
2
Process Injection
1
Virtualization/Sandbox Evasion
OS Credential Dumping21
Security Software Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
2
Process Injection
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDS11
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
PO 455U90897QD.exe45%ReversingLabsWin32.Trojan.Autoitinject
PO 455U90897QD.exe100%AviraTR/Patched.Ren.Gen
PO 455U90897QD.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netAmcache.hve.4.drfalse
  • URL Reputation: safe
unknown
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1540336
Start date and time:2024-10-23 17:23:44 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 26s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:PO 455U90897QD.exe
Detection:MAL
Classification:mal64.winEXE@2/5@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 1
  • Number of non-executed functions: 88
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 52.168.117.173
  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • VT rate limit hit for: PO 455U90897QD.exe
TimeTypeDescription
11:24:47API Interceptor1x Sleep call for process: WerFault.exe modified
No context
No context
No context
No context
No context
Process:C:\Windows\SysWOW64\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):0.6436022462994871
Encrypted:false
SSDEEP:96:kXlFNkXshhaoI7Jf7QXIDcQvc6QcEVcw3cE/H+HbHg6ZAX/d5FMT2SlPkpXmTAHU:ElfkXi0BU/AjEzuiF/Z24IO8r
MD5:930E18162A68174CCA071476B2F57825
SHA1:6A13A1A92FBD2312121BD0403C9C68C7BA365791
SHA-256:ABAB6E73FDC58BD3E7E8AF8D9534CED26C87C3E32CB53B351A7303F1C2572883
SHA-512:CFAD9FD306056C292B5CB1B0AD76486BA8862A67050373B34B93845861918A3857B070E862A7618D3839277965796DB2D44E04A46434D37D3D6951A8B8799915
Malicious:false
Reputation:low
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.1.7.0.6.7.4.4.9.2.5.0.2.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.1.7.0.6.7.4.8.5.1.8.7.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.f.3.4.7.f.e.3.-.1.a.8.0.-.4.6.8.8.-.8.3.4.a.-.0.c.9.9.8.2.0.7.9.5.4.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.5.f.e.3.d.4.1.-.9.1.e.b.-.4.b.0.d.-.b.0.9.7.-.8.b.5.b.8.3.0.6.5.4.b.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.O. .4.5.5.U.9.0.8.9.7.Q.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.4.8.-.0.0.0.1.-.0.0.1.5.-.3.d.a.8.-.f.6.a.9.5.f.2.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.3.b.0.e.8.2.d.a.a.4.6.e.b.6.b.b.f.0.5.5.5.1.f.a.5.2.f.b.d.f.d.0.0.0.0.f.f.f.f.!.0.0.0.0.2.9.b.4.6.0.6.3.6.d.e.a.6.e.3.8.c.3.d.8.e.4.0.3.0.0.9.3.5.b.1.f.e.0.6.5.d.8.e.a.!.P.O. .4.5.5.U.9.0.8.9.7.Q.D...e.x.e.....T.
Process:C:\Windows\SysWOW64\WerFault.exe
File Type:Mini DuMP crash report, 14 streams, Wed Oct 23 15:24:34 2024, 0x1205a4 type
Category:dropped
Size (bytes):18536
Entropy (8bit):1.9485463676819503
Encrypted:false
SSDEEP:96:5y8eL7ehqamTm9Gi7nDMGrKVkjS68LWx4WqgHAXVG+2+xwaWIBWIaBI4ZdlgY:vg7AGOYukV4lZdlgY
MD5:805BE42E72F15F2BAB5ED07808BBC945
SHA1:2C3732510012A6BC6A70D3D2916CF94C274FC4D7
SHA-256:E2B11B55560636EFE699D0556093C3B1F6EDF7D47562735FA89BDEB982B1121F
SHA-512:FE39A36D71AE21F8060202D8291325E53272162356214CF040D6CA0A40856D6BFE3A1BF715164137489AAED5BD09D4FDF8964F90FE355709BBCE56CC754349B5
Malicious:false
Reputation:low
Preview:MDMP..a..... .......2..g............4...............<.......T...............T.......8...........T................>......................................................................................................eJ......L.......GenuineIntel............T.......H...2..g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
Process:C:\Windows\SysWOW64\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8338
Entropy (8bit):3.700757539822481
Encrypted:false
SSDEEP:192:R6l7wVeJeS6YC16Y2D2SU9nGgmfGDvSprQ89bbVsf9Jm:R6lXJD6Y46YLSU9nGgmfGDvKbufa
MD5:5918CA13FB27AD679681C898626CA19B
SHA1:CE9736397DB9CA418FC3A025DE6485C107F2F02F
SHA-256:12BB88113D86E3FDFA18A56DFD39151BB038403EB52CBDAB4B4987DAEFC2C383
SHA-512:2B4E4E8CC0B7DEE3F64A30F1FCF116F3A7BAF032C5611E1AE9465F29AACD1DEB2B60F0CF3A0CCB91952F3DE2A4E653AA0A7DF5BE3DC8BC0900B33B50A0333E82
Malicious:false
Reputation:low
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.1.6.<./.P.i.
Process:C:\Windows\SysWOW64\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4643
Entropy (8bit):4.5113081863362945
Encrypted:false
SSDEEP:48:cvIwWl8zs7Jg77aI969WpW8VY8Ym8M4JwqGFlvy+q8Qu9r0Sn4hQd:uIjfVI7QM7V8JwdKYB0U4hQd
MD5:0668579D3B0DF2B9031B304D47BF938C
SHA1:EB68FADA27EDC75BAFD395E1A4ACDB6FDB52289A
SHA-256:9D90FCDADE78DACB25DCFA1DF38A6601F8EF50CE690AF97FDC96CFE2E570F025
SHA-512:CABEB3D4D57A5EEFE3A71A6A6F5410560A0A4A219084AE8A01D123A20AEDCDF1A837EE98CFE57029A122191ACDE00DC9E41E21F3896324132ECBCB765541467F
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="556227" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
Process:C:\Windows\SysWOW64\WerFault.exe
File Type:MS Windows registry file, NT/2000 or above
Category:dropped
Size (bytes):1835008
Entropy (8bit):4.468665082525606
Encrypted:false
SSDEEP:6144:bzZfpi6ceLPx9skLmb0fvZWSP3aJG8nAgeiJRMMhA2zX4WABluuN0jDH5S:XZHtvZWOKnMM6bFp+j4
MD5:FBB16E54A28A575B9D2BE23D659D8D35
SHA1:1897A51B08317F2B6B475A0ABB61B3AAD54033BC
SHA-256:093D0DA820A9C014377CE8CF2B8F26C29C6FB8A39F522AACD25696E5682F38BC
SHA-512:802959E113E45C5D5878F3C2B9A528A29C997F55C08800D2F325A36538CDCC7BE563DC1C6B0CD5AE8AFB85AC051ED91F499513F6D5A9DC6203D94F0429ABA37B
Malicious:false
Reputation:low
Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmV.&._%................................................................................................................................................................................................................................................................................................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.887050978059955
TrID:
  • Win32 Executable (generic) a (10002005/4) 95.11%
  • AutoIt3 compiled script executable (510682/80) 4.86%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:PO 455U90897QD.exe
File size:787'689 bytes
MD5:d37c9c617ae3238019e8453d65039a83
SHA1:29b460636dea6e38c3d8e40300935b1fe065d8ea
SHA256:7bca7793aeb04884b5a80ded877398755a3ec5d9e254bd838d08ae000a27f350
SHA512:bf5ed32cd0512cd8dabd342d670c228c0627bab8af84a11fefe0cca3153aaa73d74dbf7ac533a71d2ce2803e3e5094471a98701f835f99ea5ef2e4f6b257405b
SSDEEP:12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUnyyQWc9sXW9OAI:ffmMv6Ckr7MnyyQWcWm9OAI
TLSH:FFF4C012B7D680B6D9A339B1297BE32BEB3575194323C4CBA7E02E778E111409B37761
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........
Icon Hash:00928e8e8686b000
Entrypoint:0x416310
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:TERMINAL_SERVER_AWARE
Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:0
File Version Major:5
File Version Minor:0
Subsystem Version Major:5
Subsystem Version Minor:0
Import Hash:
Instruction
call 00007FEDC4D9252Ch
jmp 00007FEDC4D862FEh
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
push edi
push esi
mov esi, dword ptr [ebp+0Ch]
mov ecx, dword ptr [ebp+10h]
mov edi, dword ptr [ebp+08h]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007FEDC4D8648Ah
cmp edi, eax
jc 00007FEDC4D8662Ah
cmp ecx, 00000100h
jc 00007FEDC4D864A1h
cmp dword ptr [004A94E0h], 00000000h
je 00007FEDC4D86498h
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jne 00007FEDC4D8648Ah
pop esi
pop edi
pop ebp
jmp 00007FEDC4D868EAh
test edi, 00000003h
jne 00007FEDC4D86497h
shr ecx, 02h
and edx, 03h
cmp ecx, 08h
jc 00007FEDC4D864ACh
rep movsd
jmp dword ptr [00416494h+edx*4]
nop
mov eax, edi
mov edx, 00000003h
sub ecx, 04h
jc 00007FEDC4D8648Eh
and eax, 03h
add ecx, eax
jmp dword ptr [004163A8h+eax*4]
jmp dword ptr [004164A4h+ecx*4]
nop
jmp dword ptr [00416428h+ecx*4]
nop
mov eax, E4004163h
arpl word ptr [ecx+00h], ax
or byte ptr [ecx+eax*2+00h], ah
and edx, ecx
mov al, byte ptr [esi]
mov byte ptr [edi], al
mov al, byte ptr [esi+01h]
mov byte ptr [edi+01h], al
mov al, byte ptr [esi+02h]
shr ecx, 02h
mov byte ptr [edi+02h], al
add esi, 03h
add edi, 03h
cmp ecx, 08h
jc 00007FEDC4D8644Eh
Programming Language:
  • [ASM] VS2008 SP1 build 30729
  • [ C ] VS2008 SP1 build 30729
  • [C++] VS2008 SP1 build 30729
  • [ C ] VS2005 build 50727
  • [IMP] VS2005 build 50727
  • [ASM] VS2008 build 21022
  • [RES] VS2008 build 21022
  • [LNK] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x820000xd95c0xda000089398b847fd19bb7edc3410c69b70eFalse0.3627078555045872data4.882452620369569IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x900000x1a5180x6800c3d52becf62dd1d3808b31cc705e1291False0.16023137019230768data2.2036099383088685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0xab0000x92980x94007abda2d3278f7875cea4b294cccd2284False0.4897065033783784data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
No network behavior found

Click to jump to process

Click to jump to process

Click to dive into process behavior distribution

Click to jump to process

Target ID:0
Start time:11:24:34
Start date:23/10/2024
Path:C:\Users\user\Desktop\PO 455U90897QD.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\PO 455U90897QD.exe"
Imagebase:0x400000
File size:787'689 bytes
MD5 hash:D37C9C617AE3238019E8453D65039A83
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Target ID:4
Start time:11:24:34
Start date:23/10/2024
Path:C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):true
Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 232
Imagebase:0xb80000
File size:483'680 bytes
MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Reset < >

    Execution Graph

    Execution Coverage:0%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:80%
    Total number of Nodes:5
    Total number of Limit Nodes:1
    execution_graph 86877 416310 86880 4223bc 86877->86880 86881 4223e1 86880->86881 86882 4223ee LdrInitializeThunk 86880->86882 86881->86882 86883 416315 KiUserExceptionDispatcher 86881->86883 86882->86883

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 416310-416315 call 4223bc KiUserExceptionDispatcher
    APIs
    • ___security_init_cookie.LIBCMT ref: 00416310
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: ___security_init_cookie
    • String ID:
    • API String ID: 3657697845-0
    • Opcode ID: 4bdd433a690629dd3501674d42cf643aace1610f6fd3d1a391bd8c0419ec06f4
    • Instruction ID: 0fa8e422d47ebb4ab7d7617044a84aa19720662839f1252666d98ab1682f5105
    • Opcode Fuzzy Hash: 4bdd433a690629dd3501674d42cf643aace1610f6fd3d1a391bd8c0419ec06f4
    • Instruction Fuzzy Hash:
    APIs
      • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
    • __wsplitpath.LIBCMT ref: 004038B2
      • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
    • _wcscpy.LIBCMT ref: 004038C7
    • _wcscat.LIBCMT ref: 004038DC
      • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
      • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
      • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
      • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
    • _wcscpy.LIBCMT ref: 004039C2
    • _wcslen.LIBCMT ref: 00403A53
    • _wcslen.LIBCMT ref: 00403AAA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_wcscpy$Exception@8Throw__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
    • String ID: _
    • API String ID: 1297629827-701932520
    • Opcode ID: f7400efadfb211e1c6a54ec53033a690a5c2e4aaad9299c0a4ddea8ffbf374a5
    • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
    • Opcode Fuzzy Hash: f7400efadfb211e1c6a54ec53033a690a5c2e4aaad9299c0a4ddea8ffbf374a5
    • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: `$h$h
    • API String ID: 0-2214931053
    • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
    • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
    • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
    • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
    APIs
    • _wcslen.LIBCMT ref: 00409A61
      • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
      • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
      • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
      • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
    • String ID: 0vH$4RH
    • API String ID: 580348202-2085553193
    • Opcode ID: 8c15663d9c6a771d096f0e632e43e71a49fe94135b736c22b9c5d0902525b2c7
    • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
    • Opcode Fuzzy Hash: 8c15663d9c6a771d096f0e632e43e71a49fe94135b736c22b9c5d0902525b2c7
    • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: ERCP$VUUU$VUUU$VUUU
    • API String ID: 0-2165971703
    • Opcode ID: 9d9c8d4bfcf41bd04d96d4b895fd82f3ee157ce3e08fddd2f5e7535c936af561
    • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
    • Opcode Fuzzy Hash: 9d9c8d4bfcf41bd04d96d4b895fd82f3ee157ce3e08fddd2f5e7535c936af561
    • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _strncmp
    • String ID: ^$h
    • API String ID: 909875538-736285284
    • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
    • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
    • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
    • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
    APIs
    • __time64.LIBCMT ref: 004433A2
      • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __aulldiv__time64
    • String ID: rJ
    • API String ID: 325419493-1865492326
    • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
    • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
    • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
    • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
    APIs
    • __time64.LIBCMT ref: 004433A2
      • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __aulldiv__time64
    • String ID: rJ
    • API String ID: 325419493-1865492326
    • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
    • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
    • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
    • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: 0vH$HH
    • API String ID: 0-728391547
    • Opcode ID: 533b2f79c38708f8c0f2b95bafb5f03928fa95e17bc3eaa97dfde8316004936e
    • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
    • Opcode Fuzzy Hash: 533b2f79c38708f8c0f2b95bafb5f03928fa95e17bc3eaa97dfde8316004936e
    • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset
    • String ID:
    • API String ID: 2102423945-0
    • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
    • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
    • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
    • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0b957803a04a13c72297edf5fd9610d6a8cb9345c75df7e928da515a5b11d08c
    • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
    • Opcode Fuzzy Hash: 0b957803a04a13c72297edf5fd9610d6a8cb9345c75df7e928da515a5b11d08c
    • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
    • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
    • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
    • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
    • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
    • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
    • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
    • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
    • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
    • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
    • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
    • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
    • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
    • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
    • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
    • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229

    Control-flow Graph

    APIs
      • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
    • _fseek.LIBCMT ref: 004527FC
    • __wsplitpath.LIBCMT ref: 0045285C
    • _wcscpy.LIBCMT ref: 00452871
    • _wcscat.LIBCMT ref: 00452886
    • __wsplitpath.LIBCMT ref: 004528B0
    • _wcscat.LIBCMT ref: 004528C8
    • _wcscat.LIBCMT ref: 004528DD
    • __fread_nolock.LIBCMT ref: 00452914
    • __fread_nolock.LIBCMT ref: 00452925
    • __fread_nolock.LIBCMT ref: 00452944
    • __fread_nolock.LIBCMT ref: 00452955
    • __fread_nolock.LIBCMT ref: 00452976
    • __fread_nolock.LIBCMT ref: 00452987
    • __fread_nolock.LIBCMT ref: 00452998
    • __fread_nolock.LIBCMT ref: 004529A9
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
      • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
      • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
    • __fread_nolock.LIBCMT ref: 00452A39
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
    • String ID: U3!
    • API String ID: 2054058615-758399015
    • Opcode ID: d373bd881de39b9f5577604929189007c70f6c81c167eeacecc377de7da6ac16
    • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
    • Opcode Fuzzy Hash: d373bd881de39b9f5577604929189007c70f6c81c167eeacecc377de7da6ac16
    • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6

    Control-flow Graph

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: U3!$\
    • API String ID: 0-2129997895
    • Opcode ID: c7ed4683ee1ae5d3c564ecd4a102a4d5ac3333686f17269a329080b271935609
    • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
    • Opcode Fuzzy Hash: c7ed4683ee1ae5d3c564ecd4a102a4d5ac3333686f17269a329080b271935609
    • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 352 403e50-403e69 call 425210 355 42ba7a-42ba8e call 4136bc 352->355 356 403e6f-403e7e 352->356 359 42ba90 355->359 360 42ba9d-42baaf call 4136bc 355->360 361 42ba93 359->361 364 42bab1-42bab5 360->364 365 42babf-42bad1 call 4136bc 360->365 361->360 364->365 368 42bad3-42bad7 365->368 369 42bae1-42baf3 call 4136bc 365->369 368->369 372 42bb54-42bb66 call 4136bc 369->372 373 42baf5-42bb1a call 40fff0 call 4450b6 call 445111 call 4112d5 369->373 379 42bbb8-42bbca call 4136bc 372->379 380 42bb68-42bb6b 372->380 405 42bb34 373->405 406 42bb1c-42bb32 call 4450b6 call 445111 373->406 387 42bc2a-42bc3c call 4136bc 379->387 388 42bbcc-42bbed call 445153 379->388 380->361 383 42bb71 380->383 386 42bb73-42bb8e call 4115d0 383->386 395 42bba0-42bbb2 386->395 396 42bb90-42bb94 386->396 401 42bc56-42bc5d 387->401 402 42bc3e-42bc50 call 4136bc 387->402 403 42bc15-42bc23 call 453f80 388->403 404 42bbef-42bc0e call 410020 call 4037e0 388->404 395->379 396->386 400 42bb96 396->400 400->395 410 42bc62-42bc72 call 46e5f5 401->410 402->361 402->401 403->387 404->403 408 42bb35-42bb4a call 4112ef 405->408 406->408 408->372 422 42bce7-42bce9 410->422 423 42bc74-42bc94 call 445111 call 4450b6 call 4136bc 410->423 422->361 428 42bcef-42bd06 call 453f80 422->428 437 42bce1-42bce2 423->437 438 42bc96-42bca8 call 4136bc 423->438 437->410 438->437 441 42bcaa-42bcbc call 4136bc 438->441 444 42bcd2-42bcd5 441->444 445 42bcbe-42bcd0 call 4136bc 441->445 444->410 446 42bcd7 444->446 445->410 445->444 446->437
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsnicmp
    • String ID:
    • API String ID: 1038674560-0
    • Opcode ID: e99e8ea47c2e0a81a1f4f2b8c120415411dd88f7f044ac13853852b7fec2ff3a
    • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
    • Opcode Fuzzy Hash: e99e8ea47c2e0a81a1f4f2b8c120415411dd88f7f044ac13853852b7fec2ff3a
    • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_wcsncpy$__wcstoi64
    • String ID:
    • API String ID: 2571183157-0
    • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
    • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
    • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
    • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 501 466999-466a9a call 425210 call 4131f0 call 40c060 * 4 call 40e6d0 call 453081 call 41326a call 453081 call 41326a call 453081 call 40fff0 call 45302e call 4142a3 532 466aa0-466ad5 call 4021e0 call 434b96 * 2 501->532 533 466b4f-466b66 call 40d3b0 501->533 552 466bd2-466bd6 532->552 553 466adb-466ade 532->553 539 466b8d-466b9c call 4112ef 533->539 540 466b68 533->540 547 466bae-466bb1 539->547 548 466b9e-466baa call 44b390 539->548 543 466b69-466b76 call 401cf0 540->543 556 466b82-466b87 543->556 557 466b78-466b7f call 401cf0 543->557 554 466bb3-466bd0 call 453081 call 411691 547->554 555 466bdb-466bdd 547->555 548->547 559 466dba-466dbf 552->559 553->552 563 466ae4-466ae6 553->563 560 466be5-466c45 call 4131f0 554->560 555->560 556->543 561 466b89 556->561 557->556 569 466dc2-466dc4 call 4040e0 559->569 575 466ce4 560->575 576 466c4b-466c59 call 40c760 560->576 561->539 563->552 567 466aec-466b49 call 40c140 call 40d3b0 call 4608ce call 40c140 call 40d3b0 call 4142a3 563->567 567->532 567->533 574 466dc9-466df5 call 402620 * 4 569->574 580 466cef-466cf8 575->580 576->575 590 466c5f-466c6c call 40c760 576->590 584 466d9e-466da6 580->584 585 466cfe-466d06 580->585 600 466db6-466db8 584->600 601 466da8-466db4 call 40e6d0 584->601 598 466d90-466d9c 585->598 599 466d0c-466d12 585->599 590->575 607 466c6e-466c80 call 40c760 590->607 598->569 599->601 605 466d18-466d48 call 4112d5 call 4021e0 599->605 600->559 601->574 625 466d82-466d8e call 40e6d0 605->625 626 466d4a-466d80 call 4112d5 call 40d3b0 * 2 605->626 619 466c87-466c94 call 40c760 607->619 620 466c82 607->620 627 466c96 619->627 628 466c9c-466ca9 call 40c760 619->628 620->619 625->574 626->625 627->628 636 466cb1-466cbe call 40c760 628->636 637 466cab 628->637 643 466cc6-466cd3 call 40c760 636->643 644 466cc0 636->644 637->636 647 466cd5 643->647 648 466cdb-466ce2 643->648 644->643 647->648 648->580
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_memset_wcscpy_wcsncpy_wcstok$__getptd
    • String ID: X$sThemeActive
    • API String ID: 3089742834-2521398909
    • Opcode ID: 83e9f886be2ca0e7c91863296e0d8bf0cbd2c584cd0fd3ff4b64028a64f5cb0d
    • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
    • Opcode Fuzzy Hash: 83e9f886be2ca0e7c91863296e0d8bf0cbd2c584cd0fd3ff4b64028a64f5cb0d
    • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __fread_nolock$_fseek_wcscpy
    • String ID: U3!
    • API String ID: 3888824918-758399015
    • Opcode ID: 9f6b6d7915b770ef2d5fc0820a1c12095ba0dba7bd0c4e96e503ad5426efcaaf
    • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
    • Opcode Fuzzy Hash: 9f6b6d7915b770ef2d5fc0820a1c12095ba0dba7bd0c4e96e503ad5426efcaaf
    • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
    • String ID:
    • API String ID: 136442275-0
    • Opcode ID: df62e39173a4cc8fdc26ba85adec4b2cb0ff7b2e6538c8a793aa3b7267e3362e
    • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
    • Opcode Fuzzy Hash: df62e39173a4cc8fdc26ba85adec4b2cb0ff7b2e6538c8a793aa3b7267e3362e
    • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 731 410b90-410cf1 call 425210 call 41171a call 413db0 call 413dfc call 413e3c call 41171a call 411691 748 429bc3-429bec 731->748 749 410cf7-410d03 731->749 751 429bf2-429c18 748->751 752 429cd9-429cdd 748->752 753 429c1f-429c31 751->753 756 429ce4 752->756 754 429c33-429c37 753->754 755 429c50-429c5f call 4112d5 753->755 754->755 757 429c39-429c48 call 411663 754->757 762 429c61-429c74 call 4112d5 755->762 763 429c88-429cd2 call 41171a call 41326a 755->763 756->756 765 429c4b-429c4e 757->765 762->763 770 429c76-429c85 call 411663 762->770 763->765 773 429cd8 763->773 765->753 770->763 773->752
    APIs
      • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
    • __wsplitpath.LIBCMT ref: 00410C61
      • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
    • _wcsncat.LIBCMT ref: 00410C78
    • __wmakepath.LIBCMT ref: 00410C94
      • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
      • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
      • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
      • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
    • _wcscpy.LIBCMT ref: 00410CCC
    • _wcscat.LIBCMT ref: 00429C43
    • _wcslen.LIBCMT ref: 00429C55
    • _wcslen.LIBCMT ref: 00429C66
    • _wcscat.LIBCMT ref: 00429C80
    • _wcsncpy.LIBCMT ref: 00429CC0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat_wcslen$Exception@8Throw__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
    • String ID: \
    • API String ID: 2146646916-2967466578
    • Opcode ID: a41c6adc0304ec136fdca53d49a0e5dca53cae0241867e971d6591428eea1ec6
    • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
    • Opcode Fuzzy Hash: a41c6adc0304ec136fdca53d49a0e5dca53cae0241867e971d6591428eea1ec6
    • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat$__wcsicoll_wcscpy_wcslen_wcsncpy
    • String ID:
    • API String ID: 1790233685-0
    • Opcode ID: 828521c210707c4e663f7fee2426e1bc813c1be302e30421954394508beaa3b2
    • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
    • Opcode Fuzzy Hash: 828521c210707c4e663f7fee2426e1bc813c1be302e30421954394508beaa3b2
    • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 848 46aeaf-46aeef call 40c060 * 3 855 46af10-46af75 call 453081 call 401b70 call 462dec call 462bf3 848->855 856 46aef1-46aef4 848->856 874 46af77-46af84 855->874 875 46afa1-46afb1 call 437bfd 855->875 856->855 857 46aef6-46af0b call 4092c0 856->857 863 46b374-46b397 call 402620 * 3 857->863 878 46af86-46af9c call 4040e0 call 4092c0 874->878 882 46aff2 875->882 883 46afb3-46afca 875->883 878->863 885 46aff6-46b024 882->885 889 46afec-46aff0 883->889 890 46afcc-46afea call 404120 883->890 891 46b026-46b05e call 404120 call 4040e0 call 4092c0 885->891 892 46b074-46b078 885->892 889->885 890->878 891->863 912 46b064-46b06f 891->912 896 46b07e-46b09d call 453081 call 4115d0 892->896 897 46b359-46b36b 892->897 908 46b0f5-46b10e call 453081 call 4115d0 896->908 909 46b09f-46b0de call 453081 call 4112d5 call 453081 * 2 896->909 897->863 905 46b36d-46b371 897->905 905->863 921 46b110-46b151 call 453081 call 4112d5 call 453081 * 2 908->921 922 46b15c-46b17b call 453081 call 4115d0 908->922 909->897 942 46b0e4-46b0f0 909->942 912->863 921->897 963 46b157 921->963 935 46b254-46b26d call 453081 call 4115d0 922->935 936 46b181-46b1d7 call 45302e call 41171a call 453081 call 436328 922->936 955 46b295-46b2b1 call 453081 call 4115d0 935->955 956 46b26f-46b28f call 40c760 935->956 970 46b1f3 936->970 971 46b1d9 936->971 946 46b341-46b343 call 404120 942->946 951 46b348-46b356 call 4092c0 946->951 951->897 976 46b2b3-46b2d8 call 443576 955->976 977 46b2de-46b2fa call 453081 call 4115d0 955->977 956->955 967 46b335-46b33e 963->967 967->946 973 46b1f5 970->973 974 46b1f9-46b21c call 453081 970->974 975 46b1df-46b1e4 971->975 973->974 991 46b246-46b24f call 4112ef 974->991 992 46b21e-46b240 call 404120 call 4092c0 974->992 981 46b1e6-46b1e8 975->981 982 46b1ec-46b1ef 975->982 976->977 977->951 990 46b2fc-46b333 call 4676a3 call 443676 call 453081 977->990 981->982 982->975 984 46b1f1 982->984 984->970 990->897 990->967 991->897 992->991
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: sThemeActive
    • API String ID: 0-1538405661
    • Opcode ID: be7150213b4a2c9bc713f76d0e19250650ad5f83dea648aa0c2384bb3b8a6383
    • Instruction ID: d9d2404220d166b11353d33fb52652cf6d28829cdaa3b272cf204d1a2c990fb8
    • Opcode Fuzzy Hash: be7150213b4a2c9bc713f76d0e19250650ad5f83dea648aa0c2384bb3b8a6383
    • Instruction Fuzzy Hash: 2CE1A1B1600300ABD710EF65C885F1BB7E8AF48704F14895EB945DB392D778E945CBAA

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1006 434d50-434d7d 1008 434dea-434df3 1006->1008 1009 434d7f-434da9 call 41353a call 4112d5 1006->1009 1014 434dd4-434ddf 1009->1014 1015 434dab-434dbe call 4112d5 1009->1015 1019 434de1-434de8 1014->1019 1020 434df6-434e15 1014->1020 1015->1014 1021 434dc0-434dcf call 4112d5 1015->1021 1019->1008 1019->1020 1025 434e1b-434eb2 call 4131f0 call 4112d5 call 41326a 1020->1025 1026 434eba-434ecb 1020->1026 1021->1014 1035 434eb4 1025->1035 1036 434ece-434ee1 1025->1036 1035->1026
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$__swprintf_memset_wcsncpy
    • String ID: :$\
    • API String ID: 2267041258-1166558509
    • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
    • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
    • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
    • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1366 463f19-463f78 call 4131f0 1369 463fc4-463fc8 1366->1369 1370 463f7a-463f8d call 40c760 1366->1370 1372 463ff1-463ff5 1369->1372 1373 463fca-463fed call 40c760 * 2 1369->1373 1379 463fb6-463fba 1370->1379 1380 463f8f-463fb2 call 40c760 * 2 1370->1380 1374 463ff7-463ffa 1372->1374 1375 46400a-464010 1372->1375 1373->1372 1378 463ffd-464002 call 40c760 1374->1378 1381 464012 1375->1381 1382 46401a-46402f call 453081 call 40fff0 1375->1382 1378->1375 1379->1375 1388 463fbc-463fc2 1379->1388 1380->1379 1381->1382 1397 464176-46417e 1382->1397 1398 464035-464082 call 453081 call 40fff0 call 453081 call 40fff0 call 453081 call 40fff0 1382->1398 1388->1378 1399 464180-464197 call 453081 call 40fff0 1397->1399 1400 4641aa-4641dc call 41171a 1397->1400 1432 464084-46409d call 453081 call 40fff0 1398->1432 1433 4640ac-4640d8 call 41171a 1398->1433 1399->1400 1414 464199-4641a4 call 4112d5 1399->1414 1418 464107 1400->1418 1414->1400 1421 46410b-46411c call 43574b 1414->1421 1418->1421 1427 46411e-464137 call 443b47 1421->1427 1428 46416f-464174 1421->1428 1440 46413e-464152 call 443b14 1427->1440 1441 464139 1427->1441 1430 4641f3-4641f7 1428->1430 1434 4642a7-4642d2 1430->1434 1435 4641fd-464238 call 4464dc call 4112d5 1430->1435 1432->1433 1453 46409f-4640aa call 4112d5 1432->1453 1461 4640de-464103 call 40e6d0 * 3 1433->1461 1451 4642d5-4642ed call 4112ef * 2 1434->1451 1459 464243-464250 call 4112d5 1435->1459 1460 46423a-464241 1435->1460 1455 464154 1440->1455 1456 464159-46416d call 443aff 1440->1456 1441->1440 1474 464341-464353 1451->1474 1475 4642ef-46433e call 4040e0 call 404120 call 4092c0 call 44b87e 1451->1475 1453->1433 1453->1461 1455->1456 1456->1428 1472 4641e1-4641e6 1456->1472 1476 464262-464275 call 4112d5 1459->1476 1477 464252 1459->1477 1460->1459 1460->1460 1461->1418 1472->1430 1473 4641e8 1472->1473 1473->1430 1487 464385-464389 1474->1487 1488 464355-464380 call 443a7f call 44b7ca call 44a4e6 1474->1488 1489 464277 1476->1489 1490 464282-4642a5 call 4112ef * 3 1476->1490 1480 464259-464260 1477->1480 1480->1476 1480->1480 1496 4643ad-4643b7 1487->1496 1497 46438b-4643aa call 44b87e 1487->1497 1488->1487 1493 464279-464280 1489->1493 1490->1451 1493->1490 1493->1493 1502 4643bf-4643f1 call 4092c0 call 44b87e 1496->1502 1503 4643b9 1496->1503 1503->1502
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_memset
    • String ID: D$sThemeActive
    • API String ID: 103582719-3658404668
    • Opcode ID: 0a8ac63a683d0c69d32d7920b6ce77d849ba9e3d098abc4a3c186f522839d3e2
    • Instruction ID: fb727168ff3a635639fa9d56eabcb50e9dc6a5bc9d0fc25d7c440df2c68cb0fa
    • Opcode Fuzzy Hash: 0a8ac63a683d0c69d32d7920b6ce77d849ba9e3d098abc4a3c186f522839d3e2
    • Instruction Fuzzy Hash: F1E1F1B15043419BD720EF75C845B5BB7E4AFC4308F104A2EF98987392EB39E945CB5A
    APIs
    • __swprintf.LIBCMT ref: 004760FF
    • __swprintf.LIBCMT ref: 0047614A
    • __swprintf.LIBCMT ref: 00476175
      • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
    • __swprintf.LIBCMT ref: 0047619C
      • Part of subcall function 0041353A: __flsbuf.LIBCMT ref: 004135AD
      • Part of subcall function 0041353A: __flsbuf.LIBCMT ref: 004135C5
    • __swprintf.LIBCMT ref: 004761C3
    • __swprintf.LIBCMT ref: 004761EA
    • __swprintf.LIBCMT ref: 00476211
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __swprintf$__flsbuf$__woutput_l
    • String ID: sThemeActive
    • API String ID: 696488392-1538405661
    • Opcode ID: c59e5e574b319998f9e3a2b679457d66a5e1eb94f82e6569b8b07cbab11e2756
    • Instruction ID: 620d276c2385ea74303efce356e4dd2f8a6156b7ba60b6be50b37e97889d348b
    • Opcode Fuzzy Hash: c59e5e574b319998f9e3a2b679457d66a5e1eb94f82e6569b8b07cbab11e2756
    • Instruction Fuzzy Hash: 7961C8716043006BD314EFA6CC86F6FB3D9AF88B04F404E2FF644662C1E6B9D955876A
    APIs
    • _fseek.LIBCMT ref: 004525DA
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
      • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
      • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
      • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
    • __fread_nolock.LIBCMT ref: 00452618
    • __fread_nolock.LIBCMT ref: 00452629
    • __fread_nolock.LIBCMT ref: 00452644
    • __fread_nolock.LIBCMT ref: 00452661
    • _fseek.LIBCMT ref: 0045267D
    • _malloc.LIBCMT ref: 00452689
    • _malloc.LIBCMT ref: 00452696
    • __fread_nolock.LIBCMT ref: 004526A7
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __fread_nolock$_fseek_malloc_wcscpy
    • String ID:
    • API String ID: 1911931848-0
    • Opcode ID: eb2f90aec4dc4ec959a1e0e1639ca3362a42e1248e5d2dc480d75e868b1924c0
    • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
    • Opcode Fuzzy Hash: eb2f90aec4dc4ec959a1e0e1639ca3362a42e1248e5d2dc480d75e868b1924c0
    • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A
    APIs
      • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
    • __wcsicoll.LIBCMT ref: 00402078
    • __wcsicoll.LIBCMT ref: 0040208E
    • __wcsicoll.LIBCMT ref: 004020A4
      • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
    • __wcsicoll.LIBCMT ref: 004020BA
    • _wcscpy.LIBCMT ref: 004020EF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll$__wcsicmp_l_wcscpy_wcslen
    • String ID: HH
    • API String ID: 1562855367-2761332787
    • Opcode ID: 06d3f71da64e355934b05b0c48e437050b402fb1932250546e0f0129b9074876
    • Instruction ID: c9d3c3b6fe5feff8818da943e354889f8ac14309cfa4db165b48fafa4d4d28ea
    • Opcode Fuzzy Hash: 06d3f71da64e355934b05b0c48e437050b402fb1932250546e0f0129b9074876
    • Instruction Fuzzy Hash: 3771B9715083069BC610FF51DC42A5F7BA49F91388F44083FB941671E2EBB8A94DCBDA
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __lock$___addlocaleref__crt_waiting_on_module_handle
    • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
    • API String ID: 1628550938-2843748187
    • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
    • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
    • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
    • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$__wcsicoll$__wcsicmp_l
    • String ID:
    • API String ID: 1459973796-0
    • Opcode ID: f1f747605e8611840612bd2c66a1c90eef7c4b4717e4d365439135034c054be9
    • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
    • Opcode Fuzzy Hash: f1f747605e8611840612bd2c66a1c90eef7c4b4717e4d365439135034c054be9
    • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
    • String ID:
    • API String ID: 3886058894-0
    • Opcode ID: 41f0615d080134615bec74fb0caa9c577856d118033157479df4299b83eda95c
    • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
    • Opcode Fuzzy Hash: 41f0615d080134615bec74fb0caa9c577856d118033157479df4299b83eda95c
    • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy$_memset
    • String ID: sThemeActive
    • API String ID: 2633112109-1538405661
    • Opcode ID: cc10b00e55e331f13d2d353be02d0e8691fe5efdf3e69ceeecfc3b452b111e4a
    • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
    • Opcode Fuzzy Hash: cc10b00e55e331f13d2d353be02d0e8691fe5efdf3e69ceeecfc3b452b111e4a
    • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __swprintf_wcscpy$__i64tow__itow
    • String ID:
    • API String ID: 3038501623-0
    • Opcode ID: 45605a0e81c0f251dc2ac498882374cdf5450316938d9e4768eadbd6b27dcf88
    • Instruction ID: 2d826072eebb3cc9b8b6a8fde8b9da0ebc7f558755c715a4a51c402ed3db85ba
    • Opcode Fuzzy Hash: 45605a0e81c0f251dc2ac498882374cdf5450316938d9e4768eadbd6b27dcf88
    • Instruction Fuzzy Hash: 5741E5B2504204ABD700EF35EC06EAB73A4EB95304F04892FFD0997282F67DD619976E
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __fread_nolock_fseek_strcat
    • String ID: A06
    • API String ID: 3818483258-2665848207
    • Opcode ID: 40f5c3c9c8978c972024018e6f8f201252b8adbc95ffbd729fb028edc2f0a75f
    • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
    • Opcode Fuzzy Hash: 40f5c3c9c8978c972024018e6f8f201252b8adbc95ffbd729fb028edc2f0a75f
    • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll
    • String ID:
    • API String ID: 3832890014-0
    • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
    • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
    • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
    • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
    APIs
      • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
      • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
      • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
    • _wcscat.LIBCMT ref: 0044BD96
    • _wcscat.LIBCMT ref: 0044BDBF
    • __wsplitpath.LIBCMT ref: 0044BDEC
    • _wcscpy.LIBCMT ref: 0044BE73
    • _wcscat.LIBCMT ref: 0044BE85
    • _wcscat.LIBCMT ref: 0044BE97
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat$__wsplitpath$__wcsicoll_wcscpy
    • String ID:
    • API String ID: 586767359-0
    • Opcode ID: 618efd88d5a2bc6ba4319c0adbf6a18ba34b0944e03fbb3147600e8e6892dfd0
    • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
    • Opcode Fuzzy Hash: 618efd88d5a2bc6ba4319c0adbf6a18ba34b0944e03fbb3147600e8e6892dfd0
    • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _malloc_wcslen$_strcat_wcscpy
    • String ID:
    • API String ID: 1612042205-0
    • Opcode ID: 2d1ae1810d24075f652c606e1de6cd8f7232e713ba10f775ebcddcbd7a6ca03e
    • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
    • Opcode Fuzzy Hash: 2d1ae1810d24075f652c606e1de6cd8f7232e713ba10f775ebcddcbd7a6ca03e
    • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 78e79a885f55b03f12773853d90bfe4c61bb0eff78e2701cb390d4ec1d30a5d3
    • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
    • Opcode Fuzzy Hash: 78e79a885f55b03f12773853d90bfe4c61bb0eff78e2701cb390d4ec1d30a5d3
    • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy$_wcscat
    • String ID:
    • API String ID: 2037614760-0
    • Opcode ID: ec1509243025a6935f6cc25144ce1815764242cfd553d06f476c3bf8936a7168
    • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
    • Opcode Fuzzy Hash: ec1509243025a6935f6cc25144ce1815764242cfd553d06f476c3bf8936a7168
    • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll$__wcsnicmp
    • String ID:
    • API String ID: 790654849-0
    • Opcode ID: e1eccb1f8e4263f5ec08b519260410326193d64f5f3e61591cfbbc70f3114277
    • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
    • Opcode Fuzzy Hash: e1eccb1f8e4263f5ec08b519260410326193d64f5f3e61591cfbbc70f3114277
    • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _malloc$_strcat_strlen
    • String ID: uginDetails
    • API String ID: 2311221987-3265214538
    • Opcode ID: 308336099c878e221fff2e8f83e141b221cb4dc4da9db0f8945ebb7376da3b1c
    • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
    • Opcode Fuzzy Hash: 308336099c878e221fff2e8f83e141b221cb4dc4da9db0f8945ebb7376da3b1c
    • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy$_strcat
    • String ID: sThemeActive
    • API String ID: 2292115017-1538405661
    • Opcode ID: f7b31738a8841333dbfe95a84897e4837bd869d4b6b111cf401edaa67fae576b
    • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
    • Opcode Fuzzy Hash: f7b31738a8841333dbfe95a84897e4837bd869d4b6b111cf401edaa67fae576b
    • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll
    • String ID:
    • API String ID: 3832890014-0
    • Opcode ID: 03307009c8be143b75a5ca330f3e25119bdf22f1785d6c4802cde0f2b9cdea7c
    • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
    • Opcode Fuzzy Hash: 03307009c8be143b75a5ca330f3e25119bdf22f1785d6c4802cde0f2b9cdea7c
    • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat$__wsplitpath_wcscpy_wcsncpy
    • String ID:
    • API String ID: 3887782530-0
    • Opcode ID: cf8b662110d98a09e1492580d378f06886cff9adf9edda972938c0e5764e184b
    • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
    • Opcode Fuzzy Hash: cf8b662110d98a09e1492580d378f06886cff9adf9edda972938c0e5764e184b
    • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat$__wsplitpath_wcscpy_wcsncpy
    • String ID:
    • API String ID: 3887782530-0
    • Opcode ID: 7222f4e617eff58199d50c39674668c25ce2546072fa5f0f4050120e2ae3fed3
    • Instruction ID: 9ef8ac46b2ec3f8a2b66e183c5d6435db2730cdd54c1860218fefef83dfd89d7
    • Opcode Fuzzy Hash: 7222f4e617eff58199d50c39674668c25ce2546072fa5f0f4050120e2ae3fed3
    • Instruction Fuzzy Hash: D061A7B25043049BC724EF65C881E9FB3E8AF94704F048E1EF98987241DB79E949CB96
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat$__wsplitpath_wcscpy
    • String ID:
    • API String ID: 3240238573-0
    • Opcode ID: edfd5bfbd72aabbec21a6de04d1b48d7f48cc901d82ccbf85325fe44aa556ba4
    • Instruction ID: 9cf480aa196f294c1fa35a86eed1a807036e0773d071a08e0fc304530ec90260
    • Opcode Fuzzy Hash: edfd5bfbd72aabbec21a6de04d1b48d7f48cc901d82ccbf85325fe44aa556ba4
    • Instruction Fuzzy Hash: D331D7724093049BC710DFA0D884ADFB7ECAB99314F084E1EF69982151EB39D24C87AA
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll
    • String ID:
    • API String ID: 3832890014-0
    • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
    • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
    • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
    • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __fileno__setmode$_fprintf
    • String ID:
    • API String ID: 1753843248-0
    • Opcode ID: dd577f8c6ca6bb31a7300aafaffe389a1a11b582ef881505b2cf87339fe6e104
    • Instruction ID: 1e9a75ed7ce68f0ee686932f25d41d1f14ae1a91d469003489e3a0780bce169f
    • Opcode Fuzzy Hash: dd577f8c6ca6bb31a7300aafaffe389a1a11b582ef881505b2cf87339fe6e104
    • Instruction Fuzzy Hash: 6D11F3B2D0830136D500BA366C02AAF7A5C4A91B5CF44056EFD4563293EA2DAA4943FF
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_wcstok
    • String ID:
    • API String ID: 3914304756-0
    • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
    • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
    • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
    • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
    APIs
    • ___set_flsgetvalue.LIBCMT ref: 004140E1
      • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
    • ___fls_getvalue@4.LIBCMT ref: 004140EC
    • ___fls_setvalue@8.LIBCMT ref: 004140FF
      • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
    • __freefls@4.LIBCMT ref: 00414135
    • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __decode_pointer$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
    • String ID:
    • API String ID: 1148384291-0
    • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
    • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
    • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
    • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
    APIs
      • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
    • ___set_flsgetvalue.LIBCMT ref: 00415690
      • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
    • ___fls_getvalue@4.LIBCMT ref: 0041569B
    • ___fls_setvalue@8.LIBCMT ref: 004156AD
      • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
    • __freefls@4.LIBCMT ref: 004156D9
    • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __decode_pointer$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
    • String ID:
    • API String ID: 2458498089-0
    • Opcode ID: 68f8895410578a6558ff0b3d5985a9e6c93f505c3c296d3eff7805ab3ee2bdad
    • Instruction ID: 437946ba33081a53f8e8a37eff8b1c0e9594209f2053f9d7bb117d63c1528b40
    • Opcode Fuzzy Hash: 68f8895410578a6558ff0b3d5985a9e6c93f505c3c296d3eff7805ab3ee2bdad
    • Instruction Fuzzy Hash: 88016274500705ABD704BFB2DD199DE7B69AF84349B21C86FB90897222DA3DC9C1CB9C
    APIs
    • ___set_flsgetvalue.LIBCMT ref: 00415690
      • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
    • ___fls_getvalue@4.LIBCMT ref: 0041569B
    • ___fls_setvalue@8.LIBCMT ref: 004156AD
      • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
    • __freefls@4.LIBCMT ref: 004156D9
    • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __decode_pointer$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
    • String ID:
    • API String ID: 1148384291-0
    • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
    • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
    • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
    • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID:
    • String ID: $8'I$sThemeActive
    • API String ID: 0-1249268672
    • Opcode ID: 7a8c14ad9e66d969f835f5f3e18d8066828a7642a6ce64e9769cdb0b197a9364
    • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
    • Opcode Fuzzy Hash: 7a8c14ad9e66d969f835f5f3e18d8066828a7642a6ce64e9769cdb0b197a9364
    • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memcmp
    • String ID: '$[$h
    • API String ID: 2931989736-1224472061
    • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
    • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
    • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
    • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _strncmp
    • String ID: >$R$U
    • API String ID: 909875538-1924298640
    • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
    • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
    • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
    • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _malloc_memset_wcslen_wcsncpy
    • String ID:
    • API String ID: 3911470517-3916222277
    • Opcode ID: 84d48e821f0f4e78f1b6974fc1c69303c80ac0eb2178a7de7b637067cdef8aaa
    • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
    • Opcode Fuzzy Hash: 84d48e821f0f4e78f1b6974fc1c69303c80ac0eb2178a7de7b637067cdef8aaa
    • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __snwprintf__wcsicoll_wcscpy
    • String ID: 0vH
    • API String ID: 1729044348-3662162768
    • Opcode ID: e7ff30a2b3cf5c708eeea95b9ee339d48795a9c5c67946313c1203fed92fa44b
    • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
    • Opcode Fuzzy Hash: e7ff30a2b3cf5c708eeea95b9ee339d48795a9c5c67946313c1203fed92fa44b
    • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
    APIs
    • _memset.LIBCMT ref: 00457C34
    • _memset.LIBCMT ref: 00457CE8
      • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
      • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset$_wcscpy_wcslen
    • String ID: <$@
    • API String ID: 1225221127-1426351568
    • Opcode ID: 64822f44cbc44c0354130b3b2e353eac92068e185bcd26bef2dfaf808823d79a
    • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
    • Opcode Fuzzy Hash: 64822f44cbc44c0354130b3b2e353eac92068e185bcd26bef2dfaf808823d79a
    • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _printf$__swprintf_wcslen
    • String ID: HH
    • API String ID: 830109130-2761332787
    • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
    • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
    • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
    • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
    APIs
      • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
    • _strcat.LIBCMT ref: 0040F603
      • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
      • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset_strcat_strlen_wcslen
    • String ID: sThemeActive
    • API String ID: 2326196103-1538405661
    • Opcode ID: 41374ced59e3b96680b605cbd4cd05cb7d96b5532b81d6e85af5aa3e52d7a1ca
    • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
    • Opcode Fuzzy Hash: 41374ced59e3b96680b605cbd4cd05cb7d96b5532b81d6e85af5aa3e52d7a1ca
    • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset_wcscpy_wcslen_wcsncpy
    • String ID: pYH
    • API String ID: 3826378587-3100548861
    • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
    • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
    • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
    • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
    APIs
      • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
    • _printf.LIBCMT ref: 00453FEF
    • __swprintf.LIBCMT ref: 00454012
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __swprintf_printf_wcslen
    • String ID: sThemeActive
    • API String ID: 3053763446-1538405661
    • Opcode ID: 07d9d797f384be3555c0fab0b986d6083d1b27932b89e48401016cd166b1764f
    • Instruction ID: 327f96855d4355ffe36fd876382f39e825fe9fd844eb54ace06724565496aa0b
    • Opcode Fuzzy Hash: 07d9d797f384be3555c0fab0b986d6083d1b27932b89e48401016cd166b1764f
    • Instruction Fuzzy Hash: D8218072604341ABD214FB51CC49EAF73A9EBC4705F404C2EFA4567292D678AE09C7AA
    APIs
    • _memset.LIBCMT ref: 0042CD00
      • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
      • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy$_memset
    • String ID: $OH$@OH$X
    • API String ID: 2633112109-1394974532
    • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
    • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
    • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
    • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
    APIs
    • __flush.LIBCMT ref: 00414630
    • __fileno.LIBCMT ref: 00414650
    • __locking.LIBCMT ref: 00414657
    • __flsbuf.LIBCMT ref: 00414682
      • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
      • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
    • String ID:
    • API String ID: 3240763771-0
    • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
    • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
    • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
    • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsnicmp
    • String ID:
    • API String ID: 1038674560-0
    • Opcode ID: 1ca39ac2458cdef1cdf8c211ffe80b4d81d9c877de0e8941472b298b9ff6df39
    • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
    • Opcode Fuzzy Hash: 1ca39ac2458cdef1cdf8c211ffe80b4d81d9c877de0e8941472b298b9ff6df39
    • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
    APIs
    • ___set_flsgetvalue.LIBCMT ref: 00415737
    • __calloc_crt.LIBCMT ref: 00415743
    • __getptd.LIBCMT ref: 00415750
    • __dosmaperr.LIBCMT ref: 004157A9
      • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
      • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: ___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
    • String ID:
    • API String ID: 2816710906-0
    • Opcode ID: 1462cc5724af6e601f376879c64b45693d2742867bfe6bde792d53b5c1a5f7d2
    • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
    • Opcode Fuzzy Hash: 1462cc5724af6e601f376879c64b45693d2742867bfe6bde792d53b5c1a5f7d2
    • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll
    • String ID:
    • API String ID: 3832890014-0
    • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
    • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
    • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
    • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
    APIs
    • ___set_flsgetvalue.LIBCMT ref: 0041418F
    • __calloc_crt.LIBCMT ref: 0041419B
    • __getptd.LIBCMT ref: 004141A8
    • __dosmaperr.LIBCMT ref: 00414201
      • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
      • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: ___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
    • String ID:
    • API String ID: 2816710906-0
    • Opcode ID: 5290cf059a6a0fff791c4be4f0df89eb21f77fe1f73e318b213b74b1d84b1098
    • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
    • Opcode Fuzzy Hash: 5290cf059a6a0fff791c4be4f0df89eb21f77fe1f73e318b213b74b1d84b1098
    • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset$_sprintf
    • String ID:
    • API String ID: 891462717-0
    • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
    • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
    • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
    • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
    APIs
      • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
    • ___set_flsgetvalue.LIBCMT ref: 004140E1
      • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
    • ___fls_getvalue@4.LIBCMT ref: 004140EC
    • ___fls_setvalue@8.LIBCMT ref: 004140FF
      • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
    • __freefls@4.LIBCMT ref: 00414135
    • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __decode_pointer$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
    • String ID:
    • API String ID: 2458498089-0
    • Opcode ID: 234ab307b5c40b08ea0c1433cc5e64915265a7813faf8dc664d6b0a8a95377c8
    • Instruction ID: 911ed986ec53ede6ef0b83571fa98f68ea879814fd42304df77ef2b59abdac01
    • Opcode Fuzzy Hash: 234ab307b5c40b08ea0c1433cc5e64915265a7813faf8dc664d6b0a8a95377c8
    • Instruction Fuzzy Hash: 6201A171400205BBCB003FB6DC0E5DF76ACAF95399B22086EFA0193212DA7CC9C1866D
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
    • String ID:
    • API String ID: 3016257755-0
    • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
    • Instruction ID: 11ead64bc5c18606fe5fffcedc2bbdf89ccfa4faa7bd693ca83be0ddd2add3a5
    • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
    • Instruction Fuzzy Hash: AA11A272500059BBCF225E85EC018EE3F66FB88354B898416FE2858131C73AC9B1AB85
    APIs
    • __wsplitpath.LIBCMT ref: 00436A45
      • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
    • __wsplitpath.LIBCMT ref: 00436A6C
    • __wcsicoll.LIBCMT ref: 00436A93
    • __wcsicoll.LIBCMT ref: 00436AB0
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
    • String ID:
    • API String ID: 1187119602-0
    • Opcode ID: a82ffd85d30e746c3c25f8d0cb12168685da2f3a634f53fa08e3bcaa9e5fee63
    • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
    • Opcode Fuzzy Hash: a82ffd85d30e746c3c25f8d0cb12168685da2f3a634f53fa08e3bcaa9e5fee63
    • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_malloc_wcscat_wcscpy
    • String ID:
    • API String ID: 1597257046-0
    • Opcode ID: f57f4ec5081d1afef44045da741c2927e832a9b9504e5dba84acffa81931f156
    • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
    • Opcode Fuzzy Hash: f57f4ec5081d1afef44045da741c2927e832a9b9504e5dba84acffa81931f156
    • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
    APIs
    • _malloc.LIBCMT ref: 00411734
      • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
      • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
    • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
      • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
    • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
    • __CxxThrowException@8.LIBCMT ref: 00411779
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: Exception@8Throw_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
    • String ID:
    • API String ID: 1802512180-0
    • Opcode ID: be482afd7f3d81c4cfd88ebe1e4612a190c434671915f165c764d98f491e112e
    • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
    • Opcode Fuzzy Hash: be482afd7f3d81c4cfd88ebe1e4612a190c434671915f165c764d98f491e112e
    • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
    APIs
    • __getptd.LIBCMT ref: 00417D1A
      • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
      • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
    • __getptd.LIBCMT ref: 00417D31
    • __amsg_exit.LIBCMT ref: 00417D3F
    • __lock.LIBCMT ref: 00417D4F
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
    • String ID:
    • API String ID: 3521780317-0
    • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
    • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
    • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
    • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy_wcslen
    • String ID:
    • API String ID: 2972469078-3916222277
    • Opcode ID: c8c9097a55ba02709874158247028a8b5d7dd1f44af35e624d6e1b7d936b22d2
    • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
    • Opcode Fuzzy Hash: c8c9097a55ba02709874158247028a8b5d7dd1f44af35e624d6e1b7d936b22d2
    • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
    APIs
      • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
      • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
    • _memset.LIBCMT ref: 004538C4
    • _wcslen.LIBCMT ref: 00453960
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen$_memset_wcscpy
    • String ID: 0
    • API String ID: 1923256147-4108050209
    • Opcode ID: 94c08d970e54156d7562488d42b4eddd1bcaaffda6c0e157b4e2d644f28ad6fb
    • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
    • Opcode Fuzzy Hash: 94c08d970e54156d7562488d42b4eddd1bcaaffda6c0e157b4e2d644f28ad6fb
    • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset
    • String ID: 0$sThemeActive
    • API String ID: 2102423945-701362018
    • Opcode ID: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
    • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
    • Opcode Fuzzy Hash: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
    • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
    APIs
      • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
    • _wcscpy.LIBCMT ref: 00475F18
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscpy_wcslen
    • String ID: a$sThemeActive
    • API String ID: 2972469078-2479474057
    • Opcode ID: 17e314452de1e4593b54fa7f76c2e0bf470d8f67d8852131b179af87144fa0c2
    • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
    • Opcode Fuzzy Hash: 17e314452de1e4593b54fa7f76c2e0bf470d8f67d8852131b179af87144fa0c2
    • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset
    • String ID: 0$2
    • API String ID: 2102423945-3793063076
    • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
    • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
    • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
    • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcscat_wcslen
    • String ID: sThemeActive
    • API String ID: 2442265781-1538405661
    • Opcode ID: 627a9973c63d568ccc32adf38c826c6685701ff1f6a06015607ce0a71a3d234a
    • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
    • Opcode Fuzzy Hash: 627a9973c63d568ccc32adf38c826c6685701ff1f6a06015607ce0a71a3d234a
    • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _memset_wcslen
    • String ID: |
    • API String ID: 1983209088-2343686810
    • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
    • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
    • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
    • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __itow$_wcslen
    • String ID: sThemeActive
    • API String ID: 723732860-1538405661
    • Opcode ID: cf428ef2a12956f86c68e3a9913d84be6acee6c5de1e6c7bfab3b6ef545b92be
    • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
    • Opcode Fuzzy Hash: cf428ef2a12956f86c68e3a9913d84be6acee6c5de1e6c7bfab3b6ef545b92be
    • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
    APIs
      • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
    • _wcslen.LIBCMT ref: 004366DD
    • _wcsrchr.LIBCMT ref: 0043674C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen_wcsncpy_wcsrchr
    • String ID: \
    • API String ID: 3475877477-2967466578
    • Opcode ID: 2ed1ccf3a4ff377609f4894b4b6f5c51afc6ac527eca3f661bba21968df91e3c
    • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
    • Opcode Fuzzy Hash: 2ed1ccf3a4ff377609f4894b4b6f5c51afc6ac527eca3f661bba21968df91e3c
    • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: __calloc_crt
    • String ID: tion@std@@
    • API String ID: 3494438863-2728801557
    • Opcode ID: 03186bebc81f0ecf97d00956ff75015a8769669b4012e095c38bf0b124fc9a57
    • Instruction ID: 193fa334b1c43c3e4b1eb26a8762792fbb5e38bcd5e7b0a8d550ac3e9facca08
    • Opcode Fuzzy Hash: 03186bebc81f0ecf97d00956ff75015a8769669b4012e095c38bf0b124fc9a57
    • Instruction Fuzzy Hash: 2611A372719A11DBEB249E2DBD407E62A95EBC6734B24413BE505CB3E0E738CCD2864D
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2251360025.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000000.00000002.2251344785.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251404680.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251424789.0000000000490000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2251445661.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_400000_PO 455U90897QD.jbxd
    Similarity
    • API ID: _wcslen
    • String ID: hkG
    • API String ID: 176396367-3610518997
    • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
    • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
    • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
    • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5