Edit tour

Windows Analysis Report
z39UartAssist.exe

Overview

General Information

Sample name:	z39UartAssist.exe
Analysis ID:	1541089
MD5:	b117bdf393de8ff72d5a0b68731fcf54
SHA1:	d8f63074a1ee7c0140d1316b985a3e4ae5017496
SHA256:	ccc1e602d6a8ceeae8f1009170e8d46bc2cbc57d3583f483745c0d5e855ffd0a
Tags:	exeuser-Porcupine
Infos:

Detection

Score:	26
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains functionality to detect sleep reduction / modifications

Contains functionality to infect the boot sector

Sample is not signed and drops a device driver

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to get notified if a device is plugged in / out

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read device registry values (via SetupAPI)

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Creates driver files

Detected potential crypto function

Found decision node followed by non-executed suspicious APIs

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May check if the current machine is a sandbox (GetTickCount - Sleep)

PE / OLE file has an invalid certificate

Potential key logger detected (key state polling based)

Queries device information via Setup API

Queries disk information (often used to detect virtual machines)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

z39UartAssist.exe (PID: 2084 cmdline: "C:\Users\user\Desktop\z39UartAssist.exe" MD5: B117BDF393DE8FF72D5A0B68731FCF54)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.z39UartAssist.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

HTTP traffic detected: GET /assistcenter/uartassist_upgrade/?ver=50014&ident=SYWVSLRYMZWXKN5D&stamp=01729767727 HTTP/1.0Host: www.cmsoft.cnUser-Agent: Mozilla/4.0Accept: */*Accept-Language: zh-cnAccept-Encoding: identityConnection: closeCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004712DC @TSyncUart@RecvData$qqrpvi,ClearCommError,ReadFile,

0_2_004712DC

Source: global traffic

DNS traffic detected: DNS query: www.cmsoft.cn

Source: z39UartAssist.exe	String found in binary or memory: http://crl.gdca.com.cn/crl/GDCA_TrustAUTH_R4_Generic_CA.crl0
Source: z39UartAssist.exe	String found in binary or memory: http://crl.gdca.com.cn/crl/GDCA_TrustAUTH_R5_ROOT.crl0
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://free.cmsoft.cn/assistcenter/
Source: z39UartAssist.exe, 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmp, z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://free.cmsoft.cn/assistcenter/help/UartAssist
Source: z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://free.cmsoft.cn/download/cmsoft/assistant/uartassist5.0.14.zip
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://free.cmsoft.cn/tools/ntp/?handler=%d
Source: z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://free.cmsoft.cn/tools/ntp/?handler=%dtimestamp
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://free.scomm.cn/assistcenter/
Source: z39UartAssist.exe	String found in binary or memory: http://ocsp2.gdca.com.cn/ocsp0
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.cmsoft.cn
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.cmsoft.cn/assistcenter/
Source: z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cmsoft.cn/assistcenter/images/assist_dll3.raw
Source: z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cmsoft.cn/assistcenter/uartassist_upgrade/
Source: z39UartAssist.exe, 00000000.00000002.2977572678.0000000002453000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cmsoft.cn/assistcenter/uartassist_upgrade/?ver=50014&ident=SYWVSLRYMZWXKN5D&stamp=0172976
Source: z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.cmsoft.cnhttp://www.cmsoft.cn/assistcenter/http://www.scomm.cn/assistcenter/http://free.c
Source: z39UartAssist.exe	String found in binary or memory: http://www.gdca.com.cn/cert/GDCA_TrustAUTH_R5_ROOT.der0)
Source: z39UartAssist.exe	String found in binary or memory: http://www.gdca.com.cn/cps/cps0F
Source: z39UartAssist.exe	String found in binary or memory: http://www.gdca.com.cn/cps/cps0L
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.scomm.cn/assistcenter/

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00554DA4 GlobalAlloc,GlobalLock,SetClipboardData,GlobalUnlock,

0_2_00554DA4

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00554E88 GetClipboardData,GlobalLock,GlobalUnlock,

0_2_00554E88

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0052EDE0 GetKeyboardState,KiUserCallbackDispatcher,

0_2_0052EDE0

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0046C9A4 @TcmTrayIcon@ShiftState$qv,GetKeyState,GetKeyState,GetKeyState,

0_2_0046C9A4

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00531CA0 NtdllDefWindowProc_A,GetCapture,KiUserCallbackDispatcher,	0_2_00531CA0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00522408 NtdllDefWindowProc_A,	0_2_00522408
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0051D2B8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,	0_2_0051D2B8
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0051D368 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,	0_2_0051D368

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0040A5B4: CreateFileA,DeviceIoControl,CloseHandle,

0_2_0040A5B4

Source: C:\Users\user\Desktop\z39UartAssist.exe

File created: C:\Users\user\AppData\Roaming\Cmsoft\uartassist.sys

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0043E9B4	0_2_0043E9B4
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0043D04C	0_2_0043D04C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046B150	0_2_0046B150
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0045E018	0_2_0045E018
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004121D4	0_2_004121D4
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046E1DC	0_2_0046E1DC
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0049C298	0_2_0049C298
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00402304	0_2_00402304
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048846C	0_2_0048846C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048861C	0_2_0048861C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0045A6D0	0_2_0045A6D0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047C68C	0_2_0047C68C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00564A10	0_2_00564A10
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00490CCC	0_2_00490CCC
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00492CCC	0_2_00492CCC
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00456CB0	0_2_00456CB0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00498D64	0_2_00498D64
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00448F50	0_2_00448F50
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047D080	0_2_0047D080
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00443188	0_2_00443188
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0044F34C	0_2_0044F34C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00457338	0_2_00457338
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004593CC	0_2_004593CC
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048D444	0_2_0048D444
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004AB454	0_2_004AB454
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00453568	0_2_00453568
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00495668	0_2_00495668
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00459688	0_2_00459688
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00487744	0_2_00487744
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0045D790	0_2_0045D790
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046F80C	0_2_0046F80C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0043D808	0_2_0043D808
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046D830	0_2_0046D830
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048FA74	0_2_0048FA74
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0055DB54	0_2_0055DB54
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00465CC0	0_2_00465CC0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046FC98	0_2_0046FC98
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004ADE84	0_2_004ADE84
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00465EBC	0_2_00465EBC

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: String function: 00568B2C appears 372 times
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: String function: 004E23C4 appears 31 times
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: String function: 00568A48 appears 33 times
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: String function: 0055D764 appears 39 times

Source: z39UartAssist.exe

Static PE information: invalid certificate

Source: z39UartAssist.exe, 00000000.00000000.1730503720.0000000000639000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUartAssist. vs z39UartAssist.exe
Source: z39UartAssist.exe, 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUartAssist. vs z39UartAssist.exe
Source: z39UartAssist.exe	Binary or memory string: OriginalFilenameUartAssist. vs z39UartAssist.exe

Source: z39UartAssist.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: z39UartAssist.exe

Static PE information: Section: UPX1 ZLIB complexity 0.9978593495728234

Source: classification engine

Classification label: sus26.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0050B290 GetLastError,FormatMessageA,

0_2_0050B290

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004C0904 FindResourceA,

0_2_004C0904

Source: C:\Users\user\Desktop\z39UartAssist.exe

File created: C:\Users\user\AppData\Roaming\Cmsoft

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe

Mutant created: NULL

Source: Yara match	File source: 0.2.z39UartAssist.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\z39UartAssist.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: assist.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\z39UartAssist.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe

Window found: window name: TComboBox

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK
Source: C:\Users\user\Desktop\z39UartAssist.exe	Automated click: OK

Source: C:\Users\user\Desktop\z39UartAssist.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004A55DC FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_004A55DC

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004A4FC8 push ecx; mov dword ptr [esp], edx	0_2_004A4FC9
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BA15C push 004BA494h; ret	0_2_004BA48C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0042A11C push ecx; mov dword ptr [esp], eax	0_2_0042A121
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00486200 push 0048622Ch; ret	0_2_00486224
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BA538 push ecx; mov dword ptr [esp], eax	0_2_004BA539
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004265B8 push ecx; mov dword ptr [esp], ecx	0_2_004265BC
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00436664 push 004366BAh; ret	0_2_004366B2
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BA15C push 004BA494h; ret	0_2_004BA48C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004E88EC push ecx; mov dword ptr [esp], edx	0_2_004E88F0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00432A34 push ecx; mov dword ptr [esp], edx	0_2_00432A39
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00432DFC push ecx; mov dword ptr [esp], edx	0_2_00432E01
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00489114 push 00489140h; ret	0_2_00489138
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0042113C push 0042117Fh; ret	0_2_00421177
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0043B194 push 0043B1C0h; ret	0_2_0043B1B8
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0045B2D8 push ecx; mov dword ptr [esp], eax	0_2_0045B2DD
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004852B0 push ecx; mov dword ptr [esp], edx	0_2_004852B5
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048D390 push ecx; mov dword ptr [esp], eax	0_2_0048D393
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0043B3A4 push 0043B3D0h; ret	0_2_0043B3C8
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004C9548 push ecx; mov dword ptr [esp], edx	0_2_004C954D
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00485510 push 0048553Ch; ret	0_2_00485534
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BD69C push ecx; mov dword ptr [esp], edx	0_2_004BD6A1
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004C7748 push ecx; mov dword ptr [esp], edx	0_2_004C774A
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004CB79C push ecx; mov dword ptr [esp], ecx	0_2_004CB79D
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00401960 push 0040198Ch; ret	0_2_00401984
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BFAF4 push ecx; mov dword ptr [esp], edx	0_2_004BFAF9
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00427AA8 push 00427ADBh; ret	0_2_00427AD3
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00433D78 push 00433DA4h; ret	0_2_00433D9C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004C3D98 push ecx; mov dword ptr [esp], edx	0_2_004C3D9A
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00421D9C push 00421DC8h; ret	0_2_00421DC0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004BFE7C push ecx; mov dword ptr [esp], edx	0_2_004BFE81
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00489E10 push 00489E3Ch; ret	0_2_00489E34

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive0		0_2_0040A5B4
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive0		0_2_0040A298

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\z39UartAssist.exe

File created: C:\Users\user\AppData\Roaming\Cmsoft\uartassist.sys

Jump to behavior

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive0		0_2_0040A5B4
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive0		0_2_0040A298

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00534500 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	0_2_00534500
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046C9F0 @TcmTrayIcon@DoMessage$qqrr17Messages@TMessage,@TcmTrayIcon@ShiftState$qv,GetCursorPos,@TcmTrayIcon@ShiftState$qv,GetCursorPos,@TcmTrayIcon@ShiftState$qv,GetCursorPos,IsIconic,PostMessageA,@TcmTrayIcon@ShiftState$qv,GetCursorPos,@TcmTrayIcon@ShiftState$qv,GetCursorPos,@TcmTrayIcon@ShiftState$qv,GetCursorPos,@TcmTrayIcon@ShiftState$qv,GetCursorPos,	0_2_0046C9F0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00446D9C IsIconic,_ChecksumView,	0_2_00446D9C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046CE7C @TcmTrayIcon@Restore$qqrv,IsIconic,ShowWindow,SetForegroundWindow,	0_2_0046CE7C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046CE24 @TcmTrayIcon@Minimize$qqrv,IsIconic,ShowWindow,	0_2_0046CE24
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0051D2B8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,	0_2_0051D2B8
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0051D368 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,	0_2_0051D368

Source: C:\Users\user\Desktop\z39UartAssist.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0046A64C		0_2_0046A64C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00412750		0_2_00412750

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,

0_2_0051C168

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00472254 SetupDiGetClassDevsA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInfo,RegOpenKeyExA,RegEnumValueA,RegCloseKey,SetupDiDestroyDeviceInfoList,

0_2_00472254

Source: C:\Users\user\Desktop\z39UartAssist.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-86978

Source: C:\Users\user\Desktop\z39UartAssist.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-87001

Source: C:\Users\user\Desktop\z39UartAssist.exe

API coverage: 9.3 %

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00412750

0_2_00412750

Source: C:\Users\user\Desktop\z39UartAssist.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004D097C FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,	0_2_004D097C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004E4360 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,	0_2_004E4360
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_004D0B9C FindFirstFileA,GetLastError,	0_2_004D0B9C

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0050B820 GetSystemInfo,

0_2_0050B820

Source: z39UartAssist.exe, 00000000.00000002.2977239467.0000000000894000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllfP6,

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004A55DC FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_004A55DC

Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_TrayWnd
Source: z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ProgMan
Source: z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: SeShutdownPrivilegeShell_TrayWndShell_TrayWndButtonShell_TrayWndReBarWindow32Shell_TrayWndTrayNotifyWndProgManSOFTWARE\Microsoft\Windows\CurrentVersionSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersProgramFilesDirDesktopStart MenuFavoritesSendToPrograms...\\Iphlpapi.dllGetAdaptersInfoIphlpapi.dllSendARPSYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\IPAddressSubnetMaskDefaultGateway--------%ld--

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_0046A6A4 cpuid

0_2_0046A6A4

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,	0_2_004E4518
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,	0_2_004E4624
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: GetLocaleInfoA,	0_2_00475224

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00472254 SetupDiGetClassDevsA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInfo,RegOpenKeyExA,RegEnumValueA,RegCloseKey,SetupDiDestroyDeviceInfoList,

0_2_00472254

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004D2760 GetLocalTime,

0_2_004D2760

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_004660F8 GetTimeZoneInformation,

0_2_004660F8

Source: C:\Users\user\Desktop\z39UartAssist.exe

Code function: 0_2_00563464 GetVersion,GetCurrentThreadId,

0_2_00563464

Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00464470 closesocket,WaitForSingleObject,socket,htons,bind,listen,htons,connect,getsockname,htons,CreateThread,closesocket,	0_2_00464470
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047E908 @TcmSocket@Open$qqrv,IsWindow,SendMessageA,@TcmSocket@IsEmptyAddr$qqrp9TInetAddr,@TcmSocket@ShowError$qqrpci,CreateSemaphoreA,socket,@TcmSocket@ErrorCheck$qqripc,WSAAsyncSelect,@TcmSocket@ErrorCheck$qqripc,@TcmSocket@Bind$qqrp9TInetAddr,@TcmSocket@Listen$qqrp9TInetAddr,@TcmSocket@Connect$qqrv,SetTimer,@TcmSocket@IsEmptyAddr$qqrp9TInetAddr,@TcmSocket@Connect$qqrv,socket,@TcmSocket@Bind$qqrp9TInetAddr,@TcmSocket@Listen$qqrp9TInetAddr,WSAAsyncSelect,closesocket,@TcmSocket@DeclareConnect$qqro,WSAAsyncSelect,closesocket,SetTimer,	0_2_0047E908
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047ED7C @TcmSocket@Close$qqrv,WSAAsyncSelect,@TcmSocket@CloseClientAll$qqrv,@TcmSocket@ClearMultiListenPorts$qqrv,@TcmSocket@ClearMultiListenPorts$qqrv,KillTimer,closesocket,@TcmSocket@ErrorCheck$qqripc,@TcmSocket@DeclareConnect$qqro,	0_2_0047ED7C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00480FA0 @TcmSocket@ClearMultiListenPorts$qqrv,WSAAsyncSelect,closesocket,	0_2_00480FA0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_00481014 @TcmSocket@SetMultiListenPorts$qqrpxc,@TcmSocket@ClearMultiListenPorts$qqrv,@TcmSocket@AddMultiListenPort$qqri,@TcmSocket@AddMultiListenPort$qqri,	0_2_00481014
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0048118C @TcmSocket@AddMultiListenPort$qqri,	0_2_0048118C
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047F400 @TcmSocket@Bind$qqrp9TInetAddr,htons,bind,@TcmSocket@ErrorCheck$qqripc,htons,bind,@TcmSocket@ErrorCheck$qqripc,	0_2_0047F400
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047D6E0 @TcmSocket@ComboBox_BindServerClients$qqrp18Stdctrls@TComboBox,	0_2_0047D6E0
Source: C:\Users\user\Desktop\z39UartAssist.exe	Code function: 0_2_0047F808 @TcmSocket@Listen$qqrp9TInetAddr,listen,@TcmSocket@ErrorCheck$qqripc,	0_2_0047F808

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 Windows Service	1 Windows Service	1 Masquerading	21 Input Capture	2 System Time Discovery	Remote Services	21 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Bootkit	1 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	Security Account Manager	131 Security Software Discovery	SMB/Windows Admin Shares	2 Clipboard Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	21 Obfuscated Files or Information	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Bootkit	Cached Domain Credentials	1 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Software Packing	DCSync	11 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	2 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	44 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
z39UartAssist.exe	5%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.cmsoft.cn	114.55.6.143	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.cmsoft.cn/assistcenter/uartassist_upgrade/?ver=50014&ident=SYWVSLRYMZWXKN5D&stamp=01729767727	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.cmsoft.cn/assistcenter/	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://www.cmsoft.cnhttp://www.cmsoft.cn/assistcenter/http://www.scomm.cn/assistcenter/http://free.c	z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://free.scomm.cn/assistcenter/	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://free.cmsoft.cn/download/cmsoft/assistant/uartassist5.0.14.zip	z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.cmsoft.cn/assistcenter/uartassist_upgrade/?ver=50014&ident=SYWVSLRYMZWXKN5D&stamp=0172976	z39UartAssist.exe, 00000000.00000002.2977572678.0000000002453000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://crl.gdca.com.cn/crl/GDCA_TrustAUTH_R5_ROOT.crl0	z39UartAssist.exe	false	unknown
http://ocsp2.gdca.com.cn/ocsp0	z39UartAssist.exe	false	unknown
http://www.gdca.com.cn/cert/GDCA_TrustAUTH_R5_ROOT.der0)	z39UartAssist.exe	false	unknown
http://crl.gdca.com.cn/crl/GDCA_TrustAUTH_R4_Generic_CA.crl0	z39UartAssist.exe	false	unknown
http://free.cmsoft.cn/tools/ntp/?handler=%d	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://www.cmsoft.cn/assistcenter/images/assist_dll3.raw	z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.gdca.com.cn/cps/cps0L	z39UartAssist.exe	false	unknown
http://free.cmsoft.cn/assistcenter/help/UartAssist	z39UartAssist.exe, 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmp, z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.cmsoft.cn	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://free.cmsoft.cn/tools/ntp/?handler=%dtimestamp	z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://www.gdca.com.cn/cps/cps0F	z39UartAssist.exe	false	unknown
http://www.cmsoft.cn/assistcenter/uartassist_upgrade/	z39UartAssist.exe, 00000000.00000003.1750748185.000000000420C000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2977965266.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, z39UartAssist.exe, 00000000.00000002.2978007112.000000000420C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://free.cmsoft.cn/assistcenter/	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown
http://www.scomm.cn/assistcenter/	z39UartAssist.exe, z39UartAssist.exe, 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
114.55.6.143	www.cmsoft.cn	China		37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541089
Start date and time:	2024-10-24 12:01:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	z39UartAssist.exe
Detection:	SUS
Classification:	sus26.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 62% Number of executed functions: 90 Number of non-executed functions: 256
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: z39UartAssist.exe

Simulations

Behavior and APIs

Time	Type	Description
06:02:07	API Interceptor	2x Sleep call for process: z39UartAssist.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	botnet.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	47.112.91.238
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	8.183.101.227
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	8.142.57.216
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	139.242.143.221
	mips.elf	Get hash	malicious	Unknown	Browse	8.153.35.184
	ppc.elf	Get hash	malicious	Unknown	Browse	39.107.255.63
	arm5.elf	Get hash	malicious	Unknown	Browse	112.124.60.45
	arm.elf	Get hash	malicious	Unknown	Browse	47.113.142.168
	sh4.elf	Get hash	malicious	Unknown	Browse	42.120.21.77
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	47.101.241.203

Process:	C:\Users\user\Desktop\z39UartAssist.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	126
Entropy (8bit):	3.3642727429526764
Encrypted:	false
SSDEEP:	3:lsyIDGn8rtnnnnnnnnnnnnnnnnnnnnnPYYrn:+685nnnnnnnnnnnnnnnnnnnnPYsn
MD5:	42EB5EEB99979253945C98EC4603134E
SHA1:	09120CDA3A19A6DE737D935728425048A7399DB7
SHA-256:	77787188495B9918144D511F4C3E9C7A3AC2C972219E12B142D3A7F267744982
SHA-512:	C972DC7FB459497AC67B03C6DB1E1BE9747AA6FCB2C2EDC87739293CCE435073F2D7A72FB218E979CCE8F757FFFA8746E8FC1CA902DDF3A16B607BA31CFC7B20
Malicious:	true
Reputation:	low
Preview:	[COMMON]..Profile=HBwcHHMFD10cHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcWg==....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
Entropy (8bit):	7.96487512093428
TrID:	Win32 Executable (generic) a (10002005/4) 99.66% UPX compressed Win32 Executable (30571/9) 0.30% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	z39UartAssist.exe
File size:	663'544 bytes
MD5:	b117bdf393de8ff72d5a0b68731fcf54
SHA1:	d8f63074a1ee7c0140d1316b985a3e4ae5017496
SHA256:	ccc1e602d6a8ceeae8f1009170e8d46bc2cbc57d3583f483745c0d5e855ffd0a
SHA512:	2ec3a3013e890d16ffc4d19e99a217a21d9b0ab057f6bde7dc5758f5269793ff5e5c3e0dffb9a4bdb43fa85d3a5e48d2eff6e36ffdda232a5a8d04e07ae7e55c
SSDEEP:	12288:aFWEXQXe8v5Wd5QLtwmueZOPnw5N3TAK/f15/gK00Xw1F4VVyBoSOy:a4EXQudd5QLK2Ff3/306w1FIG
TLSH:	BFE42308D5895EC8C853693E88BFDDF6EF3D9C18A6D60B0B687C7A6A3D373702954502
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	41c2212b2b96e001

Static PE Info

General

Entrypoint:	0x637c60
Entrypoint Section:	UPX1
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x66C69C0F [Thu Aug 22 02:01:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	86256cb1ab86c0d66e6ed993b2903721

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=CMSOFT.CN, E=support@cmsoft.cn, C=China, S=\u91ce\u4eba\u5bb6\u56ed
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	21/05/2023 11:30:50 31/12/2039 23:59:59
Subject Chain	CN=CMSOFT.CN, E=support@cmsoft.cn, C=China, S=\u91ce\u4eba\u5bb6\u56ed
Version:	3
Thumbprint MD5:	D0513EF735314925E41D0B7E9E9FD494
Thumbprint SHA-1:	87E9FE8FABE1155CF87671EA90F78FE468980E4B
Thumbprint SHA-256:	5B95F97FFB4816DC0911C9B843246C53C245836BD0A58B44D6D032D29B4AFFC6
Serial:	1185C26BBAEBC0924661FC6FDCBFACDA

Entrypoint Preview

Instruction
pushad
mov esi, 0059F000h
lea edi, dword ptr [esi-0019E000h]
mov dword ptr [edi+0019E9E8h], 948643A7h
push edi
mov ebp, esp
lea ebx, dword ptr [esp-00003E80h]
xor eax, eax
push eax
cmp esp, ebx
jne 00007F6154828F5Dh
inc esi
inc esi
push ebx
push 0023515Ah
push edi
add ebx, 04h
push ebx
push 00098C57h
push esi
add ebx, 04h
push ebx
push eax
mov dword ptr [ebx], 00000003h
push ebp
push edi
push esi
push ebx
sub esp, 7Ch
mov edx, dword ptr [esp+00000090h]
mov dword ptr [esp+74h], 00000000h
mov byte ptr [esp+73h], 00000000h
mov ebp, dword ptr [esp+0000009Ch]
lea eax, dword ptr [edx+04h]
mov dword ptr [esp+78h], eax
mov eax, 00000001h
movzx ecx, byte ptr [edx+02h]
mov ebx, eax
shl ebx, cl
mov ecx, ebx
dec ecx
mov dword ptr [esp+6Ch], ecx
movzx ecx, byte ptr [edx+01h]
shl eax, cl
dec eax
mov dword ptr [esp+68h], eax
mov eax, dword ptr [esp+000000A8h]
movzx esi, byte ptr [edx]
mov dword ptr [ebp+00h], 00000000h
mov dword ptr [esp+60h], 00000000h
mov dword ptr [eax], 00000000h
mov eax, 00000300h
mov dword ptr [esp+64h], esi
mov dword ptr [esp+5Ch], 00000001h
mov dword ptr [esp+58h], 00000001h
mov dword ptr [esp+00h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1eb000	0x836d	UPX1
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23f31c	0x354	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x239000	0x631c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa0600	0x19f8	UPX0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x238824	0x18	UPX1
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x19e000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0x19f000	0x9a000	0x99a00	4d54dabcf0f6a8cd6b3194feb6546252	False	0.9978593495728234	data	7.99940224227282	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x239000	0x7000	0x6800	f0a4de259b9e4c928407ee4a4c5792ee	False	0.14629657451923078	data	3.688979499398818	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x1f5de4	0x134	data			1.0357142857142858
RT_CURSOR	0x1f5f18	0x134	data			1.0357142857142858
RT_CURSOR	0x1f604c	0x134	data			1.0357142857142858
RT_CURSOR	0x1f6180	0x134	data			1.0357142857142858
RT_CURSOR	0x1f62b4	0x134	data			1.0357142857142858
RT_CURSOR	0x1f63e8	0x134	data			1.0357142857142858
RT_CURSOR	0x1f651c	0x134	data			1.0357142857142858
RT_CURSOR	0x1f6650	0x134	data			1.0357142857142858
RT_BITMAP	0x1f6784	0x190	data	Chinese	China	1.0275
RT_BITMAP	0x1f6914	0x40	data	Chinese	China	1.171875
RT_BITMAP	0x1f6954	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f6b24	0x1e4	data			1.0227272727272727
RT_BITMAP	0x1f6d08	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f6ed8	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f70a8	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f7278	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f7448	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f7618	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f77e8	0x1d0	OpenPGP Secret Key			1.0237068965517242
RT_BITMAP	0x1f79b8	0x1d0	data			1.0237068965517242
RT_BITMAP	0x1f7b88	0x42a8	data	Chinese	China	1.0009376465072668
RT_BITMAP	0x1fbe30	0xc0	data			1.0572916666666667
RT_BITMAP	0x1fbef0	0xd8	data			1.0509259259259258
RT_BITMAP	0x1fbfc8	0xe0	data			1.0491071428571428
RT_BITMAP	0x1fc0a8	0x4e0	data	Chinese	China	1.0088141025641026
RT_BITMAP	0x1fc588	0xe0	data			1.0491071428571428
RT_BITMAP	0x1fc668	0x54	data	Chinese	China	1.130952380952381
RT_BITMAP	0x1fc6bc	0xc8	data	Chinese	China	1.055
RT_BITMAP	0x1fc784	0x5c	data	Chinese	China	1.1195652173913044
RT_BITMAP	0x1fc7e0	0x5c	data	Chinese	China	1.1195652173913044
RT_BITMAP	0x1fc83c	0xc0	data	Chinese	China	1.0572916666666667
RT_BITMAP	0x1fc8fc	0x54	data	Chinese	China	1.130952380952381
RT_BITMAP	0x1fc950	0xb0	data	Chinese	China	1.0625
RT_BITMAP	0x1fca00	0x5c	data	Chinese	China	1.1195652173913044
RT_BITMAP	0x1fca5c	0xc8	data	Chinese	China	1.055
RT_BITMAP	0x1fcb24	0xc8	data	Chinese	China	1.055
RT_BITMAP	0x1fcbec	0xe0	data			1.0491071428571428
RT_BITMAP	0x1fcccc	0xc0	data			1.0572916666666667
RT_BITMAP	0x1fcd8c	0xc0	data			1.0572916666666667
RT_BITMAP	0x1fce4c	0x2f8	data	Chinese	China	1.0144736842105264
RT_BITMAP	0x1fd144	0x4d8	data	Chinese	China	1.0088709677419354
RT_BITMAP	0x1fd61c	0x2f8	data	Chinese	China	1.0144736842105264
RT_BITMAP	0x1fd914	0x338	data	Chinese	China	1.0133495145631068
RT_BITMAP	0x1fdc4c	0x110	data	Chinese	China	1.0404411764705883
RT_BITMAP	0x1fdd5c	0x2f8	data	Chinese	China	1.0144736842105264
RT_BITMAP	0x1fe054	0x4d8	data	Chinese	China	1.0088709677419354
RT_BITMAP	0x1fe52c	0x3a8	data	Chinese	China	1.0117521367521367
RT_BITMAP	0x1fe8d4	0x4d8	data	Chinese	China	1.0088709677419354
RT_BITMAP	0x1fedac	0x1d8	data	Chinese	China	1.0233050847457628
RT_BITMAP	0x1fef84	0x2c8	data	Chinese	China	1.0154494382022472
RT_BITMAP	0x1ff24c	0xd8	data	Chinese	China	1.0509259259259258
RT_BITMAP	0x1ff324	0x2f8	data	Chinese	China	1.0144736842105264
RT_BITMAP	0x1ff61c	0x2f8	data	Chinese	China	1.0144736842105264
RT_BITMAP	0x1ff914	0x268	data	Chinese	China	1.0178571428571428
RT_BITMAP	0x1ffb7c	0x268	data	Chinese	China	1.0178571428571428
RT_BITMAP	0x1ffde4	0xe0	data			1.0491071428571428
RT_BITMAP	0x1ffec4	0xd8	data			1.0509259259259258
RT_BITMAP	0x1fff9c	0xd8	data			1.0509259259259258
RT_BITMAP	0x200074	0xc0	data			1.0572916666666667
RT_BITMAP	0x200134	0xd8	data			1.0509259259259258
RT_BITMAP	0x20020c	0xe0	data			1.0491071428571428
RT_BITMAP	0x2002ec	0xd8	data			1.0509259259259258
RT_BITMAP	0x2003c4	0xe8	data			1.0474137931034482
RT_BITMAP	0x2004ac	0xc0	data			1.0572916666666667
RT_BITMAP	0x20056c	0x588	data	Chinese	China	1.0077683615819208
RT_BITMAP	0x200af4	0x188	data	English	United States	1.028061224489796
RT_BITMAP	0x200c7c	0x188	data	English	United States	1.028061224489796
RT_BITMAP	0x200e04	0x188	data	English	United States	1.028061224489796
RT_BITMAP	0x200f8c	0x188	data	English	United States	1.028061224489796
RT_BITMAP	0x201114	0x328	data	Chinese	China	1.0136138613861385
RT_BITMAP	0x20143c	0x328	data	Chinese	China	1.0136138613861385
RT_BITMAP	0x201764	0x328	data	Chinese	China	1.0136138613861385
RT_BITMAP	0x201a8c	0x328	data	Chinese	China	1.0136138613861385
RT_BITMAP	0x201db4	0x3308	data	Chinese	China	1.0008420085731782
RT_BITMAP	0x2050bc	0xe0	data			1.0491071428571428
RT_ICON	0x23ade8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0, resolution 2835 x 2835 px/m	Chinese	China	0.049362305148795464
RT_ICON	0x2093c4	0x10a8	data	Chinese	China	1.002579737335835
RT_ICON	0x20a46c	0x10a8	data	Chinese	China	1.002579737335835
RT_ICON	0x20b514	0x10a8	data	Chinese	China	1.002579737335835
RT_ICON	0x20c5bc	0x10a8	data	Chinese	China	1.002579737335835
RT_ICON	0x20d664	0x10a8	data	Chinese	China	1.002579737335835
RT_DIALOG	0x20e70c	0x52	data			1.1341463414634145
RT_STRING	0x20e760	0x80	data			1.0859375
RT_STRING	0x20e7e0	0x314	data			1.013959390862944
RT_STRING	0x20eaf4	0xd8	data			1.0509259259259258
RT_STRING	0x20ebcc	0x160	data			1.03125
RT_STRING	0x20ed2c	0x240	data			1.0190972222222223
RT_STRING	0x20ef6c	0x314	data			1.013959390862944
RT_STRING	0x20f280	0x404	data			1.0107003891050583
RT_STRING	0x20f684	0x4a4	data			1.0092592592592593
RT_STRING	0x20fb28	0x3e8	data			1.011
RT_STRING	0x20ff10	0xf4	data			1.0450819672131149
RT_STRING	0x210004	0xc4	data			1.0561224489795917
RT_STRING	0x2100c8	0x2c0	data			1.015625
RT_STRING	0x210388	0x3a4	data			1.011802575107296
RT_STRING	0x21072c	0x374	data			1.012443438914027
RT_STRING	0x210aa0	0x308	data			1.0141752577319587
RT_STRING	0x210da8	0x40c	data			1.0106177606177607
RT_STRING	0x2111b4	0x3b8	data			1.0115546218487395
RT_STRING	0x21156c	0x454	data			1.009927797833935
RT_STRING	0x2119c0	0x23c	data			1.0192307692307692
RT_STRING	0x211bfc	0x100	data			1.04296875
RT_STRING	0x211cfc	0x208	data			1.021153846153846
RT_STRING	0x211f04	0x4f0	data			1.0087025316455696
RT_RCDATA	0x2123f4	0x10	Non-ISO extended-ASCII text, with no line terminators, with escape sequences			1.5625
RT_RCDATA	0x212404	0x71ac	data			1.0005498281786942
RT_GROUP_CURSOR	0x2195b0	0x14	data			1.45
RT_GROUP_CURSOR	0x2195c4	0x14	data			1.45
RT_GROUP_CURSOR	0x2195d8	0x14	zlib compressed data			1.45
RT_GROUP_CURSOR	0x2195ec	0x14	data			1.45
RT_GROUP_CURSOR	0x219600	0x14	data			1.45
RT_GROUP_CURSOR	0x219614	0x14	data			1.45
RT_GROUP_CURSOR	0x219628	0x14	Non-ISO extended-ASCII text, with no line terminators			1.45
RT_GROUP_CURSOR	0x21963c	0x14	Non-ISO extended-ASCII text, with no line terminators, with overstriking			1.45
RT_GROUP_ICON	0x23f014	0x14	data	Chinese	China	1.1
RT_GROUP_ICON	0x219664	0x14	data	Chinese	China	1.4
RT_GROUP_ICON	0x219678	0x14	data	Chinese	China	1.45
RT_GROUP_ICON	0x21968c	0x14	data	Chinese	China	1.45
RT_GROUP_ICON	0x2196a0	0x14	data	Chinese	China	1.4
RT_GROUP_ICON	0x2196b4	0x14	data	Chinese	China	1.45
RT_VERSION	0x23f02c	0x2f0	SysEx File - IDP	Chinese	China	0.5106382978723404

Imports

DLL	Import
ADVAPI32.DLL	RegCloseKey
COMCTL32.DLL
COMDLG32.DLL	FindTextA
GDI32.DLL	Arc
IPHLPAPI.DLL	GetAdaptersAddresses
KERNEL32.DLL	LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
OLE32.DLL	CoInitialize
OLEAUT32.DLL	VariantInit
SETUPAPI.DLL	SetupDiGetClassDevsA
SHELL32.DLL	SHGetMalloc
USER32.DLL	GetDC
VERSION.DLL	VerQueryValueA
WINMM.DLL	timeSetEvent
WINSPOOL.DRV	ClosePrinter
WSOCK32.DLL	bind

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 12:02:09.491430044 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:09.496831894 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:09.496937037 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:09.501636982 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:09.506983995 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.464418888 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.464476109 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.464528084 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.464565992 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.464590073 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:10.464637041 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:10.464644909 CEST	49732	80	192.168.2.4	114.55.6.143
Oct 24, 2024 12:02:10.470561028 CEST	80	49732	114.55.6.143	192.168.2.4
Oct 24, 2024 12:02:10.470643997 CEST	49732	80	192.168.2.4	114.55.6.143

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 12:02:09.026721001 CEST	54714	53	192.168.2.4	1.1.1.1
Oct 24, 2024 12:02:09.488128901 CEST	53	54714	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 12:02:09.026721001 CEST	192.168.2.4	1.1.1.1	0xb743	Standard query (0)	www.cmsoft.cn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 12:02:09.488128901 CEST	1.1.1.1	192.168.2.4	0xb743	No error (0)	www.cmsoft.cn		114.55.6.143	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.cmsoft.cn

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	114.55.6.143	80	2084	C:\Users\user\Desktop\z39UartAssist.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 12:02:09.501636982 CEST	255	OUT	GET /assistcenter/uartassist_upgrade/?ver=50014&ident=SYWVSLRYMZWXKN5D&stamp=01729767727 HTTP/1.0 Host: www.cmsoft.cn User-Agent: Mozilla/4.0 Accept: / Accept-Language: zh-cn Accept-Encoding: identity Connection: close Cache-Control: no-cache
Oct 24, 2024 12:02:10.464418888 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 24 Oct 2024 10:02:10 GMT Content-Type: text/html Content-Length: 2555 Last-Modified: Fri, 20 Sep 2024 07:49:33 GMT Connection: close Vary: Accept-Encoding ETag: "66ed290d-9fb" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes Data Raw: 23 6d 65 73 73 61 67 65 3d 7b 0a 35 2e 30 2e 32 0a 20 28 31 29 20 d4 f6 bc d3 d7 d4 b6 af d3 a6 b4 f0 d1 d3 ca b1 b2 ce ca fd c9 e8 d6 c3 0a 20 28 32 29 20 d3 c5 bb af 4a 54 38 30 38 d6 d5 b6 cb c4 a3 c4 e2 c6 f7 a3 ac d4 f6 bc d3 b6 a8 ca b1 d0 c4 cc f8 c9 e8 d6 c3 0a 20 28 33 29 20 d3 c5 bb af b8 bd bc d3 ce bb c9 e8 d6 c3 a3 ac d4 f6 bc d3 d0 a3 d1 e9 c6 ab d2 c6 d2 d4 bc b0 b9 cc b6 a8 d6 a1 ce b2 0a 20 28 34 29 20 d4 f6 c7 bf d7 aa d2 e5 b7 fb d6 a7 b3 d6 a3 ac bf c9 d4 da b7 a2 cb cd b4 b0 bf da d6 b1 bd d3 b7 a2 cb cd bd c5 b1 be b4 fa c2 eb 0a 35 2e 30 2e 31 0a 20 28 31 29 20 d4 f6 bc d3 d7 d4 b6 af d3 a6 b4 f0 2f d7 d4 b6 a8 d2 e5 bd c5 b1 be 0a 20 28 32 29 20 d4 f6 bc d3 4a 54 38 30 38 d0 ad d2 e9 d6 d5 b6 cb c4 a3 c4 e2 0a 20 28 33 29 20 d4 f6 bc d3 4d 6f 64 62 75 73 d0 ad d2 e9 d6 d5 b6 cb b5 f7 ca d4 0a 20 28 34 29 20 d4 f6 bc d3 b8 a1 b5 e3 d7 aa bb bb bc c6 cb e3 c6 f7 0a 20 28 35 29 20 d7 a8 d2 b5 b0 e6 d4 f6 c7 bf d6 a7 b3 d6 0a 34 2e 33 2e 31 35 0a 20 28 31 29 20 bd d3 ca d5 b4 b0 [TRUNCATED] Data Ascii: #message={5.0.2 (1) (2) JT808 (3) (4) 5.0.1 (1) / (2) JT808 (3) Modbus (4) (5) 4.3.15 (1) (2) (3) (4) 4.3.9 (1) (2) (3) (4) 4.3.0 (1) (2) (3) ASCII(download right now)?}#url1=http://free.cmsoft.cn/download/cmsoft/assistant/uartassist5.0.14.zip#method=2 (redirect)#version=5.0.13#configs={qqgroup = 312280605tipcolor = #FF6600tipcycles=0uchidden=trueqqhidden=truebrandhidd
Oct 24, 2024 12:02:10.464476109 CEST	212	IN	Data Raw: 65 6e 3d 74 72 75 65 0a 7d 0a 0a 24 24 63 56 64 62 49 53 46 54 58 56 74 48 4a 52 63 66 5a 45 74 79 54 48 4a 44 52 68 63 66 66 48 6c 44 65 48 79 32 35 4e 43 78 4d 57 46 6b 32 39 43 70 39 58 72 62 30 4e 48 6b 65 64 72 77 31 37 65 30 32 61 50 79 65 Data Ascii: en=true}$$cVdbISFTXVtHJRcfZEtyTHJDRhcffHlDeHy25NCxMWFk29Cp9Xrb0NHkedrw17e02aPyeqvvo9rdzqWner221MrVudnWeBcffHlOeHyiptDi1sWv9rbk0LHdtNzg1/Ov6d3ls8Oq8hcffHlBeHzYxtK6ofTc+7bk0LE9YTfb7a+22MSmsBcffHlGeHzYxtK6ofTc+7b
Oct 24, 2024 12:02:10.464528084 CEST	1236	IN	Data Raw: 6b 30 4c 47 39 74 4e 33 6c 30 2f 79 75 39 62 33 50 31 64 58 59 78 4b 61 77 46 78 39 38 65 55 74 34 66 4c 79 79 32 64 5a 6f 4e 31 70 57 57 31 65 38 78 37 37 34 31 73 57 76 39 72 37 77 30 63 47 69 72 36 44 2b 46 78 39 38 65 55 52 34 66 4b 54 32 70 Data Ascii: k0LG9tN3l0/yu9b3P1dXYxKawFx98eUt4fLyy2dZoN1pWW1e8x7741sWv9r7w0cGir6D+Fx98eUR4fKT2peC8stnWsavVynwXH0tyTHJDQRcffHlDeHy8rrbkYWY3ej02QU5qOGFs1sLav77V0OCqrra52MSmsBcffHlOeHyxq9XKN1pWW1e8x77426aiptDi1sWv9rzNrq8XH3x5QXh8q++j2t3Opad62vDXt93Opae25NCxoq
Oct 24, 2024 12:02:10.464565992 CEST	166	IN	Data Raw: 36 55 6c 42 59 55 6c 74 6b 55 31 42 59 56 6c 4d 6d 57 32 78 62 4c 6c 68 61 56 6b 64 44 53 33 78 38 65 64 4b 6f 33 50 54 62 70 74 44 70 71 63 6d 30 73 4b 53 2f 77 63 44 62 79 36 4c 56 56 6c 4d 6f 65 42 63 66 63 57 4e 6a 50 53 35 61 4b 79 78 48 51 Data Ascii: 6UlBYUltkU1BYVlMmW2xbLlhaVkdDS3x8edKo3PTbptDpqcm0sKS/wcDby6LVVlMoeBcfcWNjPS5aKyxHQUNOTklMRExLcHxEQ0hLTklOSEl8fBcfcWNjMitXXlsuR0hNS0lISUFMSRcfcStRWVhWVltSR2ZuazsXHxc=

Target ID:	0
Start time:	06:02:07
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\z39UartAssist.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\z39UartAssist.exe"
Imagebase:	0x400000
File size:	663'544 bytes
MD5 hash:	B117BDF393DE8FF72D5A0B68731FCF54
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	60

Executed Functions

Function 0043E9B4 Relevance: 41.1, APIs: 10, Strings: 13, Instructions: 802
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00565180: GetLocalTime.KERNEL32(?,00000000), ref: 0056518E

Part of subcall function 00403910: GetTempPathA.KERNEL32(000000C8,?), ref: 00403933

Part of subcall function 00413B0C: @TcmAutoUpgrader@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 00413B46

@TcmAutoUpgrader@SetLocalVersionText$qqr17System@AnsiString.Z39UARTASSIST ref: 0043EAB4
@TContextPopupMenu@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0043EE1F
@TContextPopupMenu@RegisterCharsetMenuItem$qqrp15Menus@TMenuItemi.Z39UARTASSIST ref: 0043EE39
@TContextPopupMenu@RegisterCharsetMenuItem$qqrp15Menus@TMenuItemi.Z39UARTASSIST ref: 0043EE4C
@TContextPopupMenu@SetCharset$qqri.Z39UARTASSIST ref: 0043EE72
@TcmForm@setToggleState$qqr16TFormToggleState.Z39UARTASSIST ref: 0043F03F

Part of subcall function 004F80C8: CheckMenuItem.USER32(00000000,?,?), ref: 004F8100

@TAssistSplitter@Instantiate$qqrp18Classes@TComponentp20Controls@TWinControlt2ynpqqrp14System@TObject$v.Z39UARTASSIST(?,?), ref: 0043F089

Part of subcall function 00406300: @TAssistSplitter@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0040632A
Part of subcall function 00406300: @TAssistSplitter@SetBackgroudColor$qqr15Graphics@TColor.Z39UARTASSIST ref: 00406344

LoadBitmapA.USER32(?,ICON_INFO), ref: 0043F107

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

@TcmForm@ExecuteMaximize$qqrv.Z39UARTASSIST ref: 0043F644
PostMessageA.USER32(00000000,0000040B,00000000,00000000), ref: 0043F7DD

Strings

x#D, xrefs: 0043F1B6
t1D, xrefs: 0043F063
t, xrefs: 0043F760
UartAssist, xrefs: 0043F766
Welcome to , xrefs: 0043F780
/D, xrefs: 0043F0D5, 0043F0DE
hh:mm:ss, xrefs: 0043EA2A
h*D, xrefs: 0043F520
@W, xrefs: 0043EA88
^, xrefs: 0043EA3D
ICON_INFO, xrefs: 0043F0FA
5.0.14, xrefs: 0043EAA3
yyyy-MM-dd, xrefs: 0043E9F1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Menu$Classes@ContextPopup$AssistComponentMenu@$AutoCharsetItem$qqrp15ItemiLocalMenus@RegisterSplitter@System@Toggle$AnsiBackgroudBitmapCallbackCharset$qqriCheckColorColor$qqr15Componentp20Controls@Controlt2ynpqqrp14DispatcherExecuteFormForm@Form@setGraphics@Instantiate$qqrp18ItemLoadMaximize$qqrvMenu@$bctr$qqrp18MessageObject$vPathPostSplitter@$bctr$qqrp18StateState$qqr16StringTempText$qqr17TimeUpgrader@Upgrader@$bctr$qqrp18UserVersion
String ID: 5.0.14$@W$ICON_INFO$UartAssist$Welcome to $h*D$hh:mm:ss$t$t1D$x#D$yyyy-MM-dd$^$/D
API String ID: 982550687-2054703135
Opcode ID: a1cf65d3c65cf964d5493d99c6c1c4aec530ee67ad43b3b58900f33f44068b47
Instruction ID: 8006cb96a45ce60304b63df073c5dd9c845c0fd3bb7955d7e64e89ae2f88272b
Opcode Fuzzy Hash: a1cf65d3c65cf964d5493d99c6c1c4aec530ee67ad43b3b58900f33f44068b47
Instruction Fuzzy Hash: 17824774A012058FDB14DF19C885B99BBF1FF88308F1481BAE9499F366CB35A949CF58

Function 004A55DC Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 192
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000), ref: 004A56E9
LoadLibraryA.KERNEL32(005934ED), ref: 004A56FF
GetProcAddress.KERNEL32(00000000,dll_mem_crc16), ref: 004A571A
GetProcAddress.KERNEL32(00000000,dll_get_version), ref: 004A5794
GetProcAddress.KERNEL32(00000000,LoadBitmapfromMemory), ref: 004A57AA
GetProcAddress.KERNEL32(00000000,LoadPNGfromStream), ref: 004A57BF
GetProcAddress.KERNEL32(00000000,MPHexEditor_ShowModal), ref: 004A57D5
GetProcAddress.KERNEL32(00000000,WebBrowser_Navigate), ref: 004A57EB
GetProcAddress.KERNEL32(00000000,WebBrowser_Invoke), ref: 004A5800
FreeLibrary.KERNEL32(00000000,00000000,dll_mem_crc16,005934ED), ref: 004A5845

Strings

assist.dll, xrefs: 004A5649
dll_get_version, xrefs: 004A5788
assist.sys, xrefs: 004A55F5
LoadPNGfromStream, xrefs: 004A57B4
dll_mem_crc16, xrefs: 004A5714
LoadBitmapfromMemory, xrefs: 004A579E
8, xrefs: 004A5721
WebBrowser_Navigate, xrefs: 004A57DF
WebBrowser_Invoke, xrefs: 004A57F5
MPHexEditor_ShowModal, xrefs: 004A57C9
assist.dll, xrefs: 004A56AE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$Free$Load
String ID: 8$LoadBitmapfromMemory$LoadPNGfromStream$MPHexEditor_ShowModal$WebBrowser_Invoke$WebBrowser_Navigate$assist.dll$assist.dll$assist.sys$dll_get_version$dll_mem_crc16
API String ID: 930031478-1472578398
Opcode ID: dd11d352923aed193548225b94b709e6722d2f0e64a095c52ebc41c45e260c62
Instruction ID: 0a79c0f14bd496bb61fbe507f8be70998eee5db6c9d603e49caabc13073f6f31
Opcode Fuzzy Hash: dd11d352923aed193548225b94b709e6722d2f0e64a095c52ebc41c45e260c62
Instruction Fuzzy Hash: 9A71927090020ADBCF11EBA4D989AEEBBB8FF55300F11456BE40967351DB389F09DB65

Function 004E4518 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184
registrystringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,0056B0A8), ref: 004E4534
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,?,0056B0A8), ref: 004E4552
RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,?,0056B0A8), ref: 004E4570
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 004E458E
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,004E461D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 004E45D7
RegQueryValueExA.ADVAPI32(?,004E4784,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,004E461D,?,80000001), ref: 004E45F5
RegCloseKey.ADVAPI32(?,004E4624,00000000,?,?,00000000,004E461D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004E4617
lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004E4634
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004E4641
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004E4647
lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 004E4672
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004E46B9
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004E46C9
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004E46F1
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004E4701
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 004E4727
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?), ref: 004E4737

Strings

Software\Borland\Locales, xrefs: 004E4548, 004E4566
Software\Borland\Delphi\Locales, xrefs: 004E4584
., xrefs: 004E4684

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: .$Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1759228003-3917250287
Opcode ID: 6a6085b507c2613188efa4bace852e6db6a483e9875522edd7ee92092e92043c
Instruction ID: a1e44367fbbf4686bfe3d1403c0c72d710c958931c86e67c6fc404c743da46f4
Opcode Fuzzy Hash: 6a6085b507c2613188efa4bace852e6db6a483e9875522edd7ee92092e92043c
Instruction Fuzzy Hash: E1517971A4025D7AEF21D6B58C46FEF7BBCAB85741F4001A2B604E7181E6789E44CB94

Function 00472254 Relevance: 26.7, APIs: 7, Strings: 8, Instructions: 420
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetupDiGetClassDevsA.SETUPAPI(0059B0AC,00000000,00000000,00000002), ref: 0047228B
SetupDiGetDeviceRegistryPropertyA.SETUPAPI(000000FF,?,0000000C,00000000,?,00000104,00000000), ref: 004722D2
SetupDiEnumDeviceInfo.SETUPAPI(000000FF,?,?), ref: 00472457
RegOpenKeyExA.ADVAPI32(80000002,Hardware\DeviceMap\SerialComm,00000000,00020019,?), ref: 0047248B
RegEnumValueA.ADVAPI32(?,00000000,?,00000040,00000000,00000000,?,00000040,80000002,Hardware\DeviceMap\SerialComm,00000000,00020019,?), ref: 0047250C
RegCloseKey.ADVAPI32(?,?,00000001,?,00000040,00000000,00000000,?,00000040,?,00000000,?,00000040,00000000,00000000,?), ref: 00472519
SetupDiDestroyDeviceInfoList.SETUPAPI(?), ref: 00472809

Strings

@, xrefs: 004724B1
@, xrefs: 004724AA
COM, xrefs: 0047240D
(COM, xrefs: 004722D7
h, xrefs: 004727FF
COM, xrefs: 00472797
Hardware\DeviceMap\SerialComm, xrefs: 00472481
4K, xrefs: 0047229F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Setup$Device$EnumInfo$ClassCloseDestroyDevsListOpenPropertyRegistryValue
String ID: (COM$4K$@$@$COM$COM$Hardware\DeviceMap\SerialComm$h
API String ID: 3611252246-4248320136
Opcode ID: 72697b564033dc1d8b31d3da65b65c9c3be64cfd0cf3a5f16a97dc534eed7eeb
Instruction ID: 2649c9aed43a251bb5fe1b7b9409f8a0e45de31ffb2c0ad08769cc63df75a942
Opcode Fuzzy Hash: 72697b564033dc1d8b31d3da65b65c9c3be64cfd0cf3a5f16a97dc534eed7eeb
Instruction Fuzzy Hash: 20023D74E002199FCB14DFA4C985BEEB7B5FF48304F20816AE909A7252DB74AE46CF54

Function 004E4624 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98
stringlibrarythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004E4634
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004E4641
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004E4647
lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 004E4672
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004E46B9
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004E46C9
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004E46F1
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004E4701
lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 004E4727
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?), ref: 004E4737

Strings

Software\Borland\Locales, xrefs: 004E4548, 004E4566
Software\Borland\Delphi\Locales, xrefs: 004E4584
., xrefs: 004E4684

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
String ID: .$Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1599918012-3917250287
Opcode ID: 5642b653f104c87a34190c793bf55d685bd789574837a80296629cfbf3510c82
Instruction ID: 402fe8e366e20405a04fa69c854b64db1027a754bcec6d49567d926d60afba60
Opcode Fuzzy Hash: 5642b653f104c87a34190c793bf55d685bd789574837a80296629cfbf3510c82
Instruction Fuzzy Hash: EB31AB71E0025D2AEF25D6B5DC4AFEF7BFC5B85380F0441F2A648E7185EA789E848B50

Function 004720C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111registrywindowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(?,00000464,00000000,00000000), ref: 004721AA
RegisterDeviceNotificationA.USER32(?,00000020,00000000), ref: 004721F9

Strings

|*G, xrefs: 00472165, 00472170
, xrefs: 004721CD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: DeviceMessageNotificationPostRegister
String ID: $|*G
API String ID: 1660816118-4069222751
Opcode ID: c1ca511793141a2b4c1757e3a43df32ac7c1a9d1542795c70eeb51950b3a2c70
Instruction ID: 1b7022f1b62546d623e90b5473392de711495219b60717ac6dc26e6521d1a631
Opcode Fuzzy Hash: c1ca511793141a2b4c1757e3a43df32ac7c1a9d1542795c70eeb51950b3a2c70
Instruction Fuzzy Hash: D8411675A002059BD728CF58D884BDAFBF5FF98300F24866EE6889B341C772A945CBD4

Function 0040A5B4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 0040A5F6
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00001000,?,00000000), ref: 0040A638
CloseHandle.KERNEL32(00000000,00000000,002D1400,?,0000000C,?,00001000,?,00000000,?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 0040A666

Strings

\\.\PhysicalDrive0, xrefs: 0040A5BD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: \\.\PhysicalDrive0
API String ID: 33631002-1180397377
Opcode ID: 71b245b3cce3ad6ed13dd5098edcd237b44a6c60628cded3cf606c99298eef98
Instruction ID: f610eac4f3080639976a76cabc5bc351fdb566711a164c697a638a15b6bf445a
Opcode Fuzzy Hash: 71b245b3cce3ad6ed13dd5098edcd237b44a6c60628cded3cf606c99298eef98
Instruction Fuzzy Hash: 1431C335A40209ABDB00DB65CC82FAFB7B9FB89760F140126F904BB3D1DA759D418BA5

Function 004D097C Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,?,004D09EE,?,00406A3D), ref: 004D0997
FindClose.KERNEL32(00000000,00000000,?,?,?,004D09EE,?,00406A3D), ref: 004D09A2
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004D09BB
FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 004D09CC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FileTime$Find$CloseDateFirstLocal
String ID:
API String ID: 2659516521-0
Opcode ID: 55f75d935bf554deb310207c3fb4b47479307ec569e5fcd68e9baffba3f9d912
Instruction ID: c7c4f722a64da47354d29372549cef8d25a3ef1d791e11ee7ae127461722c244
Opcode Fuzzy Hash: 55f75d935bf554deb310207c3fb4b47479307ec569e5fcd68e9baffba3f9d912
Instruction Fuzzy Hash: CBF018B1D0020DA6CF10EAE58C99ADF77ACAB45324F1007D3B519E3291EA749B054794

Function 00531CA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00531DC4

Strings

, xrefs: 00531D16

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Capture
String ID:
API String ID: 1145282425-3916222277
Opcode ID: f0d8ae3e318030af4d124136efec2b1f6ecdd57fd829452a5f22e6367a5cad07
Instruction ID: 5ad16c352f497a87538122d8a892b32801d1715b967a36099bdfaf900a9a342e
Opcode Fuzzy Hash: f0d8ae3e318030af4d124136efec2b1f6ecdd57fd829452a5f22e6367a5cad07
Instruction Fuzzy Hash: 5B31C130700A4297C720AA3CCC89B5A6FE5BF83310F158D39B456CBB92DA34DE05C769

Function 0046B150 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

@TcmDownloader@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0046B189

Strings

AutoUpgrade, xrefs: 0046B1F8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Classes@ComponentDownloader@$bctr$qqrp18
String ID: AutoUpgrade
API String ID: 2020136150-756189993
Opcode ID: 96e9b9b0e8ddbb25682c98873902b0212c81c6a834885420eccfcbc1f273ea30
Instruction ID: 97c19fa33b3ee49f161006a371f95edc360b12283082cc70c8d89b039cc71115
Opcode Fuzzy Hash: 96e9b9b0e8ddbb25682c98873902b0212c81c6a834885420eccfcbc1f273ea30
Instruction Fuzzy Hash: 804150B1600655CFDB14DF29C48175ABBF6FF8A304B0486AAD845DF359D730E806CBA6

Function 0052EDE0 Relevance: 3.1, APIs: 2, Instructions: 129COMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,?,?,?,?,00472CCF), ref: 0052EF15
KiUserCallbackDispatcher.NTDLL(?,?,?,?,00472CCF), ref: 0052EF68

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherKeyboardStateUser
String ID:
API String ID: 4281813569-0
Opcode ID: 5f612f760ad0bced47cd9558801d29a2c0138559b3a422f7948d5f74e952c41c
Instruction ID: fa5ce2fdf13aa0e3b25171b7e7f7c4a87f6b98bb9c0ea12ac14e928ef7df135d
Opcode Fuzzy Hash: 5f612f760ad0bced47cd9558801d29a2c0138559b3a422f7948d5f74e952c41c
Instruction Fuzzy Hash: A441CE30A00625CFDB20DF28E68A6A9BFE9BF47700F1844A5E455DB2D1C770DE85CB56

Function 004C0904 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 004C0926

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FindResource
String ID:
API String ID: 1635176832-0
Opcode ID: f3f3a25696deafbf42814b3943e34ce8e29dcf650049079e444d85fee10f1d28
Instruction ID: 80a274cc4f5c446239568964f609e2ab7a88182ad992e322c01d7432691aff6c
Opcode Fuzzy Hash: f3f3a25696deafbf42814b3943e34ce8e29dcf650049079e444d85fee10f1d28
Instruction Fuzzy Hash: D801F776304300BBE710EF2AEC92F2AB7ADEB8A714711403EF500D7352DA799C019714

Function 0050B820 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,00000000,00000000,00000000,?,?,?,0050F030,?,?,00000000,0050F057), ref: 0050B830

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: b53cf9cefce9f071b2e099d77d03ddf86a6ac356d889bf6f0b38cd09207a6768
Instruction ID: 4d9b580e751b97ea1eb64bbb6623148b06ef696b79dca1c21f6cca5dd4455c98
Opcode Fuzzy Hash: b53cf9cefce9f071b2e099d77d03ddf86a6ac356d889bf6f0b38cd09207a6768
Instruction Fuzzy Hash: FFF06271D01109DFDB10DF98C4D889CBBB8FB5630175082A9D408E7292EB30E694D781

Function 004660F8 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,0046A4A9,?,0046A494), ref: 004660FF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: 2adf4f9eff68a7ce87f8b3a769e8103df1dae65cc01e18ae1313eb9a6b9eafd5
Instruction ID: 2c2c044b0c30796dcad2614d41bb67523dd3fdcd679579d814183eaba617f24b
Opcode Fuzzy Hash: 2adf4f9eff68a7ce87f8b3a769e8103df1dae65cc01e18ae1313eb9a6b9eafd5
Instruction Fuzzy Hash: 25C08C2090815057E2012321DC172847E04AB43B28FCB0725C1E8402A7F62F0138498B

Function 0043D04C Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 63a20488e03fdd28344ff6f68dd4148cbef4997637c47a5589e4f2538f95722b
Instruction ID: 4b904afc313b2872121d39465507a369b306bb0bec701edd8adb8812729c57e6
Opcode Fuzzy Hash: 63a20488e03fdd28344ff6f68dd4148cbef4997637c47a5589e4f2538f95722b
Instruction Fuzzy Hash: 99D1907060030A8FCB24EF54C4857EEF7B5FF84304F14866AE8565B746DB70A90ACBA5

Function 00464D20 Relevance: 44.2, APIs: 19, Strings: 6, Instructions: 495
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00464D2C

Part of subcall function 00469DB0: inet_addr.WS2_32(?), ref: 00469DC8
Part of subcall function 00469DB0: gethostbyname.WS2_32(?), ref: 00469DD5

htons.WS2_32(?), ref: 00464D92
socket.WS2_32(00000002,00000001,00000006), ref: 00464DC3
connect.WS2_32(?,?,00000010), ref: 00464DEF
select.WS2_32(?,00000000,?,00000000,?), ref: 00464E6E
GetTickCount.KERNEL32 ref: 00464ED8

Strings

application/x-www-form-urlencoded, xrefs: 00464FB3, 00464FB8
http connect error,%s!, xrefs: 00464EAC
, xrefs: 004650BA
, xrefs: 0046505D
POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/4.0Accept: */*Accept-Language: zh-cnAccept-Encoding: identityContent-Type: %sContent-Length: %d, xrefs: 00464FD3
GET %s HTTP/1.0Host: %sUser-Agent: Mozilla/4.0Accept: */*Accept-Language: zh-cnAccept-Encoding: identityConnection: closeCache-Control: no-cache, xrefs: 00464F18

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountTick$connectgethostbynamehtonsinet_addrselectsocket
String ID: $$GET %s HTTP/1.0Host: %sUser-Agent: Mozilla/4.0Accept: */*Accept-Language: zh-cnAccept-Encoding: identityConnection: closeCache-Control: no-cache$POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/4.0Accept: */*Accept-Language: zh-cnAccept-Encoding: identityContent-Type: %sContent-Length: %d$application/x-www-form-urlencoded$http connect error,%s!
API String ID: 339190699-2168922042
Opcode ID: 7653dfadc84f4d2fd0e2aca89bfa6cbb27445b70d837578952bb3e6522ba5fdc
Instruction ID: d72251cee2c87af9a7cb6a3a30595b8b0597c38c789139082b4eb5e9bbb71a03
Opcode Fuzzy Hash: 7653dfadc84f4d2fd0e2aca89bfa6cbb27445b70d837578952bb3e6522ba5fdc
Instruction Fuzzy Hash: 8202B171A006099FCF14DFA8DC91BEE77B9BB88304F10425AF905A7281E7789D85CF5A

Function 0043B92C Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 287
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

@cmSerialCommDriver32@TcmUart@MapBaudRatesValue$qqri.Z39UARTASSIST ref: 0043BA87
@cmSerialCommDriver32@TcmUart@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0043BB25
@cmSerialCommDriver32@TcmUart@SetLicense$qqri.Z39UARTASSIST ref: 0043BB39
@cmSerialCommDriver32@TcmUart@fSetInBufSize$qqri.Z39UARTASSIST ref: 0043BB48
@cmSerialCommDriver32@TcmUart@fSetOutBufSize$qqri.Z39UARTASSIST ref: 0043BB57
@cmSerialCommDriver32@TcmUart@SetDatagramMaxLength$qqri.Z39UARTASSIST ref: 0043BB98
@cmSerialCommDriver32@TcmUart@SetDatagramPartitionTime$qqri.Z39UARTASSIST ref: 0043BBA9
@cmSerialCommDriver32@TcmUart@SetAutoWrap$qqro.Z39UARTASSIST ref: 0043BBD5
@cmSerialCommDriver32@TcmUart@LoadSettings$qqr17System@AnsiString.Z39UARTASSIST ref: 0043BBF7
@cmSerialCommDriver32@TcmUart@fSetDTR$qqro.Z39UARTASSIST ref: 0043BC1E
@cmSerialCommDriver32@TcmUart@fSetRTS$qqro.Z39UARTASSIST ref: 0043BC35
@cmSerialCommDriver32@TcmUart@fGetParity$qqrv.Z39UARTASSIST ref: 0043BC7D
@cmSerialCommDriver32@TcmUart@fGetDataBits$qqrv.Z39UARTASSIST ref: 0043BC98
@cmSerialCommDriver32@TcmUart@fGetStopBits$qqrv.Z39UARTASSIST ref: 0043BCB3

Part of subcall function 0043C75C: @Cmcheckbutton@TcmCheckButton@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0043C87B
Part of subcall function 0043C75C: @Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST(00000000), ref: 0043C8B7

Part of subcall function 004720C4: PostMessageA.USER32(?,00000464,00000000,00000000), ref: 004721AA
Part of subcall function 004720C4: RegisterDeviceNotificationA.USER32(?,00000020,00000000), ref: 004721F9

Strings

11.52, xrefs: 0043B9F3
5678, xrefs: 0043B9A8
UartAssist, xrefs: 0043BBE0
NONEODDEVENMARKSPACE, xrefs: 0043B95D
h, xrefs: 0043BD82
Customize..., xrefs: 0043BADF
NONEXON/XOFFRTS/CTSDTR/DSRRTS/CTS/XON/XOFFDTR/DSR/XON/XOFF, xrefs: 0043BA3E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDriver32@Serial$Uart@f$Uart@$AutoBits$qqrvCheckClasses@Cmcheckbutton@ComponentDatagramSize$qqri$AdjustAnsiBaudButton@Button@$bctr$qqrp18DataDeviceLength$qqriLicense$qqriLoadMessageNotificationParity$qqrvPartitionPostR$qqroRatesRegisterS$qqroSettings$qqr17Size$qvStopStringSystem@Time$qqriUart@$bctr$qqrp18Value$qqriWrap$qqro
String ID: 11.52$5678$Customize...$NONEODDEVENMARKSPACE$NONEXON/XOFFRTS/CTSDTR/DSRRTS/CTS/XON/XOFFDTR/DSR/XON/XOFF$UartAssist$h
API String ID: 2842964971-1447752763
Opcode ID: fd334d896ec102cd3222618b030ed368b5457cb5e3f6919cc1f1e7dee5f0bd06
Instruction ID: affcc8d9f42149f95959a73eef81fd2fb94bab275bd6e42adfbdb16d29bba79a
Opcode Fuzzy Hash: fd334d896ec102cd3222618b030ed368b5457cb5e3f6919cc1f1e7dee5f0bd06
Instruction Fuzzy Hash: 66D1F974A001058FCB00EF54D489AADB7F1FF58304F2491BAE9096F366DB35A90ADB95

Function 0043BFC4 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 291
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEvent.KERNEL32(00000470), ref: 0043C00E
Sleep.KERNEL32(00000005,00000470), ref: 0043C017
@cmSerialCommDriver32@TcmUart@Close$qqrv.Z39UARTASSIST ref: 0043C034
@cmSerialCommDriver32@TcmUart@fSetBaudRate$qqrul.Z39UARTASSIST ref: 0043C164
@cmSerialCommDriver32@TcmUart@fSetParity$qqr11TCommParity.Z39UARTASSIST ref: 0043C1DE
@cmSerialCommDriver32@TcmUart@fSetDataBits$qqr13TCommDataBits.Z39UARTASSIST ref: 0043C1F5
@cmSerialCommDriver32@TcmUart@fSetStopBits$qqr13TCommStopBits.Z39UARTASSIST ref: 0043C20C
@cmSerialCommDriver32@TcmUart@fSetFCtrl$qqr12TFlowControl.Z39UARTASSIST ref: 0043C223
@cmSerialCommDriver32@TcmUart@Open$qqrv.Z39UARTASSIST ref: 0043C22A
@cmSerialCommDriver32@TcmUart@SaveSettings$qqr17System@AnsiString.Z39UARTASSIST ref: 0043C26E
@cmSerialCommDriver32@TcmUart@fGetDataBits$qqrv.Z39UARTASSIST ref: 0043C2FB
@cmSerialCommDriver32@TcmUart@fGetStopBits$qqrv.Z39UARTASSIST ref: 0043C306

Strings

, xrefs: 0043C254
UartAssist, xrefs: 0043C25A
COM%d, xrefs: 0043C241

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@Serial$Uart@f$DataStopUart@$BitsBits$qqr13Bits$qqrv$AnsiBaudClose$qqrvControlCtrl$qqr12EventFlowOpen$qqrvParityParity$qqr11Rate$qqrulSaveSettings$qqr17SleepStringSystem@
String ID: $COM%d$UartAssist
API String ID: 280170023-1321719275
Opcode ID: 4a485d5cbba37bd7a87e9f2a1160d363c07e4640d0211e4129aa15afa504b640
Instruction ID: ba76a419cecc9c9df252450a025dccb89f3bf706ce4b5f19a4d84fdfe03afed5
Opcode Fuzzy Hash: 4a485d5cbba37bd7a87e9f2a1160d363c07e4640d0211e4129aa15afa504b640
Instruction Fuzzy Hash: 5EC1F330604245DFDB18DB64D4C4BEEB7B1BF49304F10916BE80AA7392DB786D49DB49

Function 0046B70C Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0046B825
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0046B871
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0046B8C8
@TcmAutoUpgrader@NavigateUpgrade$qqripct2.Z39UARTASSIST(0058277B), ref: 0046B8FA
@TcmDownloader@AsyncDownLoad$qqrpct1iynpqqrp14System@TObjectpcipv$vpv.Z39UARTASSIST(00000000,?,?,00019000), ref: 0046B9A4

Strings

Fail to read upgrade information!, xrefs: 0046B9D4
Fail to read upgrade information!, xrefs: 0046BA7E
message, xrefs: 0046B8C1
Fail to locate upgrade page!, xrefs: 0046BA4B
version, xrefs: 0046B86A
Fail to connect server!, xrefs: 0046BA13
t, xrefs: 0046BA45
url1, xrefs: 0046B81E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoUpgrader@$ConfigReadValue$qqrpc$AsyncDownDownloader@Load$qqrpct1iynpqqrp14NavigateObjectpcipv$vpvSystem@Upgrade$qqripct2
String ID: Fail to connect server!$Fail to locate upgrade page!$Fail to read upgrade information!$Fail to read upgrade information!$message$t$url1$version
API String ID: 387212806-832274262
Opcode ID: 4b04a97d81e62627801e56d9c497b2fd147c0c5fae695deb258bc14f9525bc8f
Instruction ID: 8d78701ae245634ab6f12c96e6c941b2b6328d5beba58b2c4c39deb57bbe8849
Opcode Fuzzy Hash: 4b04a97d81e62627801e56d9c497b2fd147c0c5fae695deb258bc14f9525bc8f
Instruction Fuzzy Hash: 15D16370A00209CBCF15EF94C4857EEBBB5FF44314F14516AD801AB396E7789D8ACB96

Function 00478140 Relevance: 15.6, APIs: 10, Instructions: 631
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ace226716800852f712658ad57b38dbea41617156009a71b37e603e51f3515
Instruction ID: 84f9610a5f14daf85f821dcf6f951e06386dde3bfbf2d55e278d5580a646cabe
Opcode Fuzzy Hash: b8ace226716800852f712658ad57b38dbea41617156009a71b37e603e51f3515
Instruction Fuzzy Hash: EF32AA305493C1AFD712CB648AA9B997FB0AF03300F2941DBD4849F2E3D6799E0AD756

Function 004784DC Relevance: 15.3, APIs: 10, Instructions: 253
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

@cmSerialCommDriver32@TcmUart@SetDatagramMaxLength$qqri.Z39UARTASSIST ref: 00478544
@cmSerialCommDriver32@TcmUart@SetDatagramPartitionTime$qqri.Z39UARTASSIST ref: 0047854F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDatagramDriver32@SerialUart@$Length$qqriPartitionTime$qqri
String ID:
API String ID: 129507699-0
Opcode ID: 8db1af9f65cc043ac36ffa78d7f0e3dd490ba193370632c6b3a3d7b34e0607f5
Instruction ID: 8d9e2877218a601bbdee3d069e7bac28b1f50627a02ebd1abd1b10765272caec
Opcode Fuzzy Hash: 8db1af9f65cc043ac36ffa78d7f0e3dd490ba193370632c6b3a3d7b34e0607f5
Instruction Fuzzy Hash: F5C15834A04289EFEB10CBA8C985B9DBBB2BF45314F2442D8E5546F3D2C771AE06DB45

Function 00469DB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53
networkwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

inet_addr.WS2_32(?), ref: 00469DC8
gethostbyname.WS2_32(?), ref: 00469DD5
WSAGetLastError.WS2_32(?,00000000,?), ref: 00469DE7
MessageBoxA.USER32(00000000,Either the application has not called WSAStartup, or WSAStartup failed!,warning!,00000000), ref: 00469E01
gethostname.WS2_32(?,00000040), ref: 00469E0E
gethostbyname.WS2_32(?), ref: 00469E1B

Strings

Either the application has not called WSAStartup, or WSAStartup failed!, xrefs: 00469DFA
warning!, xrefs: 00469DF5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: gethostbyname$ErrorLastMessagegethostnameinet_addr
String ID: Either the application has not called WSAStartup, or WSAStartup failed!$warning!
API String ID: 2360276748-338537607
Opcode ID: 4a5bb411cef8ee5223d4fcf7347db644d4b672685caa5f0eebc4ea4963c48acf
Instruction ID: f7b26dd89af9ba87d0a28e10178e3b786cb13a13e9ad78bf08d23fc492d4b983
Opcode Fuzzy Hash: 4a5bb411cef8ee5223d4fcf7347db644d4b672685caa5f0eebc4ea4963c48acf
Instruction Fuzzy Hash: 8201B930B007115AD634FA64CC85F5B779CAF4A720F180256FE059B3D5F7B59C01829A

Function 00474F44 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 214
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadBitmapA.USER32(00584DB8,?), ref: 0047505C
@TcmForm@limit_max_height$qqrv.Z39UARTASSIST ref: 00475137
LoadBitmapA.USER32(00000000,dlgRestore), ref: 00475159
@TcmForm@UpdateLanguage$qqrv.Z39UARTASSIST ref: 00475172

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Strings

dlgRestore, xrefs: 0047514B
TNX, xrefs: 00474F93

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoad$CallbackDispatcherForm@Form@limit_max_height$qqrvLanguage$qqrvUpdateUser
String ID: TNX$dlgRestore
API String ID: 544651310-3375810296
Opcode ID: 786e639f11431a9bf004fbd47e293e444c9fed217d89467c9a192528a4e8ce17
Instruction ID: 76e32ca136461af6ec5462ead183c2b46d0c92c0beb18625d816a9150b12a576
Opcode Fuzzy Hash: 786e639f11431a9bf004fbd47e293e444c9fed217d89467c9a192528a4e8ce17
Instruction Fuzzy Hash: D481C430B006059BC715EF78D8857DEBBB2BF89314F10852AE8199B352DB78EC49CB94

Function 00413B0C Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 258COMMON

Download Yara Rule

APIs

@TcmAutoUpgrader@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 00413B46

Strings

.sys, xrefs: 00413BC6
.lic, xrefs: 00413CC3
UartAssist, xrefs: 00413B8A, 00413C87
SYWVSLRYMZWXKN5D, xrefs: 00413B70, 00413E55

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoClasses@ComponentUpgrader@$bctr$qqrp18
String ID: .lic$.sys$SYWVSLRYMZWXKN5D$UartAssist
API String ID: 1767174355-3925265230
Opcode ID: c51413c0943d9153b4270de6d14727a51c4fa3c24425114ab847d36387116547
Instruction ID: 5b4d2fb1597114babf07e48923185672c6636c4c84e7b0e94c36f7f3e6db6225
Opcode Fuzzy Hash: c51413c0943d9153b4270de6d14727a51c4fa3c24425114ab847d36387116547
Instruction Fuzzy Hash: 71A1A270A003098FDB20DFA4C4467EFBBF5FF94301F14866AD445A7292EB749A8A8B55

Function 0043FBCC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97windowCOMMON

Download Yara Rule

APIs

@TcmImageSlider@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(005DFA4C,?), ref: 0043FBE9
@TcmImageSlider@SetAutoSwitch$qqro.Z39UARTASSIST ref: 0043FC51

Part of subcall function 00472D5C: @TcmImageSlider@SetImageIndex$qqri.Z39UARTASSIST ref: 00472D9C

LoadBitmapA.USER32(00000000,ARROW_DOWN), ref: 0043FCE8

Strings

tQ, xrefs: 0043FC89
ARROW_DOWN, xrefs: 0043FCDA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Image$Slider@$AutoBitmapClasses@ComponentIndex$qqriLoadSlider@$bctr$qqrp18Switch$qqro
String ID: ARROW_DOWN$tQ
API String ID: 3707357048-4115951454
Opcode ID: c4fbb0bb11ea6d349722d005e690ab56783befd4e7991f6fa54351c85224b9ca
Instruction ID: 2fe28a32c84c9de1f3e115c192ac73edaf58ec7e018402a8c398ecf29a51b52b
Opcode Fuzzy Hash: c4fbb0bb11ea6d349722d005e690ab56783befd4e7991f6fa54351c85224b9ca
Instruction Fuzzy Hash: 914105B46002018FC704DF19C489BDA7BE1BF89314F1481B9ED499F3A6CB71AC45CB58

Function 004CA180 Relevance: 7.6, APIs: 5, Instructions: 60registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(00400000,004CA170,?), ref: 004CA1A1
UnregisterClassA.USER32(004CA170,00400000), ref: 004CA1CA
RegisterClassA.USER32(00599E68), ref: 004CA1D4
CreateWindowExA.USER32(00000080,004CA170,004CA230,80000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 004CA202
SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 004CA21F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Class$Window$CreateInfoLongRegisterUnregister
String ID:
API String ID: 3404767174-0
Opcode ID: b4b5f28485a0eec4339117ebc11c9e0246c2c2e212f54323818919e9aba29524
Instruction ID: d72ff3701615390a4b8b08e856b4be5a2ee587c4053aa131e8f06a4d86a8e495
Opcode Fuzzy Hash: b4b5f28485a0eec4339117ebc11c9e0246c2c2e212f54323818919e9aba29524
Instruction Fuzzy Hash: 860104B16002097BDB40EF989C85FAA37ACF759308F14421AF500E73A1CA76DC14CBA6

Function 00403910 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(000000C8,?), ref: 00403933

Part of subcall function 00401D40: SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 00401D67
Part of subcall function 00401D40: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 00401DC0
Part of subcall function 00401D40: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000026,00000000,00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 00401E19

Strings

UartAssist, xrefs: 00403979, 00403A6C
.log, xrefs: 004039B5
.cfg, xrefs: 00403AA4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Path$FolderSpecial$Temp
String ID: .cfg$.log$UartAssist
API String ID: 626480183-3365938029
Opcode ID: f6b846a0a6e79e600b166edd9878575dbb642f18925264c94308f6d0774ad7e6
Instruction ID: 60f97927cab6724e2b6790e0c98158ae5d5b509190a7a3ab15bc19c0bf22b7a9
Opcode Fuzzy Hash: f6b846a0a6e79e600b166edd9878575dbb642f18925264c94308f6d0774ad7e6
Instruction Fuzzy Hash: 2A71F27091010A8BCF44EF94C4855EEB7B9FF88300F5085A6DC05AB24BEB34DA169F65

Function 00401D40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 00401D67
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 00401DC0
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000026,00000000,00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 00401E19

Part of subcall function 004D09F4: GetFileAttributesA.KERNEL32(00000000,?,00401E40,00000000,?,00000026,00000000,00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 004D09FF

Strings

\Cmsoft\, xrefs: 00401EDB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FolderPathSpecial$AttributesFile
String ID: \Cmsoft\
API String ID: 3677892563-515973493
Opcode ID: ba6cdb7dac1f69c89231a46b1b3f87fc93d03028f354fc557f53515e1cf26839
Instruction ID: 2ea6e28b1f421ed5bdc14b1c1b7561322aedee3e6460346c158374f341b35cd3
Opcode Fuzzy Hash: ba6cdb7dac1f69c89231a46b1b3f87fc93d03028f354fc557f53515e1cf26839
Instruction Fuzzy Hash: 3251937050020A8BDF48DF50C895BEF77B5FF84301F1046A6DC05AB2A6EF74DA5A8B95

Function 00531300 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(?,?,?), ref: 005313C4
UnregisterClassA.USER32(?,?), ref: 005313EC
RegisterClassA.USER32(?), ref: 00531402

Strings

@, xrefs: 00531339

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Class$InfoRegisterUnregister
String ID: @
API String ID: 3749476976-2766056989
Opcode ID: 391ad910b9633c1227ea0cd6e2c4cc081225aa32b19b9f4e102c64a867596086
Instruction ID: 75bd85e57748565c31252ae2a451ff9ae4c7a8dc3abab3af4326182cd0a37152
Opcode Fuzzy Hash: 391ad910b9633c1227ea0cd6e2c4cc081225aa32b19b9f4e102c64a867596086
Instruction Fuzzy Hash: A1419D30A007548BDB20DB79CC85B9DBBF9BF45304F0049AAE849DB252DB34AE45CB55

Function 00444BD8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62windowCOMMON

Download Yara Rule

APIs

@TcmTrayIcon@SetHint$qqr17System@AnsiString.Z39UARTASSIST(?,?), ref: 00444C8B

Strings

Uart Assistant, xrefs: 00444C02
@COM, xrefs: 00444C4D
, xrefs: 00444C25

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AnsiHint$qqr17Icon@StringSystem@Tray
String ID: $@COM$Uart Assistant
API String ID: 2457536731-1055707753
Opcode ID: 38bc5ada46ced335acfea93927558e0b742794caab6899f0a8065f7028b39873
Instruction ID: 5566b2f62ec4657294ae57d1d83151fbd8f66ac325d67570560c10683fd5f9b4
Opcode Fuzzy Hash: 38bc5ada46ced335acfea93927558e0b742794caab6899f0a8065f7028b39873
Instruction Fuzzy Hash: 44216F70A1114E9BDB00EBA4D5956EEFBF8FF84304F1441AAD805B7342EB345E099BA6

Function 0052247C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47timeCOMMON

Download Yara Rule

APIs

KillTimer.USER32(?,00000001,00000000,005224FB,?,Lg@,00000000,00000000,?,0052253C,?,0040683A,?,?), ref: 00522499
SetTimer.USER32(?,00000001,?,00000000), ref: 005224BB

Part of subcall function 004E4E74: LoadStringA.USER32(00000000,00010000,?,00000400), ref: 004E4EA5

Strings

Lg@, xrefs: 00522482
lK, xrefs: 005224D6

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Timer$KillLoadString
String ID: Lg@$lK
API String ID: 1423459280-1879983524
Opcode ID: f5eba66a2a256b852c7325450c4ff480e53b5344366887b4e2de5bc0a5a612be
Instruction ID: f07cb5ea22e75b6977c342b21c10032ee37261db6073d75068fd03a423e7b8d5
Opcode Fuzzy Hash: f5eba66a2a256b852c7325450c4ff480e53b5344366887b4e2de5bc0a5a612be
Instruction Fuzzy Hash: EB01B134600250BBEF21EF66DD96F553BACFF8A708F810461F9009B2D2D6B9AD40C694

Function 0046C190 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000403,00000000,00000001), ref: 0046C1A9
@TcmDownloader@DownLoad$qqrpct1i.Z39UARTASSIST(?), ref: 0046C1DA
SendMessageA.USER32(?,00000401,00000000,?), ref: 0046C1F5
SendMessageA.USER32(?,00000403,00000000,000000FF), ref: 0046C207

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend$DownDownloader@Load$qqrpct1i
String ID:
API String ID: 2784886644-0
Opcode ID: 86a510f1ce5307459200a3dbcd980f0e2f693590f1fe3af5b08eb6631e5cdcd0
Instruction ID: fd8a86d88c22ef42849b98fb935506d6793c66e4fcefd10b6ceb5b947bbf41e5
Opcode Fuzzy Hash: 86a510f1ce5307459200a3dbcd980f0e2f693590f1fe3af5b08eb6631e5cdcd0
Instruction Fuzzy Hash: 5011C675644204ABDB14EF64DCC6FA77BA8FB85320F10411AFA01AF2C5D674F901CBA5

Function 0051C91C Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

EnumWindows.USER32(0051C8AC), ref: 0051C951
GetWindow.USER32(00000003,00000003), ref: 0051C969
GetWindowLongA.USER32(00000000,000000EC), ref: 0051C976
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213), ref: 0051C9B5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$EnumLongWindows
String ID:
API String ID: 4191631535-0
Opcode ID: b01eaeedbd75122327dd265e311322787d2b611a2ff4fd446c3b95a651b76409
Instruction ID: fa88b65eac2ead467a7deb2c086367a9803a46f66d62101f463fde3ce0a7d8fc
Opcode Fuzzy Hash: b01eaeedbd75122327dd265e311322787d2b611a2ff4fd446c3b95a651b76409
Instruction Fuzzy Hash: E61170316446109FEB10DA2CCCC9F967BD4BB45720F144668F998AF2D6C371AC81CB95

Function 0050BA28 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

SelectObject.GDI32(00000000,00000000), ref: 0050BA4A
GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,?,?,?,0050FE19,?,00000000,?,00000001,00000001), ref: 0050BA5E
SelectObject.GDI32(00000000,00000000), ref: 0050BA6A
DeleteDC.GDI32(00000000), ref: 0050BA70

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ObjectSelect$ColorDeleteTable
String ID:
API String ID: 3862836420-0
Opcode ID: e9edb0fcb7fac79ff1ce8dfe1cedce4c4b678dfd56608804db71e6aed923a92d
Instruction ID: 4845eaeaa98b8c948b3cff1a82d105f14a4c902a7ab083e4718835257cfa9cf5
Opcode Fuzzy Hash: e9edb0fcb7fac79ff1ce8dfe1cedce4c4b678dfd56608804db71e6aed923a92d
Instruction Fuzzy Hash: DF01926160431166F610A7698C8BF6F7AFCAFC0710F00D819F6848B2D2EB788C4483A6

Function 00476780 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON

Download Yara Rule

APIs

@TcmForm@limit_min_size$qqrv.Z39UARTASSIST ref: 004767BA
@TcmForm@update_caption$qqrv.Z39UARTASSIST ref: 004767C1
@TcmForm@setActive$qqro.Z39UARTASSIST ref: 004767D4
@TcmForm@setVisible$qqro.Z39UARTASSIST ref: 004767E7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Form@set$Active$qqroForm@limit_min_size$qqrvForm@update_caption$qqrvVisible$qqro
String ID:
API String ID: 3762416031-0
Opcode ID: 6a9eff0c44b24091fdc30e48a9071f45480bb965cbf72692ad48bd35a456ad2a
Instruction ID: ddefb00a51432d6bcc9cfa5c5783428e842e901f90b607f08e083c36eba52a4d
Opcode Fuzzy Hash: 6a9eff0c44b24091fdc30e48a9071f45480bb965cbf72692ad48bd35a456ad2a
Instruction Fuzzy Hash: 58019271305E008BD324AE38C8886D762D6AB04759F17CC7BE82ECB706C23CDC44975A

Function 004C3F90 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,?,?), ref: 004C3FA7
LoadResource.KERNEL32(00000000,004C3C34,00000000,?,?,004BF0A0,00000000,00000001,00000000,?,004C3F00,?,?,004C0BBE,00000000), ref: 004C3FC1
SizeofResource.KERNEL32(00000000,004C3C34,00000000,004C3C34,00000000,?,?,004BF0A0,00000000,00000001,00000000,?,004C3F00,?,?,004C0BBE), ref: 004C3FDB
LockResource.KERNEL32(004C3754,00000000,00000000,004C3C34,00000000,004C3C34,00000000,?,?,004BF0A0,00000000,00000001,00000000,?,004C3F00,?), ref: 004C3FE5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: cdd4a260ce753f3549bae0ce3defd1324f1235e49adc9a6e2e820eef556a5a90
Instruction ID: df57c29b198d3998a09ab1caf22a26722374b18b77c43e79082963ee76c83ebe
Opcode Fuzzy Hash: cdd4a260ce753f3549bae0ce3defd1324f1235e49adc9a6e2e820eef556a5a90
Instruction Fuzzy Hash: C7F086B76041046F4784EF5D9C41E6BB7ECEE88360310445EF908C7306EA35DE014378

Function 00447C1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0043FBCC: @TcmImageSlider@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(005DFA4C,?), ref: 0043FBE9
Part of subcall function 0043FBCC: @TcmImageSlider@SetAutoSwitch$qqro.Z39UARTASSIST ref: 0043FC51
Part of subcall function 0043FBCC: LoadBitmapA.USER32(00000000,ARROW_DOWN), ref: 0043FCE8

LoadBitmapA.USER32(?,ARROW_DOWN), ref: 00447C77

Part of subcall function 0043B92C: @cmSerialCommDriver32@TcmUart@MapBaudRatesValue$qqri.Z39UARTASSIST ref: 0043BA87

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Strings

tQ, xrefs: 00447CCF
ARROW_DOWN, xrefs: 00447C6A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapImageLoad$AutoBaudCallbackClasses@CommComponentDispatcherDriver32@RatesSerialSlider@Slider@$bctr$qqrp18Switch$qqroUart@UserValue$qqri
String ID: ARROW_DOWN$tQ
API String ID: 991496356-4115951454
Opcode ID: 728b11d45a0597e86cc06ee3f3deb388d3c73c73b09dd816dcb08c1ee80268a6
Instruction ID: 582381350d85c8cedba024164d1d53d2986bd07fcda1ed207c2c93c3a911aaf2
Opcode Fuzzy Hash: 728b11d45a0597e86cc06ee3f3deb388d3c73c73b09dd816dcb08c1ee80268a6
Instruction Fuzzy Hash: FD416C707402059FD700EF28D885B897BA5BF8A714F4481B9FE09AF396CB759C05CB59

Function 0044257C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(-00000030,?), ref: 004425FA
@TcmTrayIcon@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(00000000,00000000,-00000030,?,00FF00FF,00000000,005DFA4C,?), ref: 0044261C

Strings

trayicon_?, xrefs: 00442591

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapClasses@ComponentIcon@$bctr$qqrp18LoadTray
String ID: trayicon_?
API String ID: 923571546-4243369420
Opcode ID: 4a23a6ba49219edeec4a177a9612af3af1ed332c390af59ebd5c8e3c925e672a
Instruction ID: 2e7a3e92229d1bed437facdb2ba5afbb1bb7c8e999b77e9b8a08b99a7c8afb90
Opcode Fuzzy Hash: 4a23a6ba49219edeec4a177a9612af3af1ed332c390af59ebd5c8e3c925e672a
Instruction Fuzzy Hash: 5431C1746012458FC700DF69E8C4A9DBBE9FFA8318F14506AE808D7362C775A908EB55

Function 00484F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 0050AF1C: GetClipBox.GDI32(?), ref: 0050AF34

DrawTextA.USER32(00000000,00000000,00000000,?,00000C00), ref: 00484F5C

Strings

YMH, xrefs: 00484F10
YMH, xrefs: 00484F6D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ClipDrawText
String ID: YMH$YMH
API String ID: 1597010223-2173283484
Opcode ID: eb6d24eb4fd5163e62a686a49001d0190d49072d0e0e37e3d628596d4af32fe7
Instruction ID: b9f2c97ed5ecfc5ce8c0ddaa353f12bc7988f08c9a35cff4d14074c39466a820
Opcode Fuzzy Hash: eb6d24eb4fd5163e62a686a49001d0190d49072d0e0e37e3d628596d4af32fe7
Instruction Fuzzy Hash: 9211A270600506EFCB05EF69CD4199EBBF9EF88310B208165B508E7355DB349E00DB54

Function 0043BF00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51timeCOMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@SetDatagramMaxLength$qqri.Z39UARTASSIST(00000000), ref: 0043BF73
@cmSerialCommDriver32@TcmUart@SetDatagramPartitionTime$qqri.Z39UARTASSIST(00000000), ref: 0043BF84

Strings

haY, xrefs: 0043BF1E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDatagramDriver32@SerialUart@$Length$qqriPartitionTime$qqri
String ID: haY
API String ID: 129507699-3621056572
Opcode ID: 96d4f4787be285f17a6f401a3ebbcbdd2aae0ffd46e0bb4ba1ea2b8f1dad72a7
Instruction ID: 867e17356f263bafc10435d63d7a68c381f8c46d64c9ee668a068561358cf87d
Opcode Fuzzy Hash: 96d4f4787be285f17a6f401a3ebbcbdd2aae0ffd46e0bb4ba1ea2b8f1dad72a7
Instruction Fuzzy Hash: B811CB34A002158BC310DB9ED885B6EB7F4EB88700F10912BED04EB361EB799D09DBD5

Function 004CB4F4 Relevance: 4.6, APIs: 3, Instructions: 132registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,?,00000000,004CB68E), ref: 004CB560
RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020009,?,?,00000000,00000000,00000000,00020019,?,00000000,004CB68E), ref: 004CB5CB
RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00000001,?,00000000,00000000,00000000,00000000,00020009,?,?,00000000,00000000,00000000,00020019), ref: 004CB630

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2b02c59ae5da53de083916c823d179db2d95f9d2ca164074f8a80c1622e527fa
Instruction ID: 3f8cdf56003090c51f31f08ea94123940223dcea1ae11d4df3d195243e87d9f2
Opcode Fuzzy Hash: 2b02c59ae5da53de083916c823d179db2d95f9d2ca164074f8a80c1622e527fa
Instruction Fuzzy Hash: 61419234F04348BFDB11EBA5C842F9EB7B9EF44309F1044AEA850A7391DB799A458789

Function 0047B910 Relevance: 4.6, APIs: 3, Instructions: 84COMMON

Download Yara Rule

APIs

@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST ref: 0047B934
@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST ref: 0047B95A
GetCursorPos.USER32 ref: 0047B976

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AdjustAutoButton@CheckCmcheckbutton@Size$qv$Cursor
String ID:
API String ID: 2643223377-0
Opcode ID: 93de43b2fe823f236db8640b46ce969abfbdcfab6acd79970938cf3f8530a741
Instruction ID: 5f3ba5be723c93affb0f5429ddc8edcc585363f299f27c0479094c143cb7135f
Opcode Fuzzy Hash: 93de43b2fe823f236db8640b46ce969abfbdcfab6acd79970938cf3f8530a741
Instruction Fuzzy Hash: 64312BB12082518FD704DF29C488A9AB7E1FF89314F148669FA59CB366CB34DC45CAC6

Function 004F13F0 Relevance: 4.6, APIs: 3, Instructions: 83windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 004F1476
SendMessageA.USER32(?,00000202,00000000,00000000), ref: 004F14AD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CursorMessageSend
String ID:
API String ID: 892236991-0
Opcode ID: bfa11f4df6fa86122ca27103fc680321c163da11b26de5a1a349ec42031d9b0a
Instruction ID: 70a0ff129efcee8e09c306ec8cbb6fcde9b5a9df8cf1f1e2e2e48050ea424675
Opcode Fuzzy Hash: bfa11f4df6fa86122ca27103fc680321c163da11b26de5a1a349ec42031d9b0a
Instruction Fuzzy Hash: AE21E230700214ABD724AE2CC88977BBBD6AFC5310F14057AFA49DB3E6CA78DC418756

Function 0046C0E4 Relevance: 4.6, APIs: 3, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0046C14B
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0046C163
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0046C169

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 84eda384ea6fd504d39e19ac2e478291bdaf20ceb87f64a61ed369829b144267
Instruction ID: 859214e9a14ddd2efa3abd329f5dcf5872b606b0163d96c0a4914da5b5fd8a39
Opcode Fuzzy Hash: 84eda384ea6fd504d39e19ac2e478291bdaf20ceb87f64a61ed369829b144267
Instruction Fuzzy Hash: 9311A271E40218ABC710DA988CC5FFFB7BCEB8A720F54421AF514A7382D774AD018BA5

Function 0051D738 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0051D74B
TranslateMessage.USER32 ref: 0051D7B5
DispatchMessageA.USER32 ref: 0051D7BB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 7d90905c1a2d051dfd08bfe8d862ff88efeca4cc22973ad0c83326f146be1e49
Instruction ID: b0568a4c9e7ac2c6ba382d677c521f33e32fd2d8a14823be9917f6fef2f5c380
Opcode Fuzzy Hash: 7d90905c1a2d051dfd08bfe8d862ff88efeca4cc22973ad0c83326f146be1e49
Instruction Fuzzy Hash: A001F5243003025AFA31327E18457EAEFB6BFD1B55F144C5AF485972C6C7A55CC28272

Function 0046C438 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 175registryclipboardCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatA.USER32(TaskbarCreated), ref: 0046C5A6

Strings

TaskbarCreated, xrefs: 0046C5A1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ClipboardFormatRegister
String ID: TaskbarCreated
API String ID: 1228543026-2362178303
Opcode ID: 954a425eacbe09dfc7b60560e131f452bf49019c631b930f2c3cf85ce5a54cd9
Instruction ID: f6c81c610d58dfc6f7ac8e69c2d78dbca26062d2c4a7ee21df80526af3b27d43
Opcode Fuzzy Hash: 954a425eacbe09dfc7b60560e131f452bf49019c631b930f2c3cf85ce5a54cd9
Instruction Fuzzy Hash: 1D714B38600555CFCB04DF24D4E8B69BBB2FF8A304F1481A9E5099F366DB35A84ACF42

Function 0046C480 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 145registryclipboardCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatA.USER32(TaskbarCreated), ref: 0046C5A6

Part of subcall function 004CA180: GetClassInfoA.USER32(00400000,004CA170,?), ref: 004CA1A1
Part of subcall function 004CA180: UnregisterClassA.USER32(004CA170,00400000), ref: 004CA1CA
Part of subcall function 004CA180: RegisterClassA.USER32(00599E68), ref: 004CA1D4
Part of subcall function 004CA180: CreateWindowExA.USER32(00000080,004CA170,004CA230,80000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 004CA202
Part of subcall function 004CA180: SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 004CA21F

Strings

TaskbarCreated, xrefs: 0046C5A1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Class$RegisterWindow$ClipboardCreateFormatInfoLongUnregister
String ID: TaskbarCreated
API String ID: 2048240597-2362178303
Opcode ID: 54bd17733557eb8712c31db1fc7069ff4a0781975807480b0e83507790cdc2bb
Instruction ID: 84f3f56a2ff5270e9b6ee1020c113ce87b5d5a9df934494f80ce5b7c08796db6
Opcode Fuzzy Hash: 54bd17733557eb8712c31db1fc7069ff4a0781975807480b0e83507790cdc2bb
Instruction Fuzzy Hash: 85613B38600555CFCB04DF28C4E5B597BB2FF8A304F1481A9E5059F366DB35A84ACF82

Function 004759BC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

tQ, xrefs: 00475A1B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: tQ
API String ID: 0-3345606854
Opcode ID: 8b173cb6873df2493ff52245c657106468957c9202dabf5b1faf1a29d2ccc40e
Instruction ID: 02edaeec40d0893ac9b15700437199e04cfe80840d0b23f7e9eee6dd54ef63c0
Opcode Fuzzy Hash: 8b173cb6873df2493ff52245c657106468957c9202dabf5b1faf1a29d2ccc40e
Instruction Fuzzy Hash: 8551A070600A518BD360EB28C485BDFB7F6BF95300F14862AE89D9B391DB75BD41CB54

Function 0044443C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000411,00000065,00000000), ref: 00444A0D

Strings

\, xrefs: 004449C4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessagePost
String ID: \
API String ID: 410705778-2967466578
Opcode ID: d059550c00ef841420867d6a863729183b87f39f68d897ed5e1fe0eceedc547c
Instruction ID: 04aa92b46e86639205120d2680bf215c8caea31aef22c9d4add0d501e9d44ca4
Opcode Fuzzy Hash: d059550c00ef841420867d6a863729183b87f39f68d897ed5e1fe0eceedc547c
Instruction Fuzzy Hash: D731E031B00985CBEB14DF69D98475AB7A6FBC4304F24C32BE5049B71AD73CAC069B59

Function 0052D9DC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 0052DA17

Strings

)~R, xrefs: 0052D9DC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser
String ID: )~R
API String ID: 2492992576-4228169949
Opcode ID: 3e450580647ac04c52fe3c9217b9489fe8f4b0b89d3e34e1a1c747df32f352d3
Instruction ID: 2b489bd349fd00ef9accd65a6c2d7a08998cef0b38985eff922cf8e7109b24d4
Opcode Fuzzy Hash: 3e450580647ac04c52fe3c9217b9489fe8f4b0b89d3e34e1a1c747df32f352d3
Instruction Fuzzy Hash: CDF0D4362042019FC704DF5CC8C498ABBE5FF89255F0446A8FA89CB356DA32E814CB92

Function 0044806C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

LoadIconA.USER32(?,switch_link0), ref: 004480AE

Strings

switch_link0, xrefs: 004480A0

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: IconLoad
String ID: switch_link0
API String ID: 2457776203-2620733103
Opcode ID: 9fabfde8c29f49198217bef41f79f368541e81712906559d8d1d93c5f926b567
Instruction ID: d6daca5b1994c7c7096470100100eb71257ee7b9a1d449740e8dbe0d2c9e469a
Opcode Fuzzy Hash: 9fabfde8c29f49198217bef41f79f368541e81712906559d8d1d93c5f926b567
Instruction Fuzzy Hash: 36F05470600B01CFC321CBB4FC815793BE5BBA5304F1471259048CB2A2CB35648AB794

Function 004766C8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(?,BKMESSAGEBOX), ref: 004766D8

Strings

BKMESSAGEBOX, xrefs: 004766CB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoad
String ID: BKMESSAGEBOX
API String ID: 3581186644-2271451841
Opcode ID: 9d29039c26265b71c2315543772c2a098a445370492ce1976225e4897b48adac
Instruction ID: 0e750cc71a2cec1f39f9beec53512d1b85125bbabcdfa26060ce5d36e648f0a7
Opcode Fuzzy Hash: 9d29039c26265b71c2315543772c2a098a445370492ce1976225e4897b48adac
Instruction Fuzzy Hash: 5BC012703801008FC200EBA8C8C5A223BE9BBC9700B208071B808CB22ADA30DC82AB10

Function 004CB3D0 Relevance: 3.1, APIs: 2, Instructions: 94registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,?,00000000,004CB4D5), ref: 004CB44A
RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00471527,00000000,004CB4D5), ref: 004CB47E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateOpen
String ID:
API String ID: 436179556-0
Opcode ID: bc8b3193c3fa0f031f6468b7eef3b095f87ab260a8baaaad3b897fae384ce702
Instruction ID: ed9b0d5f0600b5e023fda8016cd145f4821dc70da1dea178dffb74f3b1249e4e
Opcode Fuzzy Hash: bc8b3193c3fa0f031f6468b7eef3b095f87ab260a8baaaad3b897fae384ce702
Instruction Fuzzy Hash: 62318134A046487FDB55DEA5C842F9EB7BCEF44704F5080AEB910E3292DB7C9E058798

Function 00484D68 Relevance: 3.1, APIs: 2, Instructions: 79COMMON

Download Yara Rule

APIs

@Cmlabel@TcmLabel@AutoAdjustSize$qqrv.Z39UARTASSIST ref: 00484E4F
@Cmlabel@TcmLabel@AutoAdjustSize$qqrv.Z39UARTASSIST ref: 00484E79

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AdjustAutoCmlabel@Label@Size$qqrv
String ID:
API String ID: 1010207171-0
Opcode ID: add862347f0576166b18d4a925d4cd949131b0ff872c4c9bfb7f2d358dc443a2
Instruction ID: a00d8a53758b639ac2421685cd8cea20cfd7f3cae203f933393e02752f9c9d93
Opcode Fuzzy Hash: add862347f0576166b18d4a925d4cd949131b0ff872c4c9bfb7f2d358dc443a2
Instruction Fuzzy Hash: A731DA343041058FCB54EF28C4C8A9AB7B5BF89315F5885B9E8098F36ACB34DC49DB95

Function 0046B3D8 Relevance: 3.1, APIs: 2, Instructions: 53COMMON

Download Yara Rule

APIs

@TcmDownloader@IsBusy$qqrv.Z39UARTASSIST ref: 0046B3E4
@TcmDownloader@AsyncDownLoad$qqrpct1iynpqqrp14System@TObjectpcipv$vpv.Z39UARTASSIST(00000000,0046B70C,5653A8C4), ref: 0046B45F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Downloader@$AsyncBusy$qqrvDownLoad$qqrpct1iynpqqrp14Objectpcipv$vpvSystem@
String ID:
API String ID: 3121067868-0
Opcode ID: ba91fdafce6253069a4f729a28ef9d9e88070bbd3752321eac9da1259891d9b7
Instruction ID: 38684f47cfbe66ddff54561b17cd3d61bc97610dac1896c1a254500bc5ae9f43
Opcode Fuzzy Hash: ba91fdafce6253069a4f729a28ef9d9e88070bbd3752321eac9da1259891d9b7
Instruction Fuzzy Hash: A2119A31604600AFD711CB09D454762BBE0FB85365F18406BE908CB3A2EB79ACD5DBD7

Function 00474A0C Relevance: 3.1, APIs: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

timeSetEvent.WINMM(00000000,0000000A,0047306C,00000000,00000000), ref: 00474A71
PostMessageA.USER32(?,00000403,00000000,00000000), ref: 00474A84

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: EventMessagePosttime
String ID:
API String ID: 4144640130-0
Opcode ID: 75307048400326636077f8eff0e2e97466718a5a9af51ef8318607406aec5448
Instruction ID: 6febfc0a9d7a4c53bcd7f4bc487bbe50933007e8a4338aa2c9a690ea9bdae575
Opcode Fuzzy Hash: 75307048400326636077f8eff0e2e97466718a5a9af51ef8318607406aec5448
Instruction Fuzzy Hash: 85015271684304ABE714DF49D981F76769CEB84710F20C16BB909DB392C778DE00465A

Function 0047ADE0 Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@UpdateRegistryOptions$qqr17System@AnsiStringp12TUartOptionso.Z39UARTASSIST ref: 0047AE22
@cmSerialCommDriver32@TcmUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST ref: 0047AE33

Part of subcall function 0047A750: @cmSerialCommDriver32@TcmUart@fGetDataBits$qqrv.Z39UARTASSIST ref: 0047A77F
Part of subcall function 0047A750: @cmSerialCommDriver32@TcmUart@fGetStopBits$qqrv.Z39UARTASSIST ref: 0047A78D
Part of subcall function 0047A750: @cmSerialCommDriver32@TcmUart@fGetParity$qqrv.Z39UARTASSIST ref: 0047A79B
Part of subcall function 0047A750: @cmSerialCommDriver32@TcmUart@fGetFCtrl$qqrv.Z39UARTASSIST ref: 0047A7C1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDriver32@Serial$Uart@f$Bits$qqrvOptionsoUartUart@Update$AnsiCtrl$qqrvDataOptions$qqr17Parity$qqrvRegistrySettings$qqrp12StopStringp12System@
String ID:
API String ID: 3188443067-0
Opcode ID: 5df180073fd6d4427bf5996b105929cd1f2ed3d7ad42175e718887a84fe8da37
Instruction ID: 4480583605873f91df851dea090b1c86e5dc016894a8340995fd881b16c23dbc
Opcode Fuzzy Hash: 5df180073fd6d4427bf5996b105929cd1f2ed3d7ad42175e718887a84fe8da37
Instruction Fuzzy Hash: 8D012870D0024DDBCB00EBA8D0826DDFBB4FF88304F1085AAE81877341E7346A488B95

Function 0046C83C Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIcon.SHELL32(00000000,?), ref: 0046C859

Part of subcall function 0051D80C: SendMessageA.USER32(?,0000B020,00000000,?), ref: 0051D82E

Shell_NotifyIcon.SHELL32(00000002,?), ref: 0046C87E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: IconNotifyShell_$MessageSend
String ID:
API String ID: 578662085-0
Opcode ID: d10957b800cffccf285530679ec7acef548d19f4c935dbc0f76502727f4b5054
Instruction ID: e09f3aff214a40739e23f660294edcca86848d6e055405e108217ae354462ba2
Opcode Fuzzy Hash: d10957b800cffccf285530679ec7acef548d19f4c935dbc0f76502727f4b5054
Instruction Fuzzy Hash: F7F01D71100205AFDB11EF58C8C9BA53B7AAF89300F0440A5FD489F26BD6729C98DB61

Function 00472820 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000160,00000064,00000000), ref: 00472836
PostMessageA.USER32(00000000,00000142,00000000,00000000), ref: 0047284C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 459a85a2902ddd4429fe4c94773aa636d1bf6ba75528e36c1a8b10c99226784c
Instruction ID: 12852a02ffe85734140d837e1cddd9e0074c450b38f6eb0ed5d4dbc7271995c9
Opcode Fuzzy Hash: 459a85a2902ddd4429fe4c94773aa636d1bf6ba75528e36c1a8b10c99226784c
Instruction Fuzzy Hash: 3ED0C9717C171632F62031B82C8BF971D4CAB95B51F100521B205FF1C3C9B8AC4085A8

Function 004CB33C Relevance: 3.0, APIs: 2, Instructions: 18registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(00010000,004CB218,004CB393,004CB218,00000001,004CB2EA,?,?,004714DF), ref: 004CB34D
RegFlushKey.ADVAPI32(00010000,004CB218,004CB393,004CB218,00000001,004CB2EA,?,?,004714DF), ref: 004CB355

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseFlush
String ID:
API String ID: 320916635-0
Opcode ID: 49d70cb6d83c1cfff7d9a8c69bfe451f1c2648b3dfb6e6992a916b077f68a598
Instruction ID: 8084e6c3cbe987c7772a5e738582763dce1d4d6166db3b89b7de2f91b7b7b13a
Opcode Fuzzy Hash: 49d70cb6d83c1cfff7d9a8c69bfe451f1c2648b3dfb6e6992a916b077f68a598
Instruction Fuzzy Hash: 86D017A16102808ADF95AE7688CAB42ABDCBB05305F08C4ABAD08CB166EB38C4449664

Function 004DFCDC Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004DFFE5), ref: 004DFD0B
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004DFFE5), ref: 004DFD32

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 2cb048205fb28d4800b0e8b313862fb39ddb254f61449ce8b6bf4169ce8e8015
Instruction ID: 02a6e3d59e058fb4d81e222d9919e47848d7af9ba92967e5a4cd8fdffe88de91
Opcode Fuzzy Hash: 2cb048205fb28d4800b0e8b313862fb39ddb254f61449ce8b6bf4169ce8e8015
Instruction Fuzzy Hash: BFF02772B017205ADB30966E4C95B5359C5AF89BA0F140073FE4EEF3C9D2654C0A42B5

Function 0046BE78 Relevance: 1.7, APIs: 1, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21ae51d8db84a9166fdc9452ba03b25bd3c3d8d1c5cb8f80a048ca79fe0892f
Instruction ID: 00efc0286c9ae0a5434b860b52ef8c49d69fffec28a1b515b5e1e57a9a33414a
Opcode Fuzzy Hash: e21ae51d8db84a9166fdc9452ba03b25bd3c3d8d1c5cb8f80a048ca79fe0892f
Instruction Fuzzy Hash: 7071897080D3849FCB068BA09C64AA9BFB4EF03314F1941DBD484DB2A3E7795D49DB96

Function 00484C10 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

@Cmlabel@TFontEffect@CalculateTextSize$qqrp16Graphics@TCanvas17System@AnsiStringrit3.Z39UARTASSIST(?,?,00000000,00484D59), ref: 00484C64

Part of subcall function 00484F00: DrawTextA.USER32(00000000,00000000,00000000,?,00000C00), ref: 00484F5C

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Text$AnsiCalculateCallbackCanvas17Cmlabel@DispatcherDrawEffect@FontGraphics@Size$qqrp16Stringrit3System@User
String ID:
API String ID: 1063776006-0
Opcode ID: 4d7e78e37ce703ebbefb177bee4e46190806b169e8d47afb61dbac89e2e16e00
Instruction ID: 7908767a1f4acc35fdab0e43c9f06fbe46461ad25ae7042f0750e5fbdc6a0ac6
Opcode Fuzzy Hash: 4d7e78e37ce703ebbefb177bee4e46190806b169e8d47afb61dbac89e2e16e00
Instruction Fuzzy Hash: 41411234A042059FCB01DF68C884BDA77F5BF89300F5589B5ED09DB34AEA399945CB64

Function 0046C220 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0046C2D2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 2138a9c5edf82c83713d26bca40990f1c774ddbed62a3cc76a5968e5cfebd956
Instruction ID: 79d013c4189c31b2ddfea820e34205dff9b71b3f1009215adb60fb64577fc12f
Opcode Fuzzy Hash: 2138a9c5edf82c83713d26bca40990f1c774ddbed62a3cc76a5968e5cfebd956
Instruction Fuzzy Hash: 0021B571D00204EBC704DF98D8D5BAB77A8EF89311F14806BFD08E7385E6389941CBA9

Function 004CB4F0 Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,?,00000000,004CB68E), ref: 004CB560

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c799e5ebc3e3a7c660fdf9231000d237547befb75a0e9358eea0620a60e3c4dd
Instruction ID: fb245e827602cec67f92619fc2f56a5fe5143ce5aaec0e8d1299eddc4e88f4dc
Opcode Fuzzy Hash: c799e5ebc3e3a7c660fdf9231000d237547befb75a0e9358eea0620a60e3c4dd
Instruction Fuzzy Hash: F421D134E043486FDB11DBA5C852B9EBBB8EB44308F1041BFE810E3792DB799A058789

Function 0046BF98 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 0046BFF2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 0667ca9f8a7abcbba1635571275fc4b37f856fa25ebb2852874fcd551c090c80
Instruction ID: 374bded947bbfec6331de8d07760a7fdb05dd315b9970df361f105e2776089a7
Opcode Fuzzy Hash: 0667ca9f8a7abcbba1635571275fc4b37f856fa25ebb2852874fcd551c090c80
Instruction Fuzzy Hash: ED218E34E00208EFCB44DF99D585AADBBF5FF88304F10819AE805AB311E7759E04DB85

Function 0051E348 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

IsChild.USER32(00000000,?), ref: 0051E3A6

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Child
String ID:
API String ID: 3815930669-0
Opcode ID: be70638aa4a47541c92aad3d9a520733bd34914afc81dcc84b6d80c9d4aca8e6
Instruction ID: 391f26201b2bd2f4cf2597c9a8583fa9010e242f97ab153d63ecefb4fcbfd8c4
Opcode Fuzzy Hash: be70638aa4a47541c92aad3d9a520733bd34914afc81dcc84b6d80c9d4aca8e6
Instruction Fuzzy Hash: 1901B1316042155BFB15AA79988BBDABF9DBBD0310F14086AFC15DB163DA70ACC1C664

Function 00531C0C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00531C1F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Capture
String ID:
API String ID: 1145282425-0
Opcode ID: 4e2225999616b2bcca72b261f6613608bddd1b0a1e874650949ead4720dcbd20
Instruction ID: 968b8c3910adc404271c970faaa0e5b1f7d4c1c358a2e59cceec9cd94fa6b592
Opcode Fuzzy Hash: 4e2225999616b2bcca72b261f6613608bddd1b0a1e874650949ead4720dcbd20
Instruction Fuzzy Hash: 67113931300A018FC750EF7DC8C566ABBE4BB98310F458929E599CB252EB38EC418B96

Function 00514544 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00514593

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 48023f5a6533478af8e195dd68c5ce26afd0626452aef3ccbbb4461c35a124be
Instruction ID: 08118e5ec07fbdbf20f705d6979fd754e38489a5ffd0f663f301f134d1232a35
Opcode Fuzzy Hash: 48023f5a6533478af8e195dd68c5ce26afd0626452aef3ccbbb4461c35a124be
Instruction Fuzzy Hash: 010169B4A05604AFE715CF66EC1295ABFF9F789710B23C477E800D3762E6305900EEA1

Function 004CB8C0 Relevance: 1.5, APIs: 1, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?), ref: 004CB8EB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c5a6459cedb6a396cef1d1857a2a18ec61ea8059fddd49b4f60828099ccf7dfb
Instruction ID: 93986161e496f7db3a23093a5b1b3d7b049c3ffe0a20d804acb112e2b0c83a36
Opcode Fuzzy Hash: c5a6459cedb6a396cef1d1857a2a18ec61ea8059fddd49b4f60828099ccf7dfb
Instruction Fuzzy Hash: 18018F76600108ABDB00DE9ADD81EDFB7ACEB59314F00816BF914DB341DA709E0497A4

Function 0051D4F0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 0051D4A4: GetWindowTextA.USER32(?,?,00000100), ref: 0051D4C7

SetWindowTextA.USER32(?,00000000), ref: 0051D53D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 76218da25f1adc8176fac39ea1a98231a1291a9669b3736d6c5ad85aa96bc49c
Instruction ID: fcf0bfe645433d6f524179e601f04312fffa856bf3df060f35468fea16e90c7f
Opcode Fuzzy Hash: 76218da25f1adc8176fac39ea1a98231a1291a9669b3736d6c5ad85aa96bc49c
Instruction Fuzzy Hash: EA01F7306006449FEB05EE26C981B997BBDFB44708F914075FD048B112DBB8AE40CA75

Function 004CB6A8 Relevance: 1.5, APIs: 1, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,004CB93E,?,?,?,?,?,004CB93E), ref: 004CB6DE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c73d4068ff8d5debea0b43c598c50b15042cb7c9a00c723963d786a3e4b6f777
Instruction ID: efac2d4d10902de8515b535f726d80cbd06d5785bc0328900ee66220fbe19a95
Opcode Fuzzy Hash: c73d4068ff8d5debea0b43c598c50b15042cb7c9a00c723963d786a3e4b6f777
Instruction Fuzzy Hash: C1F0826630D2846FD704EAAE9D81BAA7B9CDBC5310F04407FF548C7142DA24CD088365

Function 004CB6AC Relevance: 1.5, APIs: 1, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,004CB93E,?,?,?,?,?,004CB93E), ref: 004CB6DE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 535fe06cd1ee001bbebfa16ee81a287bbc810880671d7ba07a00d9d9593e6f7d
Instruction ID: ac59717e0e46012e10881098c17178603c8e6d5c21ec726478456762e826a24e
Opcode Fuzzy Hash: 535fe06cd1ee001bbebfa16ee81a287bbc810880671d7ba07a00d9d9593e6f7d
Instruction Fuzzy Hash: 87F0A0723091486BE704EAAE9D41FAB77DCEBC5354F00803EB508C3241CA20CC088364

Function 0047306C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

timeKillEvent.WINMM(?), ref: 004730AA

Part of subcall function 004749DC: SendMessageA.USER32(?,00000402,?,?), ref: 004749E7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: EventKillMessageSendtime
String ID:
API String ID: 4074645534-0
Opcode ID: 21a2e33ebf19b9b85c77b84d5473e034a5b6661dbe00090d55a1a0ad007c23a3
Instruction ID: 9528b6de0cac3a755c29787c818575c14a33e240e116d535b758eede1c0fb041
Opcode Fuzzy Hash: 21a2e33ebf19b9b85c77b84d5473e034a5b6661dbe00090d55a1a0ad007c23a3
Instruction Fuzzy Hash: 65F015753002059F8B14EE79D8C1DA7B7A9BB88310304C45ABE0D8F35BDA35EC10EB68

Function 004E42DC Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 004E42FA

Part of subcall function 004E4518: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,0056B0A8), ref: 004E4534
Part of subcall function 004E4518: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,?,0056B0A8), ref: 004E4552
Part of subcall function 004E4518: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,?,0056B0A8), ref: 004E4570
Part of subcall function 004E4518: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 004E458E
Part of subcall function 004E4518: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,004E461D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 004E45D7
Part of subcall function 004E4518: RegQueryValueExA.ADVAPI32(?,004E4784,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,004E461D,?,80000001), ref: 004E45F5
Part of subcall function 004E4518: RegCloseKey.ADVAPI32(?,004E4624,00000000,?,?,00000000,004E461D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004E4617

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Open$FileModuleNameQueryValue$Close
String ID:
API String ID: 2796650324-0
Opcode ID: 48eab8de734f3a61fa24c0ba5e760a83e3c052988c399fe94a228f4d7c008035
Instruction ID: f4e495c994747636938883c9311383bee2fd3a81ec17c1e5645da377667fc0c0
Opcode Fuzzy Hash: 48eab8de734f3a61fa24c0ba5e760a83e3c052988c399fe94a228f4d7c008035
Instruction Fuzzy Hash: 2AE06D71A002149BCB10DE5888C1A4737D8AB48755F044692FD54DF346D374DD1087D4

Function 004D033C Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CompareStringA.KERNEL32(00000400,00000001,00000000,00000000,00000000,00000000,00000000,?,00509B6A,00000000,00509BF5,?,00000000,00509C1D,?,00000000), ref: 004D0369

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: 68150d349b280c41596f91873128e83922b3e0d45e5f8323743d32af64a6bbae
Instruction ID: 039615f67cc7e07cf0cf1953d58878a980fa93ba4305b9d2e6bc7e6fe0ab1217
Opcode Fuzzy Hash: 68150d349b280c41596f91873128e83922b3e0d45e5f8323743d32af64a6bbae
Instruction Fuzzy Hash: DFD0C9D13146A22BF664B67F0E87F5B049DAB4871EF00002AB318E7243CDDCCE5122AD

Function 0051E3F8 Relevance: 1.5, APIs: 1, Instructions: 23timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0051E43C: KillTimer.USER32(00000000,?,023C2008,0051E615,00000000,0051D6C3,?,?,023C2008,00000001,0051D783,?,?,?,023C2008), ref: 0051E451

SetTimer.USER32(00000000,00000000,?,0051C114), ref: 0051E412

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Timer$Kill
String ID:
API String ID: 3307318486-0
Opcode ID: 266c51d8756bf4bec3e0a91d986bc9b328ea645c69bfcf7a5993807c0cbcbc16
Instruction ID: 730a0e5042662af6732ed10d6e733dbc7afee7f04e32c7bb993932460157ecd8
Opcode Fuzzy Hash: 266c51d8756bf4bec3e0a91d986bc9b328ea645c69bfcf7a5993807c0cbcbc16
Instruction Fuzzy Hash: D5E0C2213C022135F614B67E0C4BBEACE99BFD5760F088016F11CD7283EE880C9193EA

Function 004648C0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,8004667E,?), ref: 004648DB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: cca20b1d861b8ec6a15004c39b30b8a1e3abf4045db7e49d9a4c6f1c87aad1a3
Instruction ID: 56bf7d60a6058c91ef8d1df8c86050583d8458bc7dac89a089b3bade9af9799d
Opcode Fuzzy Hash: cca20b1d861b8ec6a15004c39b30b8a1e3abf4045db7e49d9a4c6f1c87aad1a3
Instruction Fuzzy Hash: 4DD0A77990820CBB4B08DF95E941CAFB7ACDA40250B10801AB80897200F930FF00D758

Function 004D09F4 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00401E40,00000000,?,00000026,00000000,00000000,?,00000005,00000000,00000000,?,0000001A,00000000), ref: 004D09FF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: b3fc7f35c54de28a6c42bee5e0de0532837cf396584cd7762f7939cff47ce3f2
Instruction ID: 300e7a8e460ad1f9e1df5eea0ab91c53d09569378f56198c287ccfd75d8ddda2
Opcode Fuzzy Hash: b3fc7f35c54de28a6c42bee5e0de0532837cf396584cd7762f7939cff47ce3f2
Instruction Fuzzy Hash: F7C08CE17113050A6E20A1BD1CC560A02CC5A66239B201B23F038D33D2DAA988133014

Function 0046CF1C Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIcon.SHELL32(00000001), ref: 0046CF3F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 43e9042e7ae7d10b225046005a07e1390013127c608dcd0a9813de8893623e20
Instruction ID: a60c6274da1c6a107105eb56ec3d3ef85fc91e7666b5c6394bb5b6a9211a76aa
Opcode Fuzzy Hash: 43e9042e7ae7d10b225046005a07e1390013127c608dcd0a9813de8893623e20
Instruction Fuzzy Hash: 54D09EA054438A1EEB45DF6988C97662E886B54318F0450D5A9445E2C7D6AD8CC18B55

Function 0052D298 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: ac40c839fd6227ace89034c9e654f4c897cbbe73ec792a5847ff29f252a2c55f
Instruction ID: bc181a90606ab7d38f46b658b44b4367bab4619e9c75b925b19157faa367132f
Opcode Fuzzy Hash: ac40c839fd6227ace89034c9e654f4c897cbbe73ec792a5847ff29f252a2c55f
Instruction Fuzzy Hash: C8D092722106209FD360CA6CC8C4B86B7ECAB0D251F0444A9F68ACB611CA62BC448B60

Function 0052D308 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: a777a1537cc027af72afd47e27ccd4fe449e55afcb4200b23fba92df9fea3d2f
Instruction ID: f2b3fb9241b74ecc93ec0ecf056d67439511d6f8e134111c01ac77b60141a632
Opcode Fuzzy Hash: a777a1537cc027af72afd47e27ccd4fe449e55afcb4200b23fba92df9fea3d2f
Instruction Fuzzy Hash: CCD09271210A209FD360CA6CC8C4A93B7FCAF49651F1485A9EA8ACB711CA61BC448BA0

Function 004D08B8 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,004BEF34,004D08E1,004C3B28,005DFA4C,004BEF34,00000001), ref: 004D08D5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8ec5e3c88c0237f76707270f008b38c7a321d30340f0c3d04e0e9bf52eaa055e
Instruction ID: 18b62e279e95ea9faba5824783b79fc700ebb6e7038944235ff1f6f93aa16b35
Opcode Fuzzy Hash: 8ec5e3c88c0237f76707270f008b38c7a321d30340f0c3d04e0e9bf52eaa055e
Instruction Fuzzy Hash: 8EC092A03C030132F93025B60DCBF66008C6744F0AFA08425B341FF1C3CCE9A804211C

Function 004D0EBC Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00468B3A), ref: 004D0EC9

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 7ef73a48b71fc824145d6316feebe7116aac745409f4ef500c3c728ab090dd3e
Instruction ID: 1937ba0205162039cb5ecdeb1deecf5892ff2d2008c662ce92e71e9e9c9159e9
Opcode Fuzzy Hash: 7ef73a48b71fc824145d6316feebe7116aac745409f4ef500c3c728ab090dd3e
Instruction Fuzzy Hash: 92B092A27643811AEE1039BA0DC6B2A008CE74560BF100836B611C7142D8AAC8442010

Function 004749F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000403,?,?), ref: 00474A01

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: de24c0fab84fba1321875525caa1454ac7ed940dfc62654d6e970d898e1e4ba0
Instruction ID: f6711d8faedb4d17887247aacd7edbc320ec7ff823056b6537979a4fd09bbe69
Opcode Fuzzy Hash: de24c0fab84fba1321875525caa1454ac7ed940dfc62654d6e970d898e1e4ba0
Instruction Fuzzy Hash: 77C04CB65842086AD604AA94ED56DB67B5CE794700B004005BB055B141E5A1EA5497A5

Function 004E3238 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

SysAllocStringLen.OLEAUT32(00000000,00000001), ref: 004E323F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: b65a8a474d846ffdf593d3aaa71f5be96cb7044efcf1f3b6ce03a3e0a14a7c88
Instruction ID: 289a91bcdc2ad43635eabcf224de73b1a3480b0e97130d85a576be787c4698df
Opcode Fuzzy Hash: b65a8a474d846ffdf593d3aaa71f5be96cb7044efcf1f3b6ce03a3e0a14a7c88
Instruction Fuzzy Hash: 1EB012383482C360F95229230E09737054C2B41783FC400E36E45D62C3D90CD901547F

Function 004DFE70 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 004DFEDD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c440284bb32303a297bb8709e6b9328597e639fae1eec97014ccb617c584de84
Instruction ID: f488168d9e4b8508e2ef481ddee7d755072aa17c9bc22881510bcb0ac78be7a7
Opcode Fuzzy Hash: c440284bb32303a297bb8709e6b9328597e639fae1eec97014ccb617c584de84
Instruction Fuzzy Hash: 60117C72A047419FC320DF29C880A1BBBE5EFC8760F15C97EE5998B766D634AC448689

Function 004CA0C4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0051F7BC,00000000,?,004CA21B,?,00406818,00000001), ref: 004CA0E2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7c6704881ce1b656d6187cb5bd885f90e5525de212e3fc17e5f202c3adb5c2fa
Instruction ID: 6780121c4f5152e8dbbce141aa551534d4ed7682f7bbf945e93171cc2d098306
Opcode Fuzzy Hash: 7c6704881ce1b656d6187cb5bd885f90e5525de212e3fc17e5f202c3adb5c2fa
Instruction Fuzzy Hash: 47114C382403498FC750DF1AC881B42FBE4EB48354F10C53EEA988B785D774E814CBA5

Function 004D6178 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 004D5EA0: GetCurrentThreadId.KERNEL32 ref: 004D5EB3

Part of subcall function 004D6044: SetEvent.KERNEL32(?,004D61CC,00000000,004D620E), ref: 004D6048

Sleep.KERNEL32(00000000,00000000,004D620E), ref: 004D61CE

Part of subcall function 004D6038: SetEvent.KERNEL32(?,004D61DB,00000000,00000000,004D620E), ref: 004D603C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Event$CurrentSleepThread
String ID:
API String ID: 1403007472-0
Opcode ID: d143bd57de39c498c0690c66e391f5a0d4f7aaafc2ca824f1c2af78834f9a0e7
Instruction ID: 7ca1f725ee9be8ca249aa9ef226a346d727ae7d5a4263596db2934edd0fb724c
Opcode Fuzzy Hash: d143bd57de39c498c0690c66e391f5a0d4f7aaafc2ca824f1c2af78834f9a0e7
Instruction Fuzzy Hash: 2D110D71A10608DFDB10EB99C651A4DB7F5EF48314F5241E7E4049B362D738AE019B44

Function 004DFF04 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,?,00004000,?,?,?,?,?,004E016B), ref: 004DFF5E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 3476b3654bb8baf6c68b156fdaa9d099ee49ca21148fa1ac3bcac553f71e084c
Instruction ID: 882f3b2d01845b8ec7a758dfd27ac5b53017a3a3030b93285bba34a7d7b789b1
Opcode Fuzzy Hash: 3476b3654bb8baf6c68b156fdaa9d099ee49ca21148fa1ac3bcac553f71e084c
Instruction Fuzzy Hash: 3B012B76608B005FC320DF28DCD0A2A77E4EB9A364F15057FEAC997701C2376C4987A8

Non-executed Functions

Function 0047E908 Relevance: 47.6, APIs: 24, Strings: 3, Instructions: 307networktimewindowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0047E925
SendMessageA.USER32(00000000,00000400,00000400,?), ref: 0047E95D
socket.WS2_32(00000002), ref: 0047EA74
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000002), ref: 0047EA82
WSAAsyncSelect.WS2_32(00000011,?,0000040B,000000FF), ref: 0047EAD6
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000002), ref: 0047EAE4
@TcmSocket@Bind$qqrp9TInetAddr.Z39UARTASSIST(00000002), ref: 0047EB8B
socket.WS2_32(00000002,00000011,00000011), ref: 0047EC91
@TcmSocket@Bind$qqrp9TInetAddr.Z39UARTASSIST(00000002,00000011,00000011,00000002), ref: 0047ECAE
@TcmSocket@Listen$qqrp9TInetAddr.Z39UARTASSIST(00000002), ref: 0047EBB0

Part of subcall function 0047F808: listen.WS2_32(?,7FFFFFFF), ref: 0047F816
Part of subcall function 0047F808: @TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(?,?,0047ECCB,00000002,00000011,00000011,00000002), ref: 0047F824

@TcmSocket@Connect$qqrv.Z39UARTASSIST(00000002), ref: 0047EBC8
SetTimer.USER32(?,00000003,00001388,00000000), ref: 0047EBED
@TcmSocket@Listen$qqrp9TInetAddr.Z39UARTASSIST(00000002,00000011,00000011,00000002), ref: 0047ECC6
WSAAsyncSelect.WS2_32(?,?,0000040B,000000FF), ref: 0047ECE5
closesocket.WS2_32(?), ref: 0047ECF8
@TcmSocket@DeclareConnect$qqro.Z39UARTASSIST(00000002), ref: 0047ED15
WSAAsyncSelect.WS2_32(00000011,?,0000040B,00000000), ref: 0047ED3A
closesocket.WS2_32(00000011), ref: 0047ED46
SetTimer.USER32(?,00000003,00001388,00000000), ref: 0047ED65

Strings

Invalid peer address!, xrefs: 0047E9AC
socket() failed, xrefs: 0047EA7B
WSAAsyncSelect() failed, xrefs: 0047EADD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$AddrInet$AsyncCheck$qqripcErrorSelect$Bind$qqrp9Listen$qqrp9Timerclosesocketsocket$Connect$qqroConnect$qqrvDeclareMessageSendWindowlisten
String ID: Invalid peer address!$WSAAsyncSelect() failed$socket() failed
API String ID: 612163734-2671000648
Opcode ID: 2c0e2a9486d6be525b501aabffe71be2c100d4ffb1991e6b3fbceef1693884da
Instruction ID: bf5fead1ace917ee001b3fe97b3bb1ada5702934c27965b3a6315d3b2e456d34
Opcode Fuzzy Hash: 2c0e2a9486d6be525b501aabffe71be2c100d4ffb1991e6b3fbceef1693884da
Instruction Fuzzy Hash: 58B1E7702083415ADB20DF25C8C57EA3B55AF45300F18C6FAED4D5F38BD6799889C769

Function 0048FA74 Relevance: 30.6, Strings: 24, Instructions: 557COMMON

Download Yara Rule

Strings

JT808, xrefs: 0048FAD7
JT808, xrefs: 0048FD57
JT808, xrefs: 004900D5
PlateColor, xrefs: 0049004D
JT808, xrefs: 00490060
CityId, xrefs: 0048FF2D
SIMID, xrefs: 0048FB4C
Version, xrefs: 0048FAC7
ProvinceId, xrefs: 0048FE96
JT808, xrefs: 0048FCAF
JT808, xrefs: 0048FC07
JT808, xrefs: 0048FEA6
TTMsgType, xrefs: 00490174
JT808, xrefs: 0048FFD5
TermType, xrefs: 0048FC9C
PlateNo, xrefs: 0048FFC2
ManufactureId, xrefs: 0048FDEC
JT808, xrefs: 00490187
JT808, xrefs: 0048FB5F
Authcode, xrefs: 004900BF
TermId, xrefs: 0048FD44
JT808, xrefs: 0048FF3D
IMEI, xrefs: 0048FBF4
JT808, xrefs: 0048FDFF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: Authcode$CityId$IMEI$JT808$JT808$JT808$JT808$JT808$JT808$JT808$JT808$JT808$JT808$JT808$JT808$ManufactureId$PlateColor$PlateNo$ProvinceId$SIMID$TTMsgType$TermId$TermType$Version
API String ID: 0-1401491031
Opcode ID: c444f3167c8bfd05863e93bfbae709d1e8e55476ac579fa9cfb43408423b0fdf
Instruction ID: b3d6eb1839173bedd10d2ed7291286e7af09c8418fa9b1d296a9a040d6961fb5
Opcode Fuzzy Hash: c444f3167c8bfd05863e93bfbae709d1e8e55476ac579fa9cfb43408423b0fdf
Instruction Fuzzy Hash: C932007460011ACFCB54EF94D495AAEB7B9FF88300F2481A6EC05AB35ADB34D916CF61

Function 0046C9F0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

, xrefs: 0046CCFF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 52c487d9ab9374924c8c790a6d418751881d3fb42649b075133fb565b02b4f71
Instruction ID: d4389a8b78e64162bcaad21468772638cab99e6a05f0da5cd053ada2645081e1
Opcode Fuzzy Hash: 52c487d9ab9374924c8c790a6d418751881d3fb42649b075133fb565b02b4f71
Instruction Fuzzy Hash: 428154702082419BC714DB6CD8C9BA77BE56F84304F18C47EF98D8F296DA749845C767

Function 004E4360 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,0056B0A8), ref: 004E437D
GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 004E438E
lstrcpyn.KERNEL32(?,?,?), ref: 004E43BE
lstrcpyn.KERNEL32(?,?,?,kernel32.dll,00000000,?,0056B0A8), ref: 004E4422
lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,00000000,?,0056B0A8), ref: 004E4457
FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,0056B0A8), ref: 004E446A
FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,0056B0A8), ref: 004E4477
lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,0056B0A8), ref: 004E4483
lstrcpyn.KERNEL32(?,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?), ref: 004E44B7
lstrlen.KERNEL32(?,?,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000), ref: 004E44C3
lstrcpyn.KERNEL32(?,?,?,?,?,?,00000104,?,00000000,?,?,?,?,00000001,?,?), ref: 004E44E5

Strings

\, xrefs: 004E4495
GetLongPathNameA, xrefs: 004E4388
kernel32.dll, xrefs: 004E4378

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameA$\$kernel32.dll
API String ID: 3245196872-1565342463
Opcode ID: 20d86f0ed746d5011afe2c76bae699319f2a5218f31a1508e710c8ef66450660
Instruction ID: a735121f1a6f590843648d53b0ae9f3552887708a7d94e7c0dcbea27a096b4d7
Opcode Fuzzy Hash: 20d86f0ed746d5011afe2c76bae699319f2a5218f31a1508e710c8ef66450660
Instruction Fuzzy Hash: 2B419572E0015AABDB20DEE9CD89BDEB7ECEF84301F1541B2E948E7241D6389F418B54

Function 0048D444 Relevance: 24.2, APIs: 1, Strings: 12, Instructions: 1454windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Part of subcall function 004EFD78: SendMessageA.USER32(00000000,000000CF,?,00000000), ref: 004EFDAB

Part of subcall function 0052D298: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

LoadBitmapA.USER32(?,dlgMax), ref: 0048E6C4

Strings

(0000~FFFF), xrefs: 0048E533
..., xrefs: 0048DE72
ASCII, xrefs: 0048E32B
Current TimeSchedule Time, xrefs: 0048E0E8, 0048E0ED
(00~FF), xrefs: 0048DDB3
`!I, xrefs: 0048E777
km/h, xrefs: 0048DFAB
HEX, xrefs: 0048E34F
NONEBLUEYELLOWBLACKWHITEGREENOTHER, xrefs: 0048D844, 0048D849
dlgMax, xrefs: 0048E6B6
JT/T808-2019JT/T808-2013, xrefs: 0048D801
IMEI, xrefs: 0048D75B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser$BitmapLoadMessageSend
String ID: (0000~FFFF)$(00~FF)$...$ASCII$Current TimeSchedule Time$HEX$IMEI$JT/T808-2019JT/T808-2013$NONEBLUEYELLOWBLACKWHITEGREENOTHER$`!I$dlgMax$km/h
API String ID: 3179879744-216937404
Opcode ID: 23d2eff69bb1f42f75e98df1b90e551f52dfd7a96abe031093c037169daa2b81
Instruction ID: b3d0ce734abc189a71b37af80827ef93e129411220bb065dfbdc4c48d9c2dad9
Opcode Fuzzy Hash: 23d2eff69bb1f42f75e98df1b90e551f52dfd7a96abe031093c037169daa2b81
Instruction Fuzzy Hash: 0AD20A747402059FE724DF18C881F99BBA2BF99704F2085ADE684AB3D2D776AD45CF80

Function 0043D808 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 446COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0043DD14
GetTickCount.KERNEL32 ref: 0043DDA1

Strings

D, xrefs: 0043DC1E
ASCII, xrefs: 0043DBCC
HEX, xrefs: 0043DBC5, 0043DBD1
[%s]# RECV %s/%d <<<, xrefs: 0043DBE3
[%s]# RECV %s/%d <<<, xrefs: 0043DAC6
ASCII, xrefs: 0043DAAF
HEX, xrefs: 0043DAA8, 0043DAB4
RX:, xrefs: 0043D840
yyyy-MM-dd HH:mm:ss.ZZZ, xrefs: 0043DBA1
yyyy-MM-dd HH:mm:ss.ZZZ, xrefs: 0043DA84

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountTick
String ID: [%s]# RECV %s/%d <<<$[%s]# RECV %s/%d <<<$ASCII$ASCII$D$HEX$HEX$RX:$yyyy-MM-dd HH:mm:ss.ZZZ$yyyy-MM-dd HH:mm:ss.ZZZ
API String ID: 536389180-1402463019
Opcode ID: 1dcb085205ecfa8b23a77372fc764a526d66813101164722ec64ffc0e33fe9eb
Instruction ID: 5184fe3037a242ebaed9cd523be17e814b3790354458b497b8cf47057c0fd0ca
Opcode Fuzzy Hash: 1dcb085205ecfa8b23a77372fc764a526d66813101164722ec64ffc0e33fe9eb
Instruction Fuzzy Hash: 0A02E370E001859FDB14EB68E9857AE7BF1FF59300F24912BE405AB3A2CB789D49DB14

Function 00464470 Relevance: 18.2, APIs: 12, Instructions: 186networksynchronizationthreadCOMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00464497
WaitForSingleObject.KERNEL32(?,000000FF), ref: 004644A7
socket.WS2_32(00000002,00000001,00000006), ref: 00464518
htons.WS2_32(?), ref: 0046456C
bind.WSOCK32(00000000,00000000,00000010), ref: 0046458C
listen.WS2_32(00000000,00000040), ref: 0046459D
htons.WS2_32(?), ref: 004645CE
connect.WS2_32(00000000,00000002,00000010), ref: 004645F4
getsockname.WS2_32(00000000,00000000,00000010), ref: 00464628
htons.WS2_32(?), ref: 0046463B
CreateThread.KERNEL32(00000000,00000000,00469940,?,00000000,00000000), ref: 0046465E
closesocket.WS2_32(00000000), ref: 00464669

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: htons$closesocket$CreateObjectSingleThreadWaitbindconnectgetsocknamelistensocket
String ID:
API String ID: 244315594-0
Opcode ID: 7d840ac78ecac260ba2f3430afa983aacff6fc0257cb9caa33ea1f0e24eb714a
Instruction ID: ed0a751c129a726b1347668b900618d9afe41d2c85800f59a27ce4aae19eaab4
Opcode Fuzzy Hash: 7d840ac78ecac260ba2f3430afa983aacff6fc0257cb9caa33ea1f0e24eb714a
Instruction Fuzzy Hash: 93511670900205A6EF209F60C885BBB3B68AFC2714F148197E9155F2D6E7BCC985CB9B

Function 00443188 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228COMMON

Download Yara Rule

APIs

Part of subcall function 00565180: GetLocalTime.KERNEL32(?,00000000), ref: 0056518E

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 004431DE

Part of subcall function 0046B5B8: @TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 0046B5EF

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 004432C3
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST(00000000), ref: 004432E7
@TcmAutoUpgrader@ReadConfigValueAsInteger$qqrpci.Z39UARTASSIST ref: 00443333
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0044336A
@TcmAutoUpgrader@ReadConfigValueAsInteger$qqrpci.Z39UARTASSIST ref: 004433C8
@TcmAutoUpgrader@ReadConfigValueAsInteger$qqrpci.Z39UARTASSIST ref: 004433DF
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 00443421
@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 00443448

Strings

,, xrefs: 0044344D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoConfigReadUpgrader@$Value$qqrpc$Integer$qqrpciValue$LocalTimeValue$qqrpct1pi
String ID: ,
API String ID: 2097396599-3772416878
Opcode ID: fefddcb14f072279fb3e2e54e8b711c98e40409236e06671af27ab03c5e3d5a7
Instruction ID: a8bd84d10a74ae03627bef0e20f0f9e12db3eee11f886cc9f0f8343a70efbbd4
Opcode Fuzzy Hash: fefddcb14f072279fb3e2e54e8b711c98e40409236e06671af27ab03c5e3d5a7
Instruction Fuzzy Hash: 7B912B30A0124ACFCB00DFA9D882AEEB7F5FF58304F14552BE405A7262DB786E49DB55

Function 004AB454 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@SetSyncRequesting$qqro.Z39UARTASSIST(0056B57C), ref: 004AB94A
@cmSerialCommDriver32@TcmUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST(0056B57C), ref: 004AB959

Strings

Error, the file extension used for burning must be hex or bin, xrefs: 004AB8DA
.bin, xrefs: 004AB7E8
wb+, xrefs: 004AB645
.hex, xrefs: 004AB4D5
Invalid STM32 hexadecimal file format!, xrefs: 004AB6F6
.bin, xrefs: 004AB5AF
Fail to create temporary file %s, xrefs: 004AB777

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDriver32@SerialUart@$OptionsoRequesting$qqroSettings$qqrp12SyncUartUpdate
String ID: .bin$.bin$.hex$Error, the file extension used for burning must be hex or bin$Fail to create temporary file %s$Invalid STM32 hexadecimal file format!$wb+
API String ID: 1037223047-4287178556
Opcode ID: 2ffb6128385333761db60113f4275b5234ee424af81f0c193b17b55d4e9fb2fa
Instruction ID: 398c5b3a3fdcdc9c383c448f362336bc53587b1187739a010d6148405f5680ac
Opcode Fuzzy Hash: 2ffb6128385333761db60113f4275b5234ee424af81f0c193b17b55d4e9fb2fa
Instruction Fuzzy Hash: 3DF19371900209DBCB24DF54C489BAFBBB9FF95300F24862BD8055B286DB75DD0ACB94

Function 0047ED7C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 66timenetworkCOMMON

Download Yara Rule

APIs

WSAAsyncSelect.WS2_32(?,?,0000040B,00000000), ref: 0047EDD8
@TcmSocket@CloseClientAll$qqrv.Z39UARTASSIST(?,?,0000040B,00000000), ref: 0047EDE8
@TcmSocket@ClearMultiListenPorts$qqrv.Z39UARTASSIST(?,?,0000040B,00000000), ref: 0047EDEF
KillTimer.USER32(?,00000004,?,?,0000040B,00000000), ref: 0047EE18
closesocket.WS2_32(?), ref: 0047EE48
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(?,?,?,0000040B,00000000), ref: 0047EE56
@TcmSocket@DeclareConnect$qqro.Z39UARTASSIST(?,?,?,0000040B,00000000), ref: 0047EE8A

Strings

closesocket() failed, xrefs: 0047EE4F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$All$qqrvAsyncCheck$qqripcClearClientCloseConnect$qqroDeclareErrorKillListenMultiPorts$qqrvSelectTimerclosesocket
String ID: closesocket() failed
API String ID: 1662043253-2817232341
Opcode ID: df87d1ca9904c4ded603ac35ddf25a68bc26585f2ca84c78ace5590605a322b8
Instruction ID: 1896f3e6777fccf28f7daf19465ec79c7722fb58e32713e8af0b2adfda89d82f
Opcode Fuzzy Hash: df87d1ca9904c4ded603ac35ddf25a68bc26585f2ca84c78ace5590605a322b8
Instruction Fuzzy Hash: B121446060828046EF65EE39C4C87DA3A516F45314F1CCAFAED4D5F2DBCB784889C365

Function 0049C298 Relevance: 15.7, Strings: 12, Instructions: 667COMMON

Download Yara Rule

Strings

..., xrefs: 0049C7DE
..., xrefs: 0049C85A
h, xrefs: 0049CAFD
..., xrefs: 0049C753
v, xrefs: 0049C333
MagicBlue, xrefs: 0049C9D2
MagicGreen, xrefs: 0049CA0C
MagicBlack, xrefs: 0049CAF8
n, xrefs: 0049C325
MagicWhite, xrefs: 0049C998
MagicBlack, xrefs: 0049C952
@N, xrefs: 0049C4FF, 0049C5B2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser
String ID: ...$...$...$@N$MagicBlack$MagicBlack$MagicBlue$MagicGreen$MagicWhite$h$n$v
API String ID: 2492992576-649289671
Opcode ID: 96619fae1dff96334e360d59fb353b68c7e1d1bb74343b3333111ee433c80989
Instruction ID: 6973011792fd1bbf20d65ae3e84fc5d97fab9c5bf4db5caa77f1817bfb3d2fd6
Opcode Fuzzy Hash: 96619fae1dff96334e360d59fb353b68c7e1d1bb74343b3333111ee433c80989
Instruction Fuzzy Hash: 916229746002048FD714DF58C885B99B7F2FF89304F2085B9E689AB396CB76AD46CF94

Function 0045A6D0 Relevance: 14.8, APIs: 4, Strings: 4, Instructions: 789COMMON

Download Yara Rule

APIs

@TcmButton@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0045ACA2

Part of subcall function 00477224: @TcmButton@Initialize$qqro.Z39UARTASSIST(?,?,?,?,?,?), ref: 00477264

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Part of subcall function 0052D298: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

@TcmButton@SetCheckStyle$qqr31Cmcheckbutton@TCheckButtonStyle.Z39UARTASSIST ref: 0045AD04
@TcmButton@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0045AD2A
@TcmButton@SetCheckStyle$qqr31Cmcheckbutton@TCheckButtonStyle.Z39UARTASSIST ref: 0045AD8C

Strings

51020305070100, xrefs: 0045AA25
+B, xrefs: 0045AB36
5102050100, xrefs: 0045AA6E
51020305070100, xrefs: 0045A9D5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Check$Button@$ButtonButton@$bctr$qqrp18CallbackClasses@Cmcheckbutton@ComponentDispatcherStyleStyle$qqr31User$Initialize$qqro
String ID: 51020305070100$51020305070100$5102050100$+B
API String ID: 2182980371-1483634922
Opcode ID: 180a50b576a4561859a1ade59edf8fd6211bb85e0e252fe908321bef2183099f
Instruction ID: 8ed9f7db4ae9b89a9844b707c4c00cdbeb4759dd17f4ba0a26898370673e0a3b
Opcode Fuzzy Hash: 180a50b576a4561859a1ade59edf8fd6211bb85e0e252fe908321bef2183099f
Instruction Fuzzy Hash: 68820974B006159FDB14DF18C895B99BBF2BF89304F1081AAE5089F3A6CB71AD46CF85

Function 0047F400 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 0047F431
bind.WSOCK32(00000000,?,0000001C,?,?,?,?,00000011,00000011), ref: 0047F458
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000000,?,0000001C,?,?,?,?,00000011,00000011), ref: 0047F466

Part of subcall function 00480C48: WSAGetLastError.WS2_32(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C57
Part of subcall function 00480C48: @TcmSocket@ShowError$qqrpci.Z39UARTASSIST(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C93

htons.WS2_32(?), ref: 0047F49E
bind.WSOCK32(?,?,00000010,?,?,00000011,00000011), ref: 0047F4B0
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(?,?,00000010,?,?,00000011,00000011), ref: 0047F4BE

Strings

bind() failed, xrefs: 0047F45F
bind() failed, xrefs: 0047F4B7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorSocket@$Check$qqripcbindhtons$Error$qqrpciLastShow
String ID: bind() failed$bind() failed
API String ID: 1914354090-3780940380
Opcode ID: c8089c4943388d1b23b30a3e45689e0372321d47098d6e1a8d315a1a35a5cdd5
Instruction ID: bd045c4aa398ab43c2ce63866c228c4df7c16ccba3b9e4cc6dbb8a88ca0c3eab
Opcode Fuzzy Hash: c8089c4943388d1b23b30a3e45689e0372321d47098d6e1a8d315a1a35a5cdd5
Instruction Fuzzy Hash: 1711E67530020192D710AF648882BE637A8BF94700F08883DFE8D9F257EAB998499365

Function 00534500 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0053450F
GetWindowPlacement.USER32(?,0000002C,?,?,?,?,?,00477511), ref: 0053452C
GetWindowRect.USER32(?), ref: 00534545
GetWindowLongA.USER32(?,000000F0), ref: 00534553
GetWindowLongA.USER32(?,000000F8), ref: 00534568
ScreenToClient.USER32(00000000), ref: 00534575
ScreenToClient.USER32(00000000,000000F0), ref: 00534580

Strings

,, xrefs: 00534518

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$ClientLongScreen$IconicPlacementRect
String ID: ,
API String ID: 2266315723-3772416878
Opcode ID: 062bce4ddb8af3d09a20aba3dcc532953ad879acc416933e8004630ded2ae37b
Instruction ID: 3f8da2bd30992103eaa039e9479cbbf3188967a7a8872120db9bb57ba4b57912
Opcode Fuzzy Hash: 062bce4ddb8af3d09a20aba3dcc532953ad879acc416933e8004630ded2ae37b
Instruction Fuzzy Hash: 52111F71504211AFCB51DF6CC889A9B7BE8BF89310F144668FD58DB245DB35EE048B62

Function 0047C68C Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 316COMMON

Download Yara Rule

Strings

udp, xrefs: 0047C7C1
tcp, xrefs: 0047C7E8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: tcp$udp
API String ID: 0-3725065008
Opcode ID: 775646c3f9856c43acf1ed93f5ea8f067d7ae8e206cb9104e937b4374192b175
Instruction ID: 03e9240f697531876dd95d581780cea518d08815bffc70451724f51c0f1f798d
Opcode Fuzzy Hash: 775646c3f9856c43acf1ed93f5ea8f067d7ae8e206cb9104e937b4374192b175
Instruction Fuzzy Hash: 52C16C71E0020A9BDB18DFA4D4C4BEFB7B5AF44311F14D12EE909A7390D7B88981CB99

Function 0045E018 Relevance: 11.9, Strings: 9, Instructions: 632COMMON

Download Yara Rule

Strings

The channel name already exists, xrefs: 0045E1FF
Invalid field offset address, xrefs: 0045E578
Frame header matching data is empty, to match any content,you can enter an asterisk *, xrefs: 0045E2D8
Invalid header matching data format, xrefs: 0045E3FB
big-endian, xrefs: 0045E8B6
little-endian, xrefs: 0045E8CD
Channel name contains illegal characters, xrefs: 0045E14E
Channel name cannot be empty, xrefs: 0045E0C0
t, xrefs: 0045E478

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: Channel name cannot be empty$Channel name contains illegal characters$Frame header matching data is empty, to match any content,you can enter an asterisk *$Invalid field offset address$Invalid header matching data format$The channel name already exists$big-endian$little-endian$t
API String ID: 0-1300215034
Opcode ID: a87504d7022f85e64acfda91a3c5f4de7c0bf425432488d2f34ff73aacf996e1
Instruction ID: 2c07af6fbcad477540d9c92f0cab32619bdd4bac5ea31a5d06a9b30fed8c65a8
Opcode Fuzzy Hash: a87504d7022f85e64acfda91a3c5f4de7c0bf425432488d2f34ff73aacf996e1
Instruction Fuzzy Hash: 18528E30900249CBDB14DFA4C485BEEBBB5FF44304F2481AAD809AB396DB749E4ACF55

Function 00402304 Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 725COMMON

Download Yara Rule

APIs

GetWindowTextA.USER32(00000000,?,0000FFE3), ref: 00402AC8

Strings

.tmp, xrefs: 004025D4
Please switch to the serial communication panel first!, xrefs: 00402376
Invalid hexadecimal format file, xrefs: 00402740
Invalid ASCII text file, xrefs: 00402991
t, xrefs: 0040279E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: TextWindow
String ID: .tmp$Invalid ASCII text file$Invalid hexadecimal format file$Please switch to the serial communication panel first!$t
API String ID: 530164218-2917146632
Opcode ID: 7816be6852024ff512a2dfa05b263b5d1577024b0cf52d4f10f3dca483d25e21
Instruction ID: ef8ad35c72bbbe8c532899e0bbfe3c1c91efa69660ac34f368ced9f6230292ab
Opcode Fuzzy Hash: 7816be6852024ff512a2dfa05b263b5d1577024b0cf52d4f10f3dca483d25e21
Instruction Fuzzy Hash: 0A52A274A00205CFDB14DF94C989A5EBBB2FF58304F24816AE806AB3D6D7B8DD49CB54

Function 0048861C Relevance: 10.7, APIs: 7, Instructions: 248COMMON

Download Yara Rule

APIs

@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 00488664
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 0048869E
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 004886D8
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 00488769
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 004887FE
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 00488854
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 004888AB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cmbitmap@$Int$qqriiiTrim$Byte$qqri
String ID:
API String ID: 3790246660-0
Opcode ID: c5c65524e0e30cb3aff15e90174240e043a9950b6f8de5d3d32f8b6d1a52a3d1
Instruction ID: 7dadacf52a06f794e14c608e5786ee59fef381635347605e3429478976909483
Opcode Fuzzy Hash: c5c65524e0e30cb3aff15e90174240e043a9950b6f8de5d3d32f8b6d1a52a3d1
Instruction Fuzzy Hash: AAA131256086828BC709DF2EC8D156BBBE3AFD9208B0DD5A9D8C8CF32BE631D415C755

Function 00412750 Relevance: 10.6, APIs: 7, Instructions: 144synchronizationsleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00411D5C: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00411D75
Part of subcall function 00411D5C: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00411D87

Part of subcall function 00412954: CreateMutexA.KERNEL32(00000000,00000000,00000000,00402BBA), ref: 00412963

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0041278B
Sleep.KERNEL32(?,000000FF), ref: 0041284A
GetTickCount.KERNEL32 ref: 00412851
Sleep.KERNEL32(00000032,000000FF), ref: 0041286D
GetTickCount.KERNEL32 ref: 0041287F
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,000000FF), ref: 00412799

Part of subcall function 00411D94: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00411DA5
Part of subcall function 00411D94: ReleaseMutex.KERNEL32(00000000,00000000,000000FF), ref: 00411DC1

ReleaseMutex.KERNEL32(00000000,00000000,000000FF,00000000,000000FF), ref: 00412941

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Mutex$CreateObjectSingleWait$CountReleaseSleepTick$Event
String ID:
API String ID: 1892305255-0
Opcode ID: 92e4857bc4e1330b1d4c39f69a9c524561b7e7de45ed0a08983e0f64faed55e5
Instruction ID: e16a0ac95f6cebe6ccc07d66bf837c7ae0074f26d8fbd212df18108b4d587b6e
Opcode Fuzzy Hash: 92e4857bc4e1330b1d4c39f69a9c524561b7e7de45ed0a08983e0f64faed55e5
Instruction Fuzzy Hash: CD51E5B4E0120587CB14EFACD9856EE3BA9BF58304F14821BE811E7395D7B8CC85D769

Function 0051D368 Relevance: 9.1, APIs: 6, Instructions: 86windownativeCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0051D370
SetActiveWindow.USER32(?,?,?,?,0046CE9F,?), ref: 0051D381
IsWindowEnabled.USER32(00000000), ref: 0051D3A4
NtdllDefWindowProc_A.NTDLL(?,00000112,0000F120,00000000,00000000), ref: 0051D3BD
SetWindowPos.USER32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0051D403
SetFocus.USER32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0051D448

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$ActiveEnabledFocusIconicNtdllProc_
String ID:
API String ID: 3996302123-0
Opcode ID: 5c565a6b22823b98bb7a86f7ba77e4e4bf5f990474ee17303ff88a50a86633dd
Instruction ID: 33dcdd0def79de9b2dd915b893a14fad394646566ca208226f9869c97148470f
Opcode Fuzzy Hash: 5c565a6b22823b98bb7a86f7ba77e4e4bf5f990474ee17303ff88a50a86633dd
Instruction Fuzzy Hash: CA312F707402419BFF14AB68DCC9BA93FA8BB55700F080465B940DF296DBB5FCC48B65

Function 00446D9C Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 169windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00446DD6

Strings

UartAssist, xrefs: 00446F28
,, xrefs: 00447020
SOFTWARE\Cmsoft\, xrefs: 00446F39
OPTS, xrefs: 00446FAA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Iconic
String ID: ,$OPTS$SOFTWARE\Cmsoft\$UartAssist
API String ID: 110040809-1893013162
Opcode ID: 257a7c25a7b90e47d04de9b72e42e34a13d520908235847f66a5104082798734
Instruction ID: 5945062cff536aabf4f42445ebbfe31b23d1c31edbad03ef222f8336239235c6
Opcode Fuzzy Hash: 257a7c25a7b90e47d04de9b72e42e34a13d520908235847f66a5104082798734
Instruction Fuzzy Hash: 1A71F634900245CFDB20DFA4E845AAE77B1FF59304F14807BD8099B762D7749C49EB5A

Function 0046E1DC Relevance: 8.3, APIs: 5, Instructions: 761windowCOMMON

Download Yara Rule

APIs

@TContextPopupMenu@ShowMemoText$qqr17System@AnsiStringt1.Z39UARTASSIST ref: 0046E375

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AnsiContextMemoMenu@PopupShowStringt1System@Text$qqr17
String ID:
API String ID: 1308895322-0
Opcode ID: e8df8e75237979f095a67e754f635030df749d6ee4a4c237d6086c21de7bf247
Instruction ID: 0e4eb99ec45da48bc41f756435db6ed4861746198caef0083f90e1c8659fbad5
Opcode Fuzzy Hash: e8df8e75237979f095a67e754f635030df749d6ee4a4c237d6086c21de7bf247
Instruction Fuzzy Hash: 2B72407490020ACBDF54DF90C485BEEB7B9FF44304F1085AAD8156B246EB78EA4ACF55

Function 00495668 Relevance: 8.1, Strings: 6, Instructions: 572COMMON

Download Yara Rule

Strings

Modbus-ASCII, xrefs: 00495714
Modbus-RTU, xrefs: 004956CC
, xrefs: 00495A1A
Off, xrefs: 00495B05
Modbus-TCP, xrefs: 00495759
@N, xrefs: 00495B50

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser$MessageSendhtons
String ID: $@N$Modbus-ASCII$Modbus-RTU$Modbus-TCP$Off
API String ID: 3398713544-3090986406
Opcode ID: 4ced59b7218e9c81481a1714ab2e5165f69512667e2edf050e26560f831460d5
Instruction ID: 5441cb6a437e9b62dd03c29e81f7c419b1d58c85d99ab40c770c2ad5b57b564a
Opcode Fuzzy Hash: 4ced59b7218e9c81481a1714ab2e5165f69512667e2edf050e26560f831460d5
Instruction Fuzzy Hash: 61425F70B002149FDB14DF18C886B9DBBB6BF89304F1481AAE908AF396DBB59D45CF45

Function 00456CB0 Relevance: 7.8, Strings: 6, Instructions: 283COMMON

Download Yara Rule

Strings

Prompt, xrefs: 00456D83
, xrefs: 00456FBE
Prompt, xrefs: 00456DF0
Please select data to be send, xrefs: 00456D98
Datalist is empty, xrefs: 00456DF5
Cycle Count: , xrefs: 00456E7F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: $Cycle Count: $Datalist is empty$Please select data to be send$Prompt$Prompt
API String ID: 0-2444284029
Opcode ID: 4529477966450953928190bd45007be9090769ebc4887c793bef8149da0b3fb8
Instruction ID: 71efde2a9e1547143dece3ae1cb8073a1f6d862757f3b44333be924cf18be617
Opcode Fuzzy Hash: 4529477966450953928190bd45007be9090769ebc4887c793bef8149da0b3fb8
Instruction Fuzzy Hash: 04B1C030A002058BCB14DF68D4856AEBBF1FF84305F55847AEC09AB357DB389C4ACB59

Function 0051D2B8 Relevance: 7.6, APIs: 5, Instructions: 59nativewindowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0051D2C0
SetActiveWindow.USER32(?,?,?,?,0046CE47,?), ref: 0051D2D8
IsWindowEnabled.USER32(00000000), ref: 0051D2FB
SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000040,00000000), ref: 0051D324
NtdllDefWindowProc_A.NTDLL(?,00000112,0000F020,00000000,?,00000000,?,?,?,00000000,00000040,00000000), ref: 0051D339

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$ActiveEnabledIconicNtdllProc_
String ID:
API String ID: 1720852555-0
Opcode ID: 9de5838a94d9f8a7ca937964f9c242d286fd1f905bbb487cd58d292915eeca42
Instruction ID: 125cde5a89a468683b0b76ddfcddbd7c8bc65ae1ed51847f8a77e7455d8cb364
Opcode Fuzzy Hash: 9de5838a94d9f8a7ca937964f9c242d286fd1f905bbb487cd58d292915eeca42
Instruction Fuzzy Hash: A211D0716402519BEB54EE68C9CAF9A7FE8BF45300F081464BA54DF287D775EC80CB25

Function 0040A298 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,00000000,00000000,?,0040A6A0), ref: 0040A2D6
DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 0040A31B

Strings

\\.\PhysicalDrive0, xrefs: 0040A2A4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ControlCreateDeviceFile
String ID: \\.\PhysicalDrive0
API String ID: 107608037-1180397377
Opcode ID: 69ac49dac767b9c5a5a0ec58301470cbab955455701011aaacee87f587d5ad2b
Instruction ID: 15ef556b957aa5473e12ed00af2f0bf789a12c7d377a9cc37aaee228e9b3ea0c
Opcode Fuzzy Hash: 69ac49dac767b9c5a5a0ec58301470cbab955455701011aaacee87f587d5ad2b
Instruction Fuzzy Hash: 01315F7175430126D320D9209C42FEBB7DD9FC4700F04453DBE85AB2C2D9B59A1E83A7

Function 00492CCC Relevance: 6.4, APIs: 4, Instructions: 407networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(00000000), ref: 00492E6F
htons.WS2_32(00000000), ref: 00492EC1
htons.WS2_32(00000000), ref: 004930E2
htons.WS2_32(00000000), ref: 00493134

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: htons
String ID:
API String ID: 4207154920-0
Opcode ID: 49489e880ae86dd8efae790329c3336ef38697b48286950a9ed3ade29428f016
Instruction ID: c3d1cce189e501a2f00bf73de1f806662b138381fb54eb729d8ae887f25245e7
Opcode Fuzzy Hash: 49489e880ae86dd8efae790329c3336ef38697b48286950a9ed3ade29428f016
Instruction Fuzzy Hash: F5F1647090020AEBDF08DF94C959BEEBBB4FF44300F14853AE81567791DB74AA49CB95

Function 0048846C Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 004884A4
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 004884C3
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 004884FB
@Cmbitmap@CMTrimInt$qqriii.Z39UARTASSIST ref: 0048853E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cmbitmap@Int$qqriiiTrim
String ID:
API String ID: 2933748594-0
Opcode ID: 4730715f0a96d2ca8b946595bf9d44dbf7568e011c7f2db0bfaed050c550c05a
Instruction ID: e5e22c69048473cb83a9671dff21d4ca1f32a0a64a12df74a4051b46ee4c2493
Opcode Fuzzy Hash: 4730715f0a96d2ca8b946595bf9d44dbf7568e011c7f2db0bfaed050c550c05a
Instruction Fuzzy Hash: 62514C35608A828BC315DF2DC89066BFBE2BF99304B09D86DD4DDC7712EA31E415CB45

Function 00554DA4 Relevance: 6.1, APIs: 4, Instructions: 56memoryclipboardCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00002002,?,00000000,00554E76,?,?,?,00000000), ref: 00554DD3
GlobalLock.KERNEL32(?), ref: 00554DED
SetClipboardData.USER32(?,?), ref: 00554E1B
GlobalUnlock.KERNEL32(?), ref: 00554E31

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Global$AllocClipboardDataLockUnlock
String ID:
API String ID: 3735636508-0
Opcode ID: 58d2331c7dfd9bee42cdc5ee273676032b26481c64c6ff3dc7bce05f1480ccb8
Instruction ID: e077dac6f4af5bdc337164b432d966c29f4d75d3b29949b117540ed1fbe3b7f5
Opcode Fuzzy Hash: 58d2331c7dfd9bee42cdc5ee273676032b26481c64c6ff3dc7bce05f1480ccb8
Instruction Fuzzy Hash: 0411A575A00604BFD711DF6ACD66C5BBFAEFBC9B14B104469B80493650CA359D90CA51

Function 00457338 Relevance: 5.6, Strings: 4, Instructions: 574COMMON

Download Yara Rule

Strings

#, xrefs: 004575B7
ASCII, xrefs: 00457374
HEX, xrefs: 00457390
HEXDEC, xrefs: 00457883

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser$MessageSend
String ID: #$ASCII$HEX$HEXDEC
API String ID: 2442846254-1953782257
Opcode ID: aa43e3722e09cfc1c17709604cc891ddbf2b00afdbef7fc8c6ffc88fa02966b9
Instruction ID: f2b3d71b8512eac2c652169db6fdb1e552763dd46598f2a12d8624944fcfd481
Opcode Fuzzy Hash: aa43e3722e09cfc1c17709604cc891ddbf2b00afdbef7fc8c6ffc88fa02966b9
Instruction Fuzzy Hash: DB422A74A002449FEB14DF24C885B99BBB6BF49304F1481AAE908AF3D7CBB59D45CF94

Function 0044F34C Relevance: 5.5, Strings: 4, Instructions: 546COMMON

Download Yara Rule

Strings

HEX, xrefs: 0044F706
TRUE, xrefs: 0044F664
HEX, xrefs: 0044F797
Prompt, xrefs: 0044F466

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: HEX$HEX$Prompt$TRUE
API String ID: 0-3347619030
Opcode ID: 63e13ca7ed4dec2e8853ca98f83ff1b0cde5574b6e99b2d00a43e9deaeda70bf
Instruction ID: 7146c0f7bd7e2691f524ca70e391fa004b105c8c4ae3158b2a0b22b4f890b9ee
Opcode Fuzzy Hash: 63e13ca7ed4dec2e8853ca98f83ff1b0cde5574b6e99b2d00a43e9deaeda70bf
Instruction Fuzzy Hash: 35326F70A0020ADBDB14DFA4D489BEEB7B5FF44304F24827AD405A7252DB74AE4ACF95

Function 0046D830 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151windowCOMMON

Download Yara Rule

APIs

@TContextPopupMenu@FindMenuById$qqrs.Z39UARTASSIST ref: 0046D9E3
@TContextPopupMenu@SetCharset$qqri.Z39UARTASSIST ref: 0046DA10

Strings

@, xrefs: 0046D9C6

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ContextMenu@Popup$Charset$qqriFindId$qqrsMenu
String ID: @
API String ID: 3951286785-2766056989
Opcode ID: 4aeed40276175926b90c87fa3a8bbf462a38ca1edcc6f52d5b30b45b0b45d6c2
Instruction ID: c99870707960a2aacdb84fa513f6e9cccc463f925b9a93159b7c3b41cbb241c6
Opcode Fuzzy Hash: 4aeed40276175926b90c87fa3a8bbf462a38ca1edcc6f52d5b30b45b0b45d6c2
Instruction Fuzzy Hash: 57512D70E04208DBCB14DFA9C5856AEBBF2BF88304F2481AED459AB352DB355E06DB45

Function 0050B290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,0050B32C,?,00000000,?,0050B344,?,0050E5FB,00000000,00000000,?,?,?,0050F030,?,?), ref: 0050B2B0
FormatMessageA.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,0050B32C,?,00000000,?,0050B344,?,0050E5FB,00000000), ref: 0050B2D6

Strings

lK, xrefs: 0050B2FD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorFormatLastMessage
String ID: lK
API String ID: 3479602957-1788595711
Opcode ID: e001611b397e1f8a44ccdab7baf9b8c2ed045e1f51d07d905af38ec7bd9220bf
Instruction ID: ed14b6c4ac9f409fc1388a2a50febf78a04030c6450c8ee940f451bd40e1bc50
Opcode Fuzzy Hash: e001611b397e1f8a44ccdab7baf9b8c2ed045e1f51d07d905af38ec7bd9220bf
Instruction Fuzzy Hash: 0901D4706002495BFB25AF218DD2BDD77ACFB98704F9008B5B644961C1DBF4AD808A18

Function 0047F808 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

listen.WS2_32(?,7FFFFFFF), ref: 0047F816
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(?,?,0047ECCB,00000002,00000011,00000011,00000002), ref: 0047F824

Part of subcall function 00480C48: WSAGetLastError.WS2_32(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C57
Part of subcall function 00480C48: @TcmSocket@ShowError$qqrpci.Z39UARTASSIST(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C93

Strings

listen() failed, xrefs: 0047F81D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorSocket@$Check$qqripcError$qqrpciLastShowlisten
String ID: listen() failed
API String ID: 1328310858-61364607
Opcode ID: 0294f4f74bfcadf30ad7e070a47b2f180ac375b34d667e84a4721592f9baa510
Instruction ID: 190c78cd7439b0ed126aedaabd41d00878faccc8d7cd060236dfcb0e663b2d0a
Opcode Fuzzy Hash: 0294f4f74bfcadf30ad7e070a47b2f180ac375b34d667e84a4721592f9baa510
Instruction Fuzzy Hash: 70D02222312400074304B8BC0CC191902CEFF882303204B36B975CB2A1DC28CC020310

Function 00490CCC Relevance: 5.0, Strings: 3, Instructions: 1200COMMON

Download Yara Rule

Strings

[v, xrefs: 00491720
nv, xrefs: 0049170D
Hv, xrefs: 00491733

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: Hv$[v$nv
API String ID: 0-1283658982
Opcode ID: e1490febc2ab9871e2bbbac3b7e7a561fb88e3ef1ccb1c0853023ce692a8d9ec
Instruction ID: 6ed88ccdc9dd01f03435496414eb3e296275f10562e4946063f31d59c03d0ec3
Opcode Fuzzy Hash: e1490febc2ab9871e2bbbac3b7e7a561fb88e3ef1ccb1c0853023ce692a8d9ec
Instruction Fuzzy Hash: 1EC2E77450021ACFCB54DF20C895AEAB7B5FF89304F1086E6E8095B35AEB34EA56CF51

Function 00487744 Relevance: 4.7, APIs: 3, Instructions: 230windowCOMMON

Download Yara Rule

APIs

@Cmbitmap@TcmBitmap@$bctr$qqrv.Z39UARTASSIST ref: 00487763
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST ref: 00487770
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000), ref: 0048777A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Rect$Cmbitmap@$Types@$Bitmap@$bctr$qqrvHeight$qqrrx11Width$qqrrx11
String ID:
API String ID: 1273829324-0
Opcode ID: a6933ebe6fc286cba5637e0799769c4ca6a212e23685fc57ed65ea8c53dc1fd0
Instruction ID: 16d0005debcc13634c5c0991a3644a4bf439951aab7ea169477b906a54cc3e2d
Opcode Fuzzy Hash: a6933ebe6fc286cba5637e0799769c4ca6a212e23685fc57ed65ea8c53dc1fd0
Instruction Fuzzy Hash: E091243060D3418FC344EF29C98194ABBE1FF98314F159A6EF4888B362D734E945CB96

Function 00481014 Relevance: 4.6, APIs: 3, Instructions: 138COMMON

Download Yara Rule

APIs

@TcmSocket@ClearMultiListenPorts$qqrv.Z39UARTASSIST ref: 0048102C
@TcmSocket@AddMultiListenPort$qqri.Z39UARTASSIST ref: 004810AE
@TcmSocket@AddMultiListenPort$qqri.Z39UARTASSIST ref: 00481153

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ListenMultiSocket@$Port$qqri$ClearPorts$qqrv
String ID:
API String ID: 3204701234-0
Opcode ID: 2bcb55bbae411beecbe8a7c248f6d0b760d9b7276a10aedf0b5a11def28c94df
Instruction ID: 3ed84f76db8eedfcb4c5a17ff71e4a9d7293934285841dbc6bffa7da9565b818
Opcode Fuzzy Hash: 2bcb55bbae411beecbe8a7c248f6d0b760d9b7276a10aedf0b5a11def28c94df
Instruction Fuzzy Hash: 6241F6352495804AC728AA18C8C477FB3DDAF96741F2C8D6BD1C1C3774D67A8883934A

Function 00554E88 Relevance: 4.5, APIs: 3, Instructions: 43clipboardCOMMON

Download Yara Rule

APIs

GetClipboardData.USER32(00000001), ref: 00554E9E
GlobalLock.KERNEL32(00000000), ref: 00554EBE
GlobalUnlock.KERNEL32(00000000), ref: 00554EEC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Global$ClipboardDataLockUnlock
String ID:
API String ID: 464912530-0
Opcode ID: 489b0ed81f9b97ba1989ea558630da9b630975d29fdf547d0e6b03e9bd7c3703
Instruction ID: e4df34a36a0266c9269a3c30cb3ae866d99622ae4bfe7eafafa6113b56df9f5a
Opcode Fuzzy Hash: 489b0ed81f9b97ba1989ea558630da9b630975d29fdf547d0e6b03e9bd7c3703
Instruction Fuzzy Hash: 66018B30A00204AFCB15DFA9C99AA9EBBF8FB48305F2044A6B905D7691DA749D84CB52

Function 0051C168 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0051C174
GetCursorPos.USER32(?), ref: 0051C191
WaitForSingleObject.KERNEL32(00000000,00000064), ref: 0051C1B1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CurrentCursorObjectSingleThreadWait
String ID:
API String ID: 1359611202-0
Opcode ID: 06feddde360ec1d690c7440b086402a370c4ac1840ea57b70f2a50872f44535d
Instruction ID: d278eeacefb025d56790e9620592235fda1fd325bd1aa8599c191b8d9c50bc68
Opcode Fuzzy Hash: 06feddde360ec1d690c7440b086402a370c4ac1840ea57b70f2a50872f44535d
Instruction Fuzzy Hash: CBF0E9311C4385ABFB14E799EC8ABD87FD9BB84310F000523E1418B292FB72D8C4CA15

Function 0046A64C Relevance: 4.5, APIs: 3, Instructions: 33sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0046A658
Sleep.KERNEL32(00000001,00000000,?,?,0047F925,00000064,00000000), ref: 0046A67F
GetTickCount.KERNEL32 ref: 0046A691

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountTick$Sleep
String ID:
API String ID: 4250438611-0
Opcode ID: ee8a76ba6394b5abecbd923a124169bab5388c6cf4f929442424fc668920272f
Instruction ID: 060251e639e4cba7e706e19c30d515a64fb4b5d37509aeccfbd9823627981bf6
Opcode Fuzzy Hash: ee8a76ba6394b5abecbd923a124169bab5388c6cf4f929442424fc668920272f
Instruction Fuzzy Hash: 50F06521710B1257D62069EDD4C5B56268CAB42354F1C0137B945EB313ECAACC959B9B

Function 0046CE7C Relevance: 4.5, APIs: 3, Instructions: 30windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0046CE8A

Part of subcall function 0051D368: IsIconic.USER32(?), ref: 0051D370
Part of subcall function 0051D368: SetActiveWindow.USER32(?,?,?,?,0046CE9F,?), ref: 0051D381
Part of subcall function 0051D368: IsWindowEnabled.USER32(00000000), ref: 0051D3A4
Part of subcall function 0051D368: NtdllDefWindowProc_A.NTDLL(?,00000112,0000F120,00000000,00000000), ref: 0051D3BD
Part of subcall function 0051D368: SetWindowPos.USER32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0051D403
Part of subcall function 0051D368: SetFocus.USER32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0051D448

ShowWindow.USER32(?,00000009,?), ref: 0046CEAD
SetForegroundWindow.USER32(?), ref: 0046CEBE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$Iconic$ActiveEnabledFocusForegroundNtdllProc_Show
String ID:
API String ID: 653761443-0
Opcode ID: 7d3c2c2fbac0f6479ebfc3e34e328877cc19947ebd95b9528b3a553db734f3b2
Instruction ID: 2d1a13ba983381f5c8db94c4d0822db5ef1f4172618c9b02cfc386442a780096
Opcode Fuzzy Hash: 7d3c2c2fbac0f6479ebfc3e34e328877cc19947ebd95b9528b3a553db734f3b2
Instruction Fuzzy Hash: 75F03AB43406018FC700EFA4C8C9D6273B6BB8D300B1441AAE901DF3A6DB36EC4ACB11

Function 0046C9A4 Relevance: 4.5, APIs: 3, Instructions: 28keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000010), ref: 0046C9BA
GetKeyState.USER32(00000011), ref: 0046C9CA
GetKeyState.USER32(00000012), ref: 0046C9DA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 9732bbef66dc15802298617cf6935fd41756f9ef2bbaab8643e3766ad749a2a8
Instruction ID: 55ff236951888be7884e94237187d5c68e9a06042c64ddf2559f2a81fc50fa41
Opcode Fuzzy Hash: 9732bbef66dc15802298617cf6935fd41756f9ef2bbaab8643e3766ad749a2a8
Instruction Fuzzy Hash: 17E065A448838974EF4462D0894F7FD7F781F50768F00109AF680360C3E9E6120E5177

Function 00480FA0 Relevance: 3.0, APIs: 2, Instructions: 44networkCOMMON

Download Yara Rule

APIs

WSAAsyncSelect.WS2_32(?,?,0000040B,00000000), ref: 00480FC9
closesocket.WS2_32(?), ref: 00480FD2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AsyncSelectclosesocket
String ID:
API String ID: 3964318154-0
Opcode ID: 1bf12ebde5986ac82ed598ee13e13c6759939d1beb90094fcc1ae67b865acd3c
Instruction ID: 1ca76fb7db54a666e9e8aed0ab52e9a59d0739474ecdaed611da0440ed71be8e
Opcode Fuzzy Hash: 1bf12ebde5986ac82ed598ee13e13c6759939d1beb90094fcc1ae67b865acd3c
Instruction Fuzzy Hash: 0801ED716006018FCB24EF68C5C0955BBE6EF89310714C6AAD9158F3AAE774EC45DB94

Function 004712DC Relevance: 3.0, APIs: 2, Instructions: 40fileCOMMON

Download Yara Rule

APIs

ClearCommError.KERNEL32(?,?,?), ref: 004712F6
ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0047131A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ClearCommErrorFileRead
String ID:
API String ID: 2973508916-0
Opcode ID: 4572f5e0d098a9642495dce6de1918126f5272f260c002a72654fcb7a40398a8
Instruction ID: cf35733ad97f58495d376780886a555652d485b308697651ef56d6b30b133f49
Opcode Fuzzy Hash: 4572f5e0d098a9642495dce6de1918126f5272f260c002a72654fcb7a40398a8
Instruction Fuzzy Hash: 9CF030722042116BE714A56EDD80DEB77ECAFC5760F048A2EBD4CC7261EA34DD4187A6

Function 004D0B9C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,?,?,004B5704), ref: 004D0BB7
GetLastError.KERNEL32(00000000,?,?,?,?,004B5704), ref: 004D0BDC

Part of subcall function 004D0B38: FileTimeToLocalFileTime.KERNEL32(?), ref: 004D0B65
Part of subcall function 004D0B38: FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 004D0B74

Part of subcall function 004D0C10: FindClose.KERNEL32(?,?,004D0BDA,00000000,?,?,?,?,004B5704), ref: 004D0C1C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FileTime$Find$CloseDateErrorFirstLastLocal
String ID:
API String ID: 976985129-0
Opcode ID: 880a81fea940de465c861742abe3a1fe71a004a376ab38bfbb8858fb0cea0d3d
Instruction ID: 4b596efb02e998a742e2a97fa217e1af359641137d7f34f3e0af67ee837ff139
Opcode Fuzzy Hash: 880a81fea940de465c861742abe3a1fe71a004a376ab38bfbb8858fb0cea0d3d
Instruction Fuzzy Hash: 38E02B76B09121074724AEBE0C9529F65CC9A85B78708037BF914EF342C93CCC0243E5

Function 0046CE24 Relevance: 3.0, APIs: 2, Instructions: 27windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0046CE32

Part of subcall function 0051D2B8: IsIconic.USER32(?), ref: 0051D2C0
Part of subcall function 0051D2B8: SetActiveWindow.USER32(?,?,?,?,0046CE47,?), ref: 0051D2D8
Part of subcall function 0051D2B8: IsWindowEnabled.USER32(00000000), ref: 0051D2FB
Part of subcall function 0051D2B8: SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000040,00000000), ref: 0051D324
Part of subcall function 0051D2B8: NtdllDefWindowProc_A.NTDLL(?,00000112,0000F020,00000000,?,00000000,?,?,?,00000000,00000040,00000000), ref: 0051D339

ShowWindow.USER32(?,00000000), ref: 0046CE5B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$Iconic$ActiveEnabledNtdllProc_Show
String ID:
API String ID: 1578708594-0
Opcode ID: 24c74bd01a38de346760989b8a72f0bfbb8059b8987b0964330e82b5f63acf5c
Instruction ID: 870e22f45357aca25dd2f7fc53240f8adaa6cd85acbd996c24ff2c9c9f180bf8
Opcode Fuzzy Hash: 24c74bd01a38de346760989b8a72f0bfbb8059b8987b0964330e82b5f63acf5c
Instruction Fuzzy Hash: E1F0F8753002018FDB50EF68C4C8B6677B5BB5E300F5441A6E908EF3A6DB75E888DB15

Function 00563464 Relevance: 3.0, APIs: 2, Instructions: 24threadCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00563528,?,00000000,?,?,00558B81,00558BA4,?,00000000,00558BFC,00000001), ref: 0056346A
GetCurrentThreadId.KERNEL32 ref: 00563489

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CurrentThreadVersion
String ID:
API String ID: 888907627-0
Opcode ID: ff1b8a62a1a32cb7afdc757f981d6f63f7a64cd21003b2bc52665c120acf5b6c
Instruction ID: 49037cd221d902febeb98172226a295442336a61dae5d5745e0fa8e6a3e0909e
Opcode Fuzzy Hash: ff1b8a62a1a32cb7afdc757f981d6f63f7a64cd21003b2bc52665c120acf5b6c
Instruction Fuzzy Hash: A9E012A1A1861157EF26263C854D73AA98AF7C5373F614A2AB080C72CEDE78C9C1E255

Function 0055DB54 Relevance: 3.0, Strings: 2, Instructions: 515COMMON

Download Yara Rule

Strings

+, xrefs: 0055DCD8
IoF, xrefs: 0055DF93

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: +$IoF
API String ID: 0-1576203491
Opcode ID: e98707ab777a4609972d2f351936b811216847aeb0a7b6d90700142fec381d3f
Instruction ID: 3d2a05330d0c14eab21707283620375d4cec3f8259f5446c50b18bb518f984d1
Opcode Fuzzy Hash: e98707ab777a4609972d2f351936b811216847aeb0a7b6d90700142fec381d3f
Instruction Fuzzy Hash: B9226B71D04209DFDF28CF98C8A57AEBFB1BF85312F24459AD815A7281D3749A89CB60

Function 0046F80C Relevance: 2.8, Strings: 2, Instructions: 323COMMON

Download Yara Rule

Strings

Not found ", xrefs: 0046FA90
D, xrefs: 0046FBA6

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: D$Not found "
API String ID: 0-1839852998
Opcode ID: ec0794faaeb50f8aaf5ac46c8f4a7a18e04887f272a58e6ddb0e8bd4b1758bfe
Instruction ID: d8901d85db32938ab7994d813a480ba71ef4b2d076c985d52fbd2038d6736ddd
Opcode Fuzzy Hash: ec0794faaeb50f8aaf5ac46c8f4a7a18e04887f272a58e6ddb0e8bd4b1758bfe
Instruction Fuzzy Hash: 3DD18E70A042499BDB10DFA4D449BEEFBB1FF44304F24816AE445AB396EB349D4ECB91

Function 00498D64 Relevance: 2.8, Strings: 2, Instructions: 319COMMON

Download Yara Rule

Strings

Shortcut key, xrefs: 00499110
NONE, xrefs: 00498EE9

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser
String ID: NONE$Shortcut key
API String ID: 2492992576-2870846253
Opcode ID: c29f8e03116a9119ebb1235037b0b32f96d163ddde7c68e3de01c25ac5181c3c
Instruction ID: 16dfddaa8b50ea9b002e4e627b45a5ffb19be09804c02ee6e10a1187959fcea6
Opcode Fuzzy Hash: c29f8e03116a9119ebb1235037b0b32f96d163ddde7c68e3de01c25ac5181c3c
Instruction Fuzzy Hash: 97D1C674600205CFDB14DF54C886AAAB7F1FF98300F24927AD8029B3A6DB35ED4ADB55

Function 0047D080 Relevance: 1.7, APIs: 1, Instructions: 229COMMON

Download Yara Rule

APIs

@TcmSocket@WSAStartup$qqrv.Z39UARTASSIST ref: 0047D0DA

Part of subcall function 004CA180: GetClassInfoA.USER32(00400000,004CA170,?), ref: 004CA1A1
Part of subcall function 004CA180: UnregisterClassA.USER32(004CA170,00400000), ref: 004CA1CA
Part of subcall function 004CA180: RegisterClassA.USER32(00599E68), ref: 004CA1D4
Part of subcall function 004CA180: CreateWindowExA.USER32(00000080,004CA170,004CA230,80000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 004CA202
Part of subcall function 004CA180: SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 004CA21F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Class$Window$CreateInfoLongRegisterSocket@Startup$qqrvUnregister
String ID:
API String ID: 506659260-0
Opcode ID: bcfc240beba05b0b99f9b1a7189c87dc4358fc1b5386648908aaa10319fd2190
Instruction ID: 3dcc687a8482c0fc19a2d8ac13b3aa884233653d286cbc25769d5c9c2940d2c5
Opcode Fuzzy Hash: bcfc240beba05b0b99f9b1a7189c87dc4358fc1b5386648908aaa10319fd2190
Instruction Fuzzy Hash: 68A1FA74A04651CFDB08CF29C4D5B557BE2BF8A304F1881F9D1098F3AAD771A84ACB56

Function 00459688 Relevance: 1.6, Strings: 1, Instructions: 334COMMON

Download Yara Rule

Strings

\, xrefs: 004599E2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 0bf937c3ab052662f3970d9552de3499b178c677ba8159b0fd3a44f1405b8964
Instruction ID: 0cb21788426ea55a55693d0181be014dcd6e0cfa3cf0b6cd8e79112269ea2c37
Opcode Fuzzy Hash: 0bf937c3ab052662f3970d9552de3499b178c677ba8159b0fd3a44f1405b8964
Instruction Fuzzy Hash: ABD1A130A00206DFDB10EF68C4856AEBBB1FF49305F14816BEC05A7762DB34AC4ADB95

Function 00522408 Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 0052246D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: 417b2f96a0ae8936e95e97938c470214b07730a809a446bb35a007eac9da92d5
Instruction ID: c55bc33119b3ebdbe3710806638f1605536d1fcb26cd87bb75126c91c4acfa7c
Opcode Fuzzy Hash: 417b2f96a0ae8936e95e97938c470214b07730a809a446bb35a007eac9da92d5
Instruction Fuzzy Hash: 49F0C276604214BF9B00DF9AE881C56BBECFF4A320B5180A6F908C7240D270AC00CAB0

Function 00475224 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000800,00000001,00000008,00000008), ref: 00475235

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 50f9e8ea422251af3319eb0e178f302e1ce1597130f262721392b385753c815c
Instruction ID: 390fecb41578127fc535d1094b578c189a5c93e5099c82aa481588a54e638e00
Opcode Fuzzy Hash: 50f9e8ea422251af3319eb0e178f302e1ce1597130f262721392b385753c815c
Instruction Fuzzy Hash: 59F0821060CB8094EF2081B515957BF5BDA0BC3B61F74CDABF1988D2D6C6ADCCC54A0A

Function 004D2760 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 004D2768

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: LocalTime
String ID:
API String ID: 481472006-0
Opcode ID: 50ca3ed84b766c4e68341c486f2f49d3157038e421a4f60fcfc727dcf80bda13
Instruction ID: bc068e1a26321123b5c8ae87138531ad48d0fd0ead057ac2c96871db6c238a8f
Opcode Fuzzy Hash: 50ca3ed84b766c4e68341c486f2f49d3157038e421a4f60fcfc727dcf80bda13
Instruction Fuzzy Hash: F4E0AE68408603A1C200BF55C8414AEBBA9EEA8B40F408C4DF8E842362EB7584E9C76B

Function 00564A10 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

F, xrefs: 00564AAC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: f12620469e6195ff6b3f086a9566052c72c44a31c46827ea05fcd860cb2cae4a
Instruction ID: 0c73e3be917a75df805b83a29a7e567543e261ea20688bd9b0d74acf451514c1
Opcode Fuzzy Hash: f12620469e6195ff6b3f086a9566052c72c44a31c46827ea05fcd860cb2cae4a
Instruction Fuzzy Hash: 0B515271F042099BEB08CEADC8907BEBAE7FBC8314F548139D509E7390EA749E459B54

Function 0047D6E0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

ALL CLIENTS (, xrefs: 0047D745

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: ALL CLIENTS (
API String ID: 0-2699958977
Opcode ID: 02686ecdefde075e2016263a5bda7d0eb8c0e8d5ac53a2e0dc28ae680d929695
Instruction ID: 4953893149b90c79d26c0c76dc448c0ee8ca9b6e81430ee56d65598ba0c38d01
Opcode Fuzzy Hash: 02686ecdefde075e2016263a5bda7d0eb8c0e8d5ac53a2e0dc28ae680d929695
Instruction Fuzzy Hash: 32410C74D0010A9FCB40DF94C485AEDBBF5FF88304F1485BADC19AB356EB7059458B90

Function 0046FC98 Relevance: .9, Instructions: 897COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad8a11e5f98dca693c592dc75dfb0c00dcb0ee249566be7c5a4c42b14c314e4
Instruction ID: 132ddccee263693c88174c27be57bac39ba8c6d62b4f4a28235b5a4d50d09241
Opcode Fuzzy Hash: fad8a11e5f98dca693c592dc75dfb0c00dcb0ee249566be7c5a4c42b14c314e4
Instruction Fuzzy Hash: FE92EB7090021ACBCF54DF60C885BEEB7B9FF84304F5085E6D809AB246EB349A4ADF55

Function 00448F50 Relevance: .7, Instructions: 678COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13c2339d675f7a93d8aa1ac7a1eecbe6d8c884d893553a2f675aec8f0d68568
Instruction ID: 9db91b4adc9156d852d41c49aed02a244f377ac3ece411c4a5ee62dc4c7859f2
Opcode Fuzzy Hash: c13c2339d675f7a93d8aa1ac7a1eecbe6d8c884d893553a2f675aec8f0d68568
Instruction Fuzzy Hash: 2952317061060ADFD724EF64C455BAEF7F5FF88304F108669E4459B692EB34AE0ACB90

Function 00453568 Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444725327012288e9d60d1cc43df9c9f7158e0de57e8a13ca44cf76b5694fe01
Instruction ID: 464a65f3c436847b941a4ca97c23461059f44e7210b953683ca04a521041e540
Opcode Fuzzy Hash: 444725327012288e9d60d1cc43df9c9f7158e0de57e8a13ca44cf76b5694fe01
Instruction Fuzzy Hash: D122AC70A00609DFDB24DFA4C484BEEF7B5FF84301F14866AD8059B392DB74AA49CB55

Function 004121D4 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de9b8751f5c1dd792a4bf61994f54403960f67ed1eb753052d127139ff0159bf
Instruction ID: e89083a4d78e234e513c5fce97614c028be74519dfdc3e2402c45d7c5394194b
Opcode Fuzzy Hash: de9b8751f5c1dd792a4bf61994f54403960f67ed1eb753052d127139ff0159bf
Instruction Fuzzy Hash: 2ED16E3410C6D05AC72E662802F41FFAFE54D53704F289C9FD4E6CA6A2C19C89F6962F

Function 004593CC Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30a2badb18b0207f024bd25698c059ef836d798b42a4de93e2cb8cce02e9a3c1
Instruction ID: d43ee696f5d1fad4eb9873d3081dc4c826ad2ba0c182f5e95e3f3074df139a65
Opcode Fuzzy Hash: 30a2badb18b0207f024bd25698c059ef836d798b42a4de93e2cb8cce02e9a3c1
Instruction Fuzzy Hash: 0C814B7090060ADFCB24DFA0C4856EEF7B9FF84304F10866AD81563656EB74AE0EDB95

Function 00465CC0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca894e109528985b7eb5be67d7f56f31fedcc0fc3cf1d7290bb91b35a6696419
Instruction ID: c9ac72d6e4b5b6736eab77cabc7e03b5cba5bda46ab244416d66b945c81588cd
Opcode Fuzzy Hash: ca894e109528985b7eb5be67d7f56f31fedcc0fc3cf1d7290bb91b35a6696419
Instruction Fuzzy Hash: 6D715C1580DBC6A9CB268BB441A02EFFFF14E6B204F1CD9CDC4E52B743D025964AE365

Function 0045D790 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ca6247673bbc5a7f773a3b008cc83db5503bee9d296b0384becdb46f5f2e4b
Instruction ID: 72e8e6f8fe4756c90f047d5d42ddc4a579c16699435a89af346cc686e4771f73
Opcode Fuzzy Hash: e4ca6247673bbc5a7f773a3b008cc83db5503bee9d296b0384becdb46f5f2e4b
Instruction Fuzzy Hash: 135168743005518BD744EF29D4D9A9973E6AF88308F7691B9E8094F36BCA36AC46CB44

Function 0048118C Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34690f31bd326ec1b73d404df01640cb0ffad532df5b3221e104e5cf9d1276d4
Instruction ID: afb61c074ff13b2c8d41975a09680aeec19a1cb5906268e8c250f048024f542e
Opcode Fuzzy Hash: 34690f31bd326ec1b73d404df01640cb0ffad532df5b3221e104e5cf9d1276d4
Instruction Fuzzy Hash: A501D6756102418FCB08EF58C5C8859BBE6EF89320325CAA7D918CF366D374E886DB84

Function 0046A6A4 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83308a538a107ee3f53cf226f6921f9ce9b52a21c6a6af46740f1d1dc133e450
Instruction ID: 68c3ea505a4d46be7f7b84c89b5137730997ca6683e4e54534c024c14fdd666a
Opcode Fuzzy Hash: 83308a538a107ee3f53cf226f6921f9ce9b52a21c6a6af46740f1d1dc133e450
Instruction Fuzzy Hash: D7F05E75D046088BCB04CF9ED5415DEFBF4FF89324F24813BE809B2310E67448008AAA

Function 00469940 Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 379COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 00469CBA
closesocket.WS2_32(00000000), ref: 00469D99

Strings

client[%d] timeout, xrefs: 00469A0C
accepted=%d, xrefs: 00469C6F
select timeout!, xrefs: 00469C82
@, xrefs: 00469BEB
bye, xrefs: 00469C59
max connections arrive!, xrefs: 00469C4A
new connection client[%d] %s:%d, xrefs: 00469C22
client[%d] close, xrefs: 00469B03
error:select fail!, xrefs: 00469C8F
error:select fail!, xrefs: 00469D5F
client[%d] close, xrefs: 00469D4C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: closesocket
String ID: @$accepted=%d$bye$client[%d] close$client[%d] close$client[%d] timeout$error:select fail!$error:select fail!$max connections arrive!$new connection client[%d] %s:%d$select timeout!
API String ID: 2781271927-627017823
Opcode ID: 0d2ec306be84126ada6baac00bd261c2013041114e6e43b553e269e0d6c81152
Instruction ID: 1e936e13312d793f1e903a8007e44e0081c1880719d99049a5c8cf9feadee8e9
Opcode Fuzzy Hash: 0d2ec306be84126ada6baac00bd261c2013041114e6e43b553e269e0d6c81152
Instruction Fuzzy Hash: 72E15270A00215DFCF14DF94C985AAEBBF9FF89700F20859AE809AB345E774AD41CB65

Function 0047A168 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 237synchronizationsleepfileCOMMON

Download Yara Rule

APIs

WaitCommEvent.KERNEL32(?,?,?), ref: 0047A1FA
GetLastError.KERNEL32(?,00000080,?,?,?,00000000,?,?,?), ref: 0047A210
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00000080,?,?,?,00000000,?,?,?), ref: 0047A230
SetCommMask.KERNEL32(?,000001B9,?,00000080,?,?,?,00000000,?,?,?), ref: 0047A264
Sleep.KERNEL32(0000000A,?,?,?), ref: 0047A292
ClearCommError.KERNEL32(?,?,?,0000000A,?,?,?), ref: 0047A2A2
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,0000000A,?,?,?), ref: 0047A2C7
ReleaseMutex.KERNEL32(?,?,?,?), ref: 0047A307
Sleep.KERNEL32(00000032,?,?,?,?), ref: 0047A30E
WaitForSingleObject.KERNEL32(?,000000FF,00000032,?,?,?,?), ref: 0047A318
ReadFile.KERNEL32(?,?,00000000,?,?,?,?,?), ref: 0047A343
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?), ref: 0047A36D
WaitForSingleObject.KERNEL32(?,00000032,?,?,00000000,?,?,?,?,?), ref: 0047A384
GetOverlappedResult.KERNEL32(?,?,?,00000000,?,00000032,?,?,00000000,?,?,?,?,?), ref: 0047A39C
CancelIo.KERNEL32(?,?,?,?,00000000,?,00000032,?,?,00000000,?,?,?,?,?), ref: 0047A3AE
ReleaseMutex.KERNEL32(?,?,?,00000000,?,?,?,?,?), ref: 0047A3C9
SetEvent.KERNEL32(?,?,?,?,00000000,?,?,?,?,?), ref: 0047A3D7
GetCommModemStatus.KERNEL32(?,?), ref: 0047A3F9
SendMessageA.USER32(?,0000040C,00000000,00000138), ref: 0047A459
ClearCommError.KERNEL32(?,?,00000000,?,?,?), ref: 0047A476

Strings

@, xrefs: 0047A426

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommWait$Error$ObjectSingle$ClearEventLastMutexReleaseSleep$CancelFileMaskMessageModemMultipleObjectsOverlappedReadResultSendStatus
String ID: @
API String ID: 2733734623-2766056989
Opcode ID: 28b8a7ae85ccb666b4eb913ecdd801b59d15a0e49b3680ecc7f0f12508cd5490
Instruction ID: c935c95ecb155f3f7ae4ec511a2613725e44156cdce3d93b5f5215494a85d5b0
Opcode Fuzzy Hash: 28b8a7ae85ccb666b4eb913ecdd801b59d15a0e49b3680ecc7f0f12508cd5490
Instruction Fuzzy Hash: 1DA18F30D0020ADFDF05DBA4C849BEEBBB5BF84300F1481AAE818773A2D7395A51DB56

Function 00478B98 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

@, xrefs: 00478CF6
\\.\COM%d, xrefs: 00478C13

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: @$\\.\COM%d
API String ID: 0-2400376008
Opcode ID: 5834b072ba12489e84e5e4c9eba3775e4291fbc025901568f8a5a98a6e85cc9d
Instruction ID: 84eec48c610e1811c644f13a998f8e87f29ccdc031cd3685deea62d75003a99e
Opcode Fuzzy Hash: 5834b072ba12489e84e5e4c9eba3775e4291fbc025901568f8a5a98a6e85cc9d
Instruction Fuzzy Hash: C8517130640249EFDB11DBA4CA89BDDBBB2BF55304F248199E5146F392CB35AF42EB44

Function 00527840 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 454windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00527368: SystemParametersInfoA.USER32(00000029,00000000,00000154,00000000), ref: 005273A5
Part of subcall function 00527368: CreateFontIndirectA.GDI32(?), ref: 005273B2

Part of subcall function 005271A0: GetTextExtentPointA.GDI32(00000000,00000034,00000034,?), ref: 005271DB

MulDiv.KERNEL32(00000008,?,00000004), ref: 005278ED
MulDiv.KERNEL32(00000008,?,00000008), ref: 005278FD
MulDiv.KERNEL32(0000000A,?,00000004), ref: 0052790A
MulDiv.KERNEL32(0000000A,?,00000008), ref: 00527917
MulDiv.KERNEL32(00000032,?,00000004), ref: 00527924
DrawTextA.USER32(00000000,00000000,000000FF,?,00000000), ref: 00527997
MulDiv.KERNEL32(0000000E,?,00000008), ref: 005279CA
MulDiv.KERNEL32(00000004,?,00000004), ref: 005279DA
SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 00527A00
DrawTextA.USER32(00000000,00000000,00000001,?,00000000), ref: 00527A38
LoadIconA.USER32(00000000), ref: 00527B94

Part of subcall function 0051D4A4: GetWindowTextA.USER32(?,?,00000100), ref: 0051D4C7

Strings

Image, xrefs: 00527B79
@rR, xrefs: 00527879
)~R, xrefs: 00527890, 0052789A, 005278A2, 005278AA, 005278B5, 005278BF, 005278C2, 005278D5, 00527A05, 00527A2A, 00527AAA, 00527AC2, 00527ADF, 00527AEE, 00527B0B, 00527B1A, 00527B5B, 00527BC3, 00527BD4, 00527BE9, 00527C10, 00527C96, 00527CD2, 00527CF1, 00527D6D, 00527C35, 00527B67, 00527B86, 00527B3F, 0052795F, 00527989
Message, xrefs: 00527BDD
tQ, xrefs: 00527B6C
, xrefs: 00527A64

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Text$Draw$CreateExtentFontIconIndirectInfoLoadParametersPointRectSystemWindow
String ID: $)~R$@rR$Image$Message$tQ
API String ID: 4220236395-2867865877
Opcode ID: 96a672ddb745dbd707de5d95f56a832fdcf2f58c358719c7517e6b7f291b669f
Instruction ID: 2f587948e6546c8affe589d3d953d16b4f75b4c8995304bbc01c304ff42213cb
Opcode Fuzzy Hash: 96a672ddb745dbd707de5d95f56a832fdcf2f58c358719c7517e6b7f291b669f
Instruction Fuzzy Hash: 3A026974E04219AFDB00EFA8D885AADBBF5FF49304F148165E904EB3A2DB70AD45CB54

Function 00479A44 Relevance: 27.2, APIs: 18, Instructions: 228fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00479AD9
PurgeComm.KERNEL32(?,0000000A), ref: 00479AEC
WriteFile.KERNEL32(?,?,00000000,?,?,?,0000000A), ref: 00479B10
GetTickCount.KERNEL32 ref: 00479BA8
ClearCommError.KERNEL32(?,?,?,?,0000000A), ref: 00479BF3
ReadFile.KERNEL32(?,?,00000000,?,?,?,?,?,?,0000000A), ref: 00479C23
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,0000000A), ref: 00479C64
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,?,?,?,00000000,?,?,?,?,?,?,0000000A), ref: 00479C7B
CancelIo.KERNEL32(?,00000002,?,00000000,?,?,?,00000000,?,?,?,?,?,?,0000000A), ref: 00479C94
GetTickCount.KERNEL32 ref: 00479CDD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountTick$CommErrorFile$CancelClearLastMultipleObjectsPurgeReadWaitWrite
String ID:
API String ID: 3482357270-0
Opcode ID: 7738cafa0d0bd7a0dff5756cc0e7eba41927de4995da0083227f5e47d7c69100
Instruction ID: 77735d3968dffb551a946bbd67a46e4229fd963b3a0d33d952a19882a14ba5a1
Opcode Fuzzy Hash: 7738cafa0d0bd7a0dff5756cc0e7eba41927de4995da0083227f5e47d7c69100
Instruction Fuzzy Hash: A4A11930900209EFDF15CFA8C945BEEBBB5FF48300F24825AE41567295D7789E41DB69

Function 004655EC Relevance: 26.7, APIs: 5, Strings: 10, Instructions: 448networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,00000000), ref: 00465A19
send.WS2_32(?,?,00000000,00000000), ref: 00465A4A
send.WS2_32(?,?,00000000,00000000), ref: 00465A77
shutdown.WS2_32(?,00000001), ref: 00465A82
closesocket.WS2_32(?), ref: 00465ABD

Strings

###set response Content-Length error, xrefs: 004659F7
not enough response buffer memory, xrefs: 004657E6
Cookie:, xrefs: 004658D5
Content-Length:, xrefs: 004659AC
chunked, xrefs: 00465724
, xrefs: 004656DA
Content-Length:, xrefs: 0046573F
0, xrefs: 0046578C
Content-Type:, xrefs: 00465878
Transfer-Encoding:, xrefs: 00465702

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: send$closesocketshutdown
String ID: Content-Length:$Content-Length:$Content-Type:$Cookie:$Transfer-Encoding:$$0$###set response Content-Length error$chunked$not enough response buffer memory
API String ID: 2486240241-3847305090
Opcode ID: fbf41e5398fd47bea78256555b7cf9bd1e388e2bcdacf7b267e111f27b2f3c74
Instruction ID: f8e1ddf31e89e20b1b791794916ffa31bd7028f41db28e64236cf5bb0f4b539e
Opcode Fuzzy Hash: fbf41e5398fd47bea78256555b7cf9bd1e388e2bcdacf7b267e111f27b2f3c74
Instruction Fuzzy Hash: 4EF1C474E04A09DFCB14DFA4D8D0AAEBBB5BF49310F24815AE815AB341E738DD41CB96

Function 004863F0 Relevance: 25.7, APIs: 17, Instructions: 215COMMON

Download Yara Rule

APIs

SetBkColor.GDI32(00000000,00000000), ref: 0048641B
SetTextColor.GDI32(00000000,00000000), ref: 00486437
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00000000), ref: 00486458
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST ref: 00486469

Part of subcall function 0050A7FC: StretchBlt.GDI32(?,00000000,?,?,?,?,?,?,00000000,?,?), ref: 0050A866

SelectObject.GDI32(00000000,00000000), ref: 004864EC
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00660046,00000000,00000000), ref: 00486501
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00000000,00660046,00000000,00000000), ref: 0048650A
SelectObject.GDI32(00000000,00000000), ref: 00486530
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00220326,00000000,00000000), ref: 00486542
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00000000,00220326,00000000,00000000), ref: 0048654B
SelectObject.GDI32(00000000,00000000), ref: 00486571
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00660046,00000000,00000000), ref: 00486583
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000,00000000,00000000,00000000,00660046,00000000,00000000), ref: 0048658C
SelectObject.GDI32(00000000,?), ref: 004865AD
DeleteDC.GDI32(00000000), ref: 004865B3
SetBkColor.GDI32(00000000,00000000), ref: 00486606
SetTextColor.GDI32(00000000,?), ref: 00486617

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Rect$Cmbitmap@Types@$ColorHeight$qqrrx11ObjectSelectWidth$qqrrx11$Text$DeleteStretch
String ID:
API String ID: 4071598654-0
Opcode ID: 57dbf09b4b9f246b46cb32a35602da45aa5bb04aeaad6b8476635a98239a948a
Instruction ID: 6babb6315c899d23e2139f8b5e47469768d549993ac683c3c5bcff611db2f8eb
Opcode Fuzzy Hash: 57dbf09b4b9f246b46cb32a35602da45aa5bb04aeaad6b8476635a98239a948a
Instruction Fuzzy Hash: C161E1B1A00109ABC741FBB9CC89ADF77FDAF48300B108466F515E7251DA74ED058BA5

Function 00443E64 Relevance: 24.2, APIs: 16, Instructions: 233synchronizationCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00443E89
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00443E9B
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00443EAD
WaitForSingleObject.KERNEL32(00000470,000003E8), ref: 00443F1F
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00444166

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateEvent$Wait$MultipleObjectObjectsSingle
String ID:
API String ID: 3372376733-0
Opcode ID: 91e68c8e23647b7fb13e467ee2ec75241dcd14bd7cafcd21f949a8593744b5c4
Instruction ID: 40e7b23f600549415d74285d2825283147c84e6fca51ee860a1eba6ae55d7817
Opcode Fuzzy Hash: 91e68c8e23647b7fb13e467ee2ec75241dcd14bd7cafcd21f949a8593744b5c4
Instruction Fuzzy Hash: 7D91E530E04206AFFB20DF69DC9679A7BF5BBA6300F10402BE505D73A1EB749989DB44

Function 0047C500 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 134libraryloaderCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0047C544
LoadLibraryA.KERNEL32(?), ref: 0047C595
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0047C5A6
FreeLibrary.KERNEL32(00000000,00000000,getaddrinfo,?), ref: 0047C5B0
LoadLibraryA.KERNEL32(?), ref: 0047C5FF
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0047C610
FreeLibrary.KERNEL32(00000000,00000000,getaddrinfo,?), ref: 0047C61A
GetProcAddress.KERNEL32(00000000,00000000), ref: 0047C62E
FreeLibrary.KERNEL32(00000000,00000000,00000000,?,?,?,?,0047C3AB,00000000,?,00480BCC,0058784B,00000000,?,?), ref: 0047C63D

Strings

\wship6, xrefs: 0047C5EA
getaddrinfo, xrefs: 0047C60A
\ws2_32, xrefs: 0047C580
getaddrinfo, xrefs: 0047C5A0

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeProc$Load$DirectorySystem
String ID: \ws2_32$\wship6$getaddrinfo$getaddrinfo
API String ID: 2490988753-3742413742
Opcode ID: 309d718aa21de73299bbf85bf8346b70aabe9bbe94e03df0dec93b339cc0eea1
Instruction ID: 40d1e2c69d4c15b244160d5c05b411e2a910cd689fd0b416d14978a380eb817c
Opcode Fuzzy Hash: 309d718aa21de73299bbf85bf8346b70aabe9bbe94e03df0dec93b339cc0eea1
Instruction Fuzzy Hash: FA414772A0123557CB21DA389CC6AEF7A69FF85710F01826AFC09BB245DB74CE45C6E4

Function 00477940 Relevance: 21.5, APIs: 11, Strings: 1, Instructions: 468windowCOMMON

Download Yara Rule

APIs

InflateRect.USER32(?,000000FF,000000FF), ref: 004779AE

Part of subcall function 0050AA84: MoveToEx.GDI32(?,00000008,?,00000000), ref: 0050AAA2

Part of subcall function 0050AA24: LineTo.GDI32(?,00000004,?), ref: 0050AA47

InflateRect.USER32(?,000000FF,000000FF), ref: 004779E2
@Cmpicture@TcmPicture@RefreshPicture$qqrp16Graphics@TCanvasrx11Types@TRect.Z39UARTASSIST ref: 00477C70
@Cmpicture@TcmPicture@RefreshPicture$qqrp16Graphics@TCanvasrx11Types@TRect.Z39UARTASSIST ref: 00477C93

Part of subcall function 0050A9E8: FrameRect.USER32(?,?,00000000), ref: 0050AA10

DrawFrameControl.USER32(00000000,?,00000004,00000100), ref: 00477D4D
DrawFrameControl.USER32(00000000,?,00000004,00000100), ref: 00477D95
DrawFrameControl.USER32(00000000,?,00000004,00000100), ref: 00477DDD
@Cmcheckbutton@TcmCheckButton@DrawDiamond$qp16Graphics@TCanvasp11Types@TRectoo.Z39UARTASSIST(?,?,00000000,00000000), ref: 00477E09
@Cmcheckbutton@TcmCheckButton@DrawTrafficLight$qp16Graphics@TCanvasp11Types@TRect15Graphics@TColor.Z39UARTASSIST(?,?,00808080), ref: 00477E47
SetTextColor.GDI32(00000000,00000000), ref: 00477FAE
DrawFocusRect.USER32(00000000,00000004), ref: 00477FC6

Strings

8, xrefs: 00477F10

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: DrawRect$Graphics@$FrameTypes@$Control$Button@Canvasp11Canvasrx11CheckCmcheckbutton@Cmpicture@ColorInflatePicture$qqrp16Picture@Refresh$Diamond$qp16FocusLight$qp16LineMoveRect15RectooTextTraffic
String ID: 8
API String ID: 3436565992-4194326291
Opcode ID: 45edbc15c2efb9ee00ef55bf7f3777426afa08125f847ab3ae39a6962d853e7b
Instruction ID: d4f98eea86afc4175f91f420035bb7050b6286c2e7a35d124894872b3dbd95b5
Opcode Fuzzy Hash: 45edbc15c2efb9ee00ef55bf7f3777426afa08125f847ab3ae39a6962d853e7b
Instruction Fuzzy Hash: 29123F74A042099BCB14DFA8C8C9BDD77B1BF84304F5481B9EC099F39ADA34AD46CB95

Function 00414CB4 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 192COMMON

Download Yara Rule

APIs

@TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 00414E77
@TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 00414EA8
@TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 00414EC7
@TcmAutoUpgrader@NavigateUpgrade$qqripct2.Z39UARTASSIST(00000000), ref: 00414EF7

Strings

message, xrefs: 00414EBF
url, xrefs: 00414EA0
UartAssist, xrefs: 00414CF0
.sys, xrefs: 00414D2F
P, xrefs: 00414F33
version, xrefs: 00414E6D
Upgrade, xrefs: 00414DD9
COMMON, xrefs: 00414CDA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoUpgrader@$ConfigReadValue$qqrpct1pi$NavigateUpgrade$qqripct2
String ID: .sys$COMMON$P$UartAssist$Upgrade$message$url$version
API String ID: 232212697-2072344345
Opcode ID: 9d6ae04d4959d9a7fe37ac29dddfb0e9fd2f40ce0a794b54e7e61fe9a8a0a41b
Instruction ID: 1145c87a6e20a43ffb0e41052f02c90806a08b4331d60f32ca8d355d981f6bef
Opcode Fuzzy Hash: 9d6ae04d4959d9a7fe37ac29dddfb0e9fd2f40ce0a794b54e7e61fe9a8a0a41b
Instruction Fuzzy Hash: 99814D74E1121A9BCB00DFD4D885AEEF7B5FF84304F10412AE805AB365EB749946CF95

Function 0047A750 Relevance: 21.1, APIs: 14, Instructions: 80COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@fGetDataBits$qqrv.Z39UARTASSIST ref: 0047A77F
@cmSerialCommDriver32@TcmUart@fGetStopBits$qqrv.Z39UARTASSIST ref: 0047A78D
@cmSerialCommDriver32@TcmUart@fGetParity$qqrv.Z39UARTASSIST ref: 0047A79B
@cmSerialCommDriver32@TcmUart@fGetFCtrl$qqrv.Z39UARTASSIST ref: 0047A7C1
@cmSerialCommDriver32@TcmUart@BeginUpdate$qqrv.Z39UARTASSIST ref: 0047A7D1
@cmSerialCommDriver32@TcmUart@fSetPort$qqr15TCommPortNumber.Z39UARTASSIST ref: 0047A7DE
@cmSerialCommDriver32@TcmUart@fSetBaudRate$qqrul.Z39UARTASSIST ref: 0047A7EC
@cmSerialCommDriver32@TcmUart@fSetDataBits$qqr13TCommDataBits.Z39UARTASSIST ref: 0047A7FA
@cmSerialCommDriver32@TcmUart@fSetStopBits$qqr13TCommStopBits.Z39UARTASSIST ref: 0047A808
@cmSerialCommDriver32@TcmUart@fSetParity$qqr11TCommParity.Z39UARTASSIST ref: 0047A816
@cmSerialCommDriver32@TcmUart@fSetDTR$qqro.Z39UARTASSIST ref: 0047A824
@cmSerialCommDriver32@TcmUart@fSetRTS$qqro.Z39UARTASSIST ref: 0047A832
@cmSerialCommDriver32@TcmUart@fSetFCtrl$qqr12TFlowControl.Z39UARTASSIST ref: 0047A840
@cmSerialCommDriver32@TcmUart@EndUpdate$qqrv.Z39UARTASSIST ref: 0047A848

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@Serial$Uart@f$DataStop$BitsBits$qqr13Bits$qqrvUart@Update$qqrv$BaudBeginControlCtrl$qqr12Ctrl$qqrvFlowNumberParityParity$qqr11Parity$qqrvPortPort$qqr15R$qqroRate$qqrulS$qqro
String ID:
API String ID: 3879419089-0
Opcode ID: 432897437ce21b4ed59dfc7e3970da7c61682907535ef6670623c478928a9fe0
Instruction ID: 76dbbac18cc541e820a11b8b82099992defa9b102a932ade4ad803d5e903c3f9
Opcode Fuzzy Hash: 432897437ce21b4ed59dfc7e3970da7c61682907535ef6670623c478928a9fe0
Instruction Fuzzy Hash: D231FF34A04189EFCB05EFA5C5918DCFF72AF49214F2881D9D8886B353C636AF46DB45

Function 0047A498 Relevance: 19.7, APIs: 13, Instructions: 201windowsynchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,FFFFFFFF), ref: 0047A4F7
SendMessageA.USER32(?,0000040D,00000000,?), ref: 0047A528
GetTickCount.KERNEL32 ref: 0047A552
SendMessageA.USER32(?,0000040D,00000000,?), ref: 0047A579
GetTickCount.KERNEL32 ref: 0047A5EB
ReleaseMutex.KERNEL32(?,?,000000FF,00000002,?,00000000,FFFFFFFF), ref: 0047A618
SendMessageA.USER32(?,0000040D,?,?), ref: 0047A652
SendMessageA.USER32(?,0000040D,?,?), ref: 0047A67B
WaitForSingleObject.KERNEL32(?,000000FF,00000002,?,00000000,FFFFFFFF), ref: 0047A6B3
Sleep.KERNEL32(00000000,00000002,?,00000000,FFFFFFFF), ref: 0047A6D7
ReleaseMutex.KERNEL32(?,?,00000000,FFFFFFFF), ref: 0047A6FD
SendMessageA.USER32(?,0000040D,00000000,?), ref: 0047A720
WaitForSingleObject.KERNEL32(?,000000FF,00000002,?,00000000,FFFFFFFF), ref: 0047A737

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend$Wait$CountMutexObjectReleaseSingleTick$MultipleObjectsSleep
String ID:
API String ID: 3827106427-0
Opcode ID: 36f8392fb98c2ad0148afd00583c38d6fbc03b1732aaa407449cfe8de9e28f79
Instruction ID: 7b04c59c59fdbe7d480ac3e6ce9f17b19d4875baefb8ceec05f2dba27c1be293
Opcode Fuzzy Hash: 36f8392fb98c2ad0148afd00583c38d6fbc03b1732aaa407449cfe8de9e28f79
Instruction Fuzzy Hash: 4991F634D00109EFDF14DFA4C945AEEBBB2BF88300F24816AE514A72A1D7359E51DB96

Function 00471918 Relevance: 19.6, APIs: 13, Instructions: 141COMMON

Download Yara Rule

APIs

@TSyncUart@BeginUpdate$qqrv.Z39UARTASSIST(?,?,?,00471563), ref: 0047195A
@TSyncUart@Close$qqrv.Z39UARTASSIST(?,?,?,00471563), ref: 00471975
@TSyncUart@Open$qqrv.Z39UARTASSIST(?,?,?,00471563), ref: 00471982
@TSyncUart@fSetBaudRate$qqrul.Z39UARTASSIST(?,?,?,00471563), ref: 00471992
PurgeComm.KERNEL32(?,0000000D,?,?,?,00471563), ref: 004719CB
SetCommState.KERNEL32(?,?,?,0000000D,?,?,?,00471563), ref: 004719D8
PurgeComm.KERNEL32(?,0000000D,?,?,?,00471563), ref: 00471A10
SetCommState.KERNEL32(?,?,?,0000000D,?,?,?,00471563), ref: 00471A1D
PurgeComm.KERNEL32(?,0000000D,?,?,?,00471563), ref: 00471A55
SetCommState.KERNEL32(?,?,?,0000000D,?,?,?,00471563), ref: 00471A62

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Sync$PurgeStateUart@$BaudBeginClose$qqrvOpen$qqrvRate$qqrulUart@fUpdate$qqrv
String ID:
API String ID: 1959074725-0
Opcode ID: 76e70de54a4b132f6e0371cdb00a5c2819c6d9dcaf10432797080c1575ede372
Instruction ID: 01330e8dad6f8385e5b8bec593953e0f6f3fa80542d8413c0b2ce62412cf64c6
Opcode Fuzzy Hash: 76e70de54a4b132f6e0371cdb00a5c2819c6d9dcaf10432797080c1575ede372
Instruction Fuzzy Hash: 4051F565209AC3AAD325973D88617E7BFA67F46304F0CC00AD6D843B62C32AF859C795

Function 00465BC4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 84networksleepsynchronizationCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?,00000010), ref: 00465BE8
send.WS2_32(00000000,bye,00000004,00000000), ref: 00465C0D
closesocket.WS2_32(00000000), ref: 00465C13
Sleep.KERNEL32(00000BB8,?,?,00000010), ref: 00465C3D
ReleaseSemaphore.KERNEL32(?,00000001,00000000,00000BB8,?,?,00000010), ref: 00465C62
WaitForSingleObject.KERNEL32(?,000000FF,?,00000001,00000000,00000BB8,?,?,00000010), ref: 00465C6D
CloseHandle.KERNEL32(?,?,000000FF,?,00000001,00000000,00000BB8,?,?,00000010), ref: 00465C76
CloseHandle.KERNEL32(?,?,?,000000FF,?,00000001,00000000,00000BB8,?,?,00000010), ref: 00465C7F

Strings

HTTP server session count reach upper-limits, xrefs: 00465C18
Error: HTTP server accept faill, xrefs: 00465C25
bye, xrefs: 00465C05

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseHandle$ObjectReleaseSemaphoreSingleSleepWaitacceptclosesocketsend
String ID: Error: HTTP server accept faill$HTTP server session count reach upper-limits$bye
API String ID: 1186266293-1525878308
Opcode ID: f783776e7ff19ea49bcf21637d8d7124a92b85d71d4c5c6b21255c4d8dcb3331
Instruction ID: c4a64c1f4fe08a030a171952d1077933d7944ad1b26b9ccb02a658df699c1c24
Opcode Fuzzy Hash: f783776e7ff19ea49bcf21637d8d7124a92b85d71d4c5c6b21255c4d8dcb3331
Instruction Fuzzy Hash: 66210831640709ABCB10EF95CC86E9F776CFF80714F10454AFA01AB182EB74AD418765

Function 00478EF8 Relevance: 18.1, APIs: 12, Instructions: 130sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478F39
CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478F72
CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478FAB
Sleep.KERNEL32(00000001,000000FF,00000000), ref: 0047900A
WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0047901A
CloseHandle.KERNEL32(000000FF,000000FF,00000000,00000001,000000FF,00000000), ref: 0047902C
Sleep.KERNEL32(00000001,000000FF,00000000), ref: 0047905A
WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0047906A
CloseHandle.KERNEL32(000000FF,000000FF,00000000,00000001,000000FF,00000000), ref: 0047907C
Sleep.KERNEL32(00000001,000000FF,00000000), ref: 004790AA
WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 004790BA
CloseHandle.KERNEL32(000000FF,000000FF,00000000,00000001,000000FF,00000000), ref: 004790CC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseCreateHandleObjectSingleSleepThreadWait
String ID:
API String ID: 422747524-0
Opcode ID: 763901ef421159748abaefe3081a9e41b81b77b9ec5b0288b789fed49ef74146
Instruction ID: e9bfd4836574c35c35ae2c348fd7d30a9b3e5ef331bb6264d925fbaf99212845
Opcode Fuzzy Hash: 763901ef421159748abaefe3081a9e41b81b77b9ec5b0288b789fed49ef74146
Instruction Fuzzy Hash: D0511A34650205EBE764DB94C949FD9B7B2BB40314F2483BAE11C6B2D2C7761E82DB58

Function 0047BADC Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 318COMMON

Download Yara Rule

APIs

@Cmcheckbutton@TcmCheckButton@DrawButtonFrame$qp16Graphics@TCanvasp11Types@TRect18Controls@TBevelCuti.Z39UARTASSIST(?,?), ref: 0047BCD6

Part of subcall function 0050A9AC: FillRect.USER32(?,?,00000000), ref: 0050A9D4

Strings

,, xrefs: 0047BC65
000, xrefs: 0047BC58

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BevelButtonButton@Canvasp11CheckCmcheckbutton@Controls@CutiDrawFillFrame$qp16Graphics@RectRect18Types@
String ID: ,$000
API String ID: 1937672696-817360574
Opcode ID: fea6296fb1937f05879e423da13611e4dcebb8de487c6ae63942beb81d0ad53e
Instruction ID: 2a5d76c22a49115ac4d8b2f7892547c1e382b74523b4ae5821504b447d6786ee
Opcode Fuzzy Hash: fea6296fb1937f05879e423da13611e4dcebb8de487c6ae63942beb81d0ad53e
Instruction Fuzzy Hash: 06C18E706002059BCB04DF68C895BEB77B5FF89300F1481BAE90A9F396DB359D46CBA5

Function 004163D8 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 293COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(?,00000000,0056F11C,00000000,00000000,00000001), ref: 004167FA

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Part of subcall function 00509D20: MulDiv.KERNEL32(0000000B,?,00000048), ref: 00509D2D

Part of subcall function 0052D298: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

Strings

Uart Assistant, xrefs: 004164C4
A free license is currently employed whith limited features.You can get enhanced edition through purchasing software licensing., xrefs: 004163DE
MS Sans Serif, xrefs: 0041644E
Donate Us - , xrefs: 004164F1
donate/, xrefs: 00416773
8, xrefs: 004167C8
'V, xrefs: 004164C9, 0041651E, 00416558
tQ, xrefs: 00416671
http://www.cmsoft.cn/assistcenter/, xrefs: 00416787

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CallbackDispatcherUser$ExecuteShell
String ID: 'V$8$A free license is currently employed whith limited features.You can get enhanced edition through purchasing software licensing.$Donate Us - $MS Sans Serif$Uart Assistant$donate/$http://www.cmsoft.cn/assistcenter/$tQ
API String ID: 931011979-1626683711
Opcode ID: 9863e7cbd008977e56a4596ce73d28f9496f93effa71b78e22e52123355f0da7
Instruction ID: 98b2e4058b7ed827d060ccf52124d6a12f95489a41f148f5d53d8d57e76f67bb
Opcode Fuzzy Hash: 9863e7cbd008977e56a4596ce73d28f9496f93effa71b78e22e52123355f0da7
Instruction Fuzzy Hash: EFC14370A002098BDB00EFA8D489BDEBBB5FF89304F148176E805AF396DB759D46CB55

Function 0046383C Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 263synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 004638D5
ReleaseMutex.KERNEL32(00000000), ref: 00463B28

Strings

%c%02d%c%02d.log, xrefs: 004639DB
The log file exceeds the limit length and is reset, xrefs: 00463AC7
ab+, xrefs: 00463A7C
ab+, xrefs: 00463A22
[%04d-%02d-%02d, xrefs: 00463971
ab+, xrefs: 00463AEA
@, xrefs: 00463A55
%c%02d%c%02d.log, xrefs: 0046393A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MutexObjectReleaseSingleWait
String ID: %c%02d%c%02d.log$%c%02d%c%02d.log$@$The log file exceeds the limit length and is reset$[%04d-%02d-%02d$ab+$ab+$ab+
API String ID: 2017088797-1307308133
Opcode ID: 5c368bec9de0ca6b9eaf7bb04c140d3bbfb798937c8f9a0c098cc3630ef3ca51
Instruction ID: 20932021f6be3798b899503055e8c9d8ab73c0b158eb9aef5bc216bf31b71a86
Opcode Fuzzy Hash: 5c368bec9de0ca6b9eaf7bb04c140d3bbfb798937c8f9a0c098cc3630ef3ca51
Instruction Fuzzy Hash: F5911572A003459BD704EFA4DCD5E6B3BA9BB54302F14611AFC41A7282E778DE08DB66

Function 00471674 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 195COMMON

Download Yara Rule

APIs

Part of subcall function 004CB4F4: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,?,00000000,004CB68E), ref: 004CB560

@TSyncUart@Open$qqrv.Z39UARTASSIST ref: 00471760
@TSyncUart@Close$qqrv.Z39UARTASSIST ref: 00471753

Part of subcall function 00470FE8: CloseHandle.KERNEL32(?,?,00470EA8), ref: 00470FF9

@TSyncUart@Close$qqrv.Z39UARTASSIST ref: 004717DF
@TSyncUart@Open$qqrv.Z39UARTASSIST ref: 004717EC
@TSyncUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST ref: 0047188E

Strings

SOFTWARE\CMSOFT\, xrefs: 004716CF
COMPort, xrefs: 00471779
COM, xrefs: 00471830
\, xrefs: 004718EA
COMPort, xrefs: 004717AF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: SyncUart@$Close$qqrvOpen$qqrv$CloseHandleOpenOptionsoSettings$qqrp12UartUpdate
String ID: COM$COMPort$COMPort$SOFTWARE\CMSOFT\$\
API String ID: 4265800004-3481757975
Opcode ID: 8291a7cc10a28825ee163d60f905c516413a857b9da85a66d881ab61fc811ae2
Instruction ID: 4da1aaf21a3e4474e913d7475400c4631fbd5666a02ba1850d31dbf7c067e56a
Opcode Fuzzy Hash: 8291a7cc10a28825ee163d60f905c516413a857b9da85a66d881ab61fc811ae2
Instruction Fuzzy Hash: 3E719234D002498BCB10EFA8C495AEEFBF4FF49308F10C55AE8446B362D775594ACB69

Function 0045F3A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 133fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(0057E1C5,C0000000,00000001,00000000,00000004,00000080,00000000), ref: 0045F3D3
SetFilePointer.KERNEL32(?,00000004,00000000,00000002,0057E1C5,C0000000,00000001,00000000,00000004,00000080), ref: 0045F443
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00000004,00000000,00000002,0057E1C5,C0000000,00000001,00000000,00000004,00000080), ref: 0045F45B
WriteFile.KERNEL32(?,<?xml version="1.0" encoding="gb2312"?><Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xml,00000080,0000001F,00000000,0057E23A,C0000000,00000001,00000000,00000002,00000080,00000000,?,?,C0000000,00000004), ref: 0045F475
WriteFile.KERNEL32(?,</Table></Worksheet></Workbook>,00000004,00000080,00000000,?,<?xml version="1.0" encoding="gb2312"?><Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xml,00000080,0000001F,00000000,0057E23A,C0000000,00000001,00000000,00000002,00000080), ref: 0045F48F
ReadFile.KERNEL32(?,C0000000,00000004,00000004,00000000,?,00000004,00000000,00000002,0057E1C5,C0000000,00000001,00000000,00000004,00000080), ref: 0045F4AE
CloseHandle.KERNEL32(?,?,C0000000,00000004,00000004,00000000,?,00000004,00000000,00000002,0057E1C5,C0000000,00000001,00000000,00000004,00000080), ref: 0045F4E0
CreateFileA.KERNEL32(0057E23A,C0000000,00000001,00000000,00000002,00000080,00000000,?,?,C0000000,00000004,00000004,00000000,?,00000004,00000000), ref: 0045F50A

Strings

</Table></Worksheet></Workbook>, xrefs: 0045F486, 0045F4C6
<?xml version="1.0" encoding="gb2312"?><Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xml, xrefs: 0045F46C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite$CloseHandleRead
String ID: </Table></Worksheet></Workbook>$<?xml version="1.0" encoding="gb2312"?><Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xml
API String ID: 2991360132-2954316497
Opcode ID: 02ca27c2278042eb8288b1c4bf40717fb2625d928c3fb31c9c2b422c932a18c7
Instruction ID: ad010e9df957beb127c5150076cae7b68c20f6eca069d44724efbcd9326aa3cb
Opcode Fuzzy Hash: 02ca27c2278042eb8288b1c4bf40717fb2625d928c3fb31c9c2b422c932a18c7
Instruction Fuzzy Hash: C741A271204300BAE724DE54CC86FAB37E9AB95700F108519FA45CF2D2D7B4E94DDB96

Function 0047F760 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 54networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 0047F782
htons.WS2_32(?), ref: 0047F7A5
@TcmSocket@ServerClientAppend$qqrpucusi.Z39UARTASSIST(?,00000000,?,?), ref: 0047F7B4

Part of subcall function 0047DD50: @TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047DD64
Part of subcall function 0047DD50: GetTickCount.KERNEL32 ref: 0047DDB9
Part of subcall function 0047DD50: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047DDF2
Part of subcall function 0047DD50: @TcmSocket@ComboBox_ServerClientInsert$qqrp9TInetAddr.Z39UARTASSIST ref: 0047DE05

@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(?,?), ref: 0047F790

Part of subcall function 00480C48: WSAGetLastError.WS2_32(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C57
Part of subcall function 00480C48: @TcmSocket@ShowError$qqrpci.Z39UARTASSIST(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C93

accept.WS2_32(?,?), ref: 0047F7CB
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST ref: 0047F7D9
htons.WS2_32(?), ref: 0047F7EE
@TcmSocket@ServerClientAppend$qqrpucusi.Z39UARTASSIST(?,00000000), ref: 0047F7FD

Strings

accept() failed, xrefs: 0047F7D2
accept() failed, xrefs: 0047F789

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$ClientErrorServer$Append$qqrpucusiCheck$qqripcaccepthtons$AddrBox_Client$qqrvComboCountError$qqrpciInetInsert$qqrp9LastLockMultiReleaseSemaphoreShowTick
String ID: accept() failed$accept() failed
API String ID: 3194161817-1440325827
Opcode ID: 6b9428697f7145bd46306e65ffd3df6aaae38d527a55352d183f796852a1e910
Instruction ID: 2e13ebef0fb36a1bc46cc61b603d72222632b66936d5c80d3db0e26b69e4b912
Opcode Fuzzy Hash: 6b9428697f7145bd46306e65ffd3df6aaae38d527a55352d183f796852a1e910
Instruction Fuzzy Hash: B101C47560411016C7047F3888C2AEA25C8AF89324F448B7AED9A9F396FA784C4983E6

Function 00412984 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 360synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF,?,?), ref: 004129BB
ReleaseMutex.KERNEL32(00000000,?,?), ref: 00412DF7

Strings

SCRIPT ERROR> Not engough script parsing buffer, xrefs: 00412A9C
SCRIPT ERROR> Corrupt script expression, xrefs: 00412B2F
SCRIPT ERROR> Not engough script parsing buffer, xrefs: 00412C51
SCRIPT ERROR> Unresolved script expression!!!, xrefs: 00412D8A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MutexObjectReleaseSingleWait
String ID: SCRIPT ERROR> Corrupt script expression$SCRIPT ERROR> Not engough script parsing buffer$SCRIPT ERROR> Not engough script parsing buffer$SCRIPT ERROR> Unresolved script expression!!!
API String ID: 2017088797-3237111483
Opcode ID: 851bec8312ede03cb610845a5a10bbd9da80f1ed78d878c4281997285db15b82
Instruction ID: e0a66613111dbb72512c75bd6a1ff4f825b086aaebc27d34b99d2812f829842d
Opcode Fuzzy Hash: 851bec8312ede03cb610845a5a10bbd9da80f1ed78d878c4281997285db15b82
Instruction Fuzzy Hash: D6E17E78D052089FCB18CF98E6D18EDBBB5FF49310F24911AE401E7361D7789896CB59

Function 004B72B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 208windowCOMMON

Download Yara Rule

APIs

@TCGauge@PaintBackground$qqrp16Graphics@TBitmap.Z39UARTASSIST ref: 004B7364
InflateRect.USER32(?,000000FF,000000FF), ref: 004B7395
@TCGauge@PaintBackground$qqrp16Graphics@TBitmap.Z39UARTASSIST ref: 004B73C4
@TCGauge@PaintAsNothing$qqrp16Graphics@TBitmaprx11Types@TRect.Z39UARTASSIST ref: 004B73F4
@TCGauge@PaintAsText$qqrp16Graphics@TBitmaprx11Types@TRect.Z39UARTASSIST(00000000), ref: 004B74B1

Strings

, xrefs: 004B72ED

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Gauge@Graphics@Paint$Rect$Background$qqrp16BitmapBitmaprx11Types@$InflateNothing$qqrp16Text$qqrp16
String ID:
API String ID: 2844903813-3916222277
Opcode ID: 1a332ce7cf34b22f10fb7c8ade4b5998e6bac97f2eee3b13f5537dea6c31af38
Instruction ID: ad599f7f1510a085bf29a29ac2089339bc84c9b3b4333441a3259e52c255f475
Opcode Fuzzy Hash: 1a332ce7cf34b22f10fb7c8ade4b5998e6bac97f2eee3b13f5537dea6c31af38
Instruction Fuzzy Hash: 5071D775918208ABCB04EBB8D885DDEBBB9FF94314F10459FF401A7251DF38AA45CB68

Function 0047CA2C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

udp, xrefs: 0047CAEE, 0047CAF7
65535, xrefs: 0047CA32

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: 65535$udp
API String ID: 0-1267037602
Opcode ID: a957b6aaf6f119413e02d6306b6ab6644dd28b0e3b0051ce3e41c95d5a0ccf02
Instruction ID: ea846fbcf17ed9d19d50a8df419e30a191950caec39aeaca3c46765f96d18546
Opcode Fuzzy Hash: a957b6aaf6f119413e02d6306b6ab6644dd28b0e3b0051ce3e41c95d5a0ccf02
Instruction Fuzzy Hash: 7451F43160020A8FDB29DA68D8867FB36A5BB44300F14C52FFC099B2D1DABCDD41D79A

Function 004A5898 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,02465798,00570DB0,00000000), ref: 004A593D
GetTickCount.KERNEL32 ref: 004A59FC

Strings

images/assist_dll.raw, xrefs: 004A5986
{3D, xrefs: 004A599F, 004A59E9
?id=, xrefs: 004A5A12
assist.sys, xrefs: 004A58EF
D, xrefs: 004A59F6
http://www.cmsoft.cn/assistcenter/, xrefs: 004A599A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountFreeLibraryTick
String ID: ?id=$D$assist.sys$http://www.cmsoft.cn/assistcenter/$images/assist_dll.raw${3D
API String ID: 2362339246-3149051036
Opcode ID: 3258f9396e2634bd1c7e0e1a70c1c099085a68ab1c547d1216fb74ca067be5f3
Instruction ID: d831a26f15cbb1659599778ddf9e98d5aa72699180e297055c752e1c3ea69681
Opcode Fuzzy Hash: 3258f9396e2634bd1c7e0e1a70c1c099085a68ab1c547d1216fb74ca067be5f3
Instruction Fuzzy Hash: C6612C70D0010EDACF01EFA4D58A6EEFBB9FF98304F20816AD41577252DB349A4ADB65

Function 004755FC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87windowCOMMON

Download Yara Rule

APIs

@TcmForm@limit_max_height$qqrv.Z39UARTASSIST ref: 00475624
LoadBitmapA.USER32(?,dlgRestore), ref: 00475637
PostMessageA.USER32(00000000,00000112,0000F030,00000000), ref: 00475666
PostMessageA.USER32(00000000,00000112,0000F120,00000000), ref: 004756D0
LoadBitmapA.USER32(?,dlgMax), ref: 004756E3

Strings

Restore, xrefs: 00475681
dlgRestore, xrefs: 00475629
dlgMax, xrefs: 004756D5
Maximize, xrefs: 00475710

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoadMessagePost$Form@limit_max_height$qqrv
String ID: Maximize$Restore$dlgMax$dlgRestore
API String ID: 2368407926-4238520546
Opcode ID: 48339364b77cbcba52d27ab0cf7d838b2571979ee5f68c66580dd68b08a9608e
Instruction ID: ff813258eb19d097fcc2a3d3a190badcca140e5659c90878c0b39107863bbc8a
Opcode Fuzzy Hash: 48339364b77cbcba52d27ab0cf7d838b2571979ee5f68c66580dd68b08a9608e
Instruction Fuzzy Hash: A531817060020A9BCB10FB64C88ABEE7BA5BF94305F548176FC08AF386DF749905CB65

Function 0050E8BF Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON

Download Yara Rule

APIs

SelectObject.GDI32(?,?), ref: 0050E8CF
FillRect.USER32(?,?,?), ref: 0050E96C
SetTextColor.GDI32(?,00000000), ref: 0050E984
SetBkColor.GDI32(?,00000000), ref: 0050E99E
SetDIBColorTable.GDI32(?,00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,00000000,00000000,0050EB2C), ref: 0050E9E6
PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 0050EA08

Part of subcall function 00509578: GetSysColor.USER32(8B0050AE), ref: 00509582

SelectObject.GDI32(?,00000000), ref: 0050EA3E
SetTextColor.GDI32(?,00000000), ref: 0050EA83
SetBkColor.GDI32(?,00000000), ref: 0050EA9D
SelectObject.GDI32(?,00000000), ref: 0050EAE1
DeleteDC.GDI32(?), ref: 0050EAFC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Color$ObjectSelect$Text$DeleteFillRectTable
String ID:
API String ID: 2719334733-0
Opcode ID: 8284566e35cbc8c6063394014278ee61b845507596d30ef5c395d32b4092e60b
Instruction ID: a4666a5af2eb62d92123dc6c74263e40a720f7f65df1b061bfa3ed5715fd0138
Opcode Fuzzy Hash: 8284566e35cbc8c6063394014278ee61b845507596d30ef5c395d32b4092e60b
Instruction Fuzzy Hash: FD61B675A00205AFDB11EFA8C88AF9EBBBCFB49710F558455F504EB292C675ED40CB60

Function 0047E6FC Relevance: 15.1, APIs: 10, Instructions: 95networkCOMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047E709

Part of subcall function 0047DD14: WaitForSingleObject.KERNEL32(?,00000000,?,?,0047FB39), ref: 0047DD2F

GetTickCount.KERNEL32 ref: 0047E71F
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047E75A
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047E77E
getpeername.WS2_32(?,?,0000001C), ref: 0047E7A1
htons.WS2_32(?), ref: 0047E7B2
@TcmSocket@ServerClientAppend$qqrpucusi.Z39UARTASSIST(?,?,?,?,0000001C), ref: 0047E7C1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphoreSocket@$Append$qqrpucusiClientClient$qqrvCountLockMultiObjectServerSingleTickWaitgetpeernamehtons
String ID:
API String ID: 2511304031-0
Opcode ID: 1822b2a7b1b19e49ebaceb82bd57353bf68ce8c9a33c400645eb2bb941e684e0
Instruction ID: 3a82808f130826790ad581cd9d1f35632bdc9dbc20462036a83cc78b9a89c645
Opcode Fuzzy Hash: 1822b2a7b1b19e49ebaceb82bd57353bf68ce8c9a33c400645eb2bb941e684e0
Instruction Fuzzy Hash: CC317E71600305ABD724EF25C885BEBBBE8AF88700F10CA5EF59E87351D778A980D755

Function 004743A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 463windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(?,00000401,00000002,00000002), ref: 004743D5
@TcmForm@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(?,0245661C,?), ref: 004744B4
@TcmForm@setSizeable$qqro.Z39UARTASSIST ref: 004744EA

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

Part of subcall function 004EFCF0: SendMessageA.USER32(00000000,000000CC,?,00000000), ref: 004EFD37

Part of subcall function 0052D298: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

Part of subcall function 00534424: GetWindowLongA.USER32(?,000000F0), ref: 0053444C
Part of subcall function 00534424: SetWindowLongA.USER32(?,000000F0,00000000), ref: 00534469

Part of subcall function 004EFD78: SendMessageA.USER32(00000000,000000CF,?,00000000), ref: 004EFDAB

Strings

'V, xrefs: 0047492C, 0047493A, 00474948
, xrefs: 004749BD
H7G, xrefs: 004744D5
hYX, xrefs: 004744AF
'V, xrefs: 00474484

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$CallbackDispatcherLongSendUserWindow$Classes@ComponentForm@$bctr$qqrp18Form@setPostSizeable$qqro
String ID: $'V$'V$H7G$hYX
API String ID: 357293923-341199040
Opcode ID: 54adc6a66307a198b33d1fd36ac186bd4ec5916e28a9f49023db0af0d0f6af91
Instruction ID: 668169af4ffae739dccadb7b9e11bfde9df5fc24b7c912ee17d8ceeef9f01b04
Opcode Fuzzy Hash: 54adc6a66307a198b33d1fd36ac186bd4ec5916e28a9f49023db0af0d0f6af91
Instruction Fuzzy Hash: 7D121B74A002458BCB04EF69D4C5A9D7BB2BF85304F2481A5EC089F3ABC775EC46CB95

Function 0050FB08 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 351COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,00000000,00510025,?,?,?,?,?), ref: 0050FD72
SelectObject.GDI32(?,00000000), ref: 0050FDF6
GetLastError.KERNEL32(?,?,00000004,?,?,00000000,00000000,0050FEAF,?,?,00000000,?,00000001,00000001,?,00000000), ref: 0050FE64
SelectObject.GDI32(?,?), ref: 0050FEA3
DeleteObject.GDI32(00000000), ref: 0050FEA9

Strings

BM, xrefs: 0050FC2C
(, xrefs: 0050FCC1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object$Select$A570DeleteErrorLast
String ID: ($BM
API String ID: 2612784382-2980357723
Opcode ID: 330b158fe2464c63395ed4c6b83f1d55be7aeecbdb25091ea25a9aaa78e90ecd
Instruction ID: ca1027da03a9fed36d50e9a6676cee11cb9bf5bc55b82ec0f4f591e57d35be77
Opcode Fuzzy Hash: 330b158fe2464c63395ed4c6b83f1d55be7aeecbdb25091ea25a9aaa78e90ecd
Instruction Fuzzy Hash: 07D13874A002099FDF14DFA8C895AAEBBF5FF89700F148469F904EB691D734AC80CB61

Function 0043C75C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON

Download Yara Rule

APIs

Part of subcall function 0052D298: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406355), ref: 0052D2AB

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

@Cmcheckbutton@TcmCheckButton@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0043C87B
@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST(00000000), ref: 0043C8B7
@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST(00000000), ref: 0043C8DE
@Cmcheckbutton@TcmCheckButton@SetTrafficLightColor$qqr15Graphics@TColort1t1.Z39UARTASSIST(00808080), ref: 0043C8F9
@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST(00000000), ref: 0043C919
@Cmcheckbutton@TcmCheckButton@AutoAdjustSize$qv.Z39UARTASSIST(00000000), ref: 0043C94B

Strings

000, xrefs: 0043CA14
, xrefs: 0043C8C4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CheckCmcheckbutton@$Button@$AdjustAutoSize$qv$CallbackDispatcherUser$Button@$bctr$qqrp18Classes@Color$qqr15Colort1t1ComponentGraphics@LightTraffic
String ID: $000
API String ID: 3245846921-4115071935
Opcode ID: 7dd678e3e8976a73bb314aaa0c6a49fd9be6a32d68a2ecab8e454df7f8452116
Instruction ID: bf2d1d1cd776ec3d46e4af71373b8afecf78805b86d913d8dfe95e8b93320af7
Opcode Fuzzy Hash: 7dd678e3e8976a73bb314aaa0c6a49fd9be6a32d68a2ecab8e454df7f8452116
Instruction Fuzzy Hash: 02916E74A002058FDB14EF68D4C8BDDBBB1BF89308F14807AE919AB396C7359C45CB99

Function 004970B4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 004970ED
htons.WS2_32(?), ref: 00497119
htons.WS2_32(?), ref: 004971A6
htons.WS2_32(00000000), ref: 004971B4
htons.WS2_32(?), ref: 0049725C
htons.WS2_32(?), ref: 0049726D
htons.WS2_32(?), ref: 00497293

Strings

, xrefs: 004972A4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: htons
String ID:
API String ID: 4207154920-3916222277
Opcode ID: 638a0d3b6d5f2f72f2cc817d77cdec966568191c39099656180560d439677431
Instruction ID: 430e7f12b12c9dd4ad67bd663f13e5eec63ad93c15a1e96f40555307d167f0c2
Opcode Fuzzy Hash: 638a0d3b6d5f2f72f2cc817d77cdec966568191c39099656180560d439677431
Instruction Fuzzy Hash: BD71C435A14249DBCF04EFA4C4959EEFBB5FF89300B1481AAE805AB316D734ED05CB65

Function 0041504C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149COMMON

Download Yara Rule

APIs

@Cmlabel@TcmLabel@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0041506E

Part of subcall function 00484910: @Cmlabel@TFontEffect@$bctr$qqrv.Z39UARTASSIST(?), ref: 00484949

@Cmlabel@TcmLabel@DoSetAutoSize$qqro.Z39UARTASSIST ref: 00415079

Part of subcall function 00484BAC: @Cmlabel@TcmLabel@AutoAdjustSize$qqrv.Z39UARTASSIST ref: 00484BC5

@Cmlabel@TcmLabel@SetAlignment$qqr18Classes@TAlignment.Z39UARTASSIST ref: 0041509D

Part of subcall function 00484B48: @Cmlabel@TcmLabel@AutoAdjustSize$qqrv.Z39UARTASSIST ref: 00484B5B

@Cmlabel@TcmLabel@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0041516B
@Cmlabel@TcmLabel@DoSetAutoSize$qqro.Z39UARTASSIST ref: 00415176
@Cmlabel@TcmLabel@SetAlignment$qqr18Classes@TAlignment.Z39UARTASSIST ref: 00415197

Strings

Authorized Privileges?, xrefs: 0041521F
Authenticate by User Account, xrefs: 00415125

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cmlabel@$Label@$AutoClasses@$AdjustAlignmentAlignment$qqr18ComponentLabel@$bctr$qqrp18Size$qqroSize$qqrv$Effect@$bctr$qqrvFont
String ID: Authenticate by User Account$Authorized Privileges?
API String ID: 3648685976-748096924
Opcode ID: 98db26e1ce143a4307d0d1e9f732ade9e1fe5ae77f51588a7cac4914beb78e51
Instruction ID: 65f83db367eb376e18239e502c421642a2bfb000b1d388fac1ea1baa1e123ba1
Opcode Fuzzy Hash: 98db26e1ce143a4307d0d1e9f732ade9e1fe5ae77f51588a7cac4914beb78e51
Instruction Fuzzy Hash: A3516B746002068BD700EF68C8857DE7BB5BF89304F1041B9E9459F396DB75AC4ACB94

Function 004035AC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,0000FFE3,-0058FA1D,0000FFE3,005DFA4C,0056B57C,00000000), ref: 004035F5
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,0000FFE3,00000000,00000000,005DFA4C,0056B57C,00000000), ref: 00403615
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,0000FFE3,00000000,00000000,00000000,00000000,00000000,0000FFE3,00000000,00000000,005DFA4C,0056B57C,00000000), ref: 00403643
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,0059FA00,0001FFC6,005DFA4C,0056B57C,00000000), ref: 00403661
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,b+@,00000000,00000000,00000000,00000000,00000000,0000FFE3,00000000,00000000,00000000,00000000), ref: 00403685
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0000FDE9,00000000,00000000,00000000,00000000,b+@,00000000,00000000), ref: 004036A9
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,b+@,00000000,00000000,0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004036D1

Strings

b+@, xrefs: 00403674, 00403693, 004036B0, 004036D6, 004036EA, 00403677, 004036B5, 004036C3, 004036D9

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide
String ID: b+@
API String ID: 626452242-3032382117
Opcode ID: 4820a0a75e2bf476c8fd3779b80016085da0b8406c32ca68cf152d2e82196442
Instruction ID: 8573119aa07f5121c3997c493cbf6db6b3ab9e8cee12732c8da7be85d7fe3c89
Opcode Fuzzy Hash: 4820a0a75e2bf476c8fd3779b80016085da0b8406c32ca68cf152d2e82196442
Instruction Fuzzy Hash: B0416A757442067BEB20DE989C86FAF3B9DEB85751F148036FA08BF2C1C5B4AD014769

Function 00447E44 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130windowCOMMON

Download Yara Rule

APIs

@TcmTrayIcon@SetAnimate$qqro.Z39UARTASSIST(?,?), ref: 00447F8C
@TcmImageSlider@SetImageIndex$qqri.Z39UARTASSIST(?,?), ref: 00447FB6
@TcmTrayIcon@SetAnimate$qqro.Z39UARTASSIST(?,?), ref: 00447FCB
@TcmTrayIcon@SetIcon$qqrp14Graphics@TIcon.Z39UARTASSIST(?,?), ref: 00447FE4
@TcmImageSlider@SetImageIndex$qqri.Z39UARTASSIST(?,?), ref: 0044800B

Strings

, xrefs: 00447EEC
Open, xrefs: 00447EBF
Close, xrefs: 00447E7A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Image$Icon@Tray$Animate$qqroIndex$qqriSlider@$Graphics@IconIcon$qqrp14
String ID: $Close$Open
API String ID: 146989294-122598363
Opcode ID: 2814680cea603b04ac1691d91b66ea1138c3ab1e13a4e5da03db1be03e84606d
Instruction ID: 60706f61da78f1756febc3528114eb4d428e862bc2fe34e682a390079ebb1bf3
Opcode Fuzzy Hash: 2814680cea603b04ac1691d91b66ea1138c3ab1e13a4e5da03db1be03e84606d
Instruction Fuzzy Hash: 1B51C0746041458BE700EF24D4857AA7BB2FF85304F2881B6D8489B3A7CB798D4EDB69

Function 0047F4D0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 0047F4ED
connect.WS2_32(00000011,?,0000001C), ref: 0047F521
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000011,?,0000001C,?,00000011,00000011), ref: 0047F52F

Part of subcall function 00480C48: WSAGetLastError.WS2_32(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C57
Part of subcall function 00480C48: @TcmSocket@ShowError$qqrpci.Z39UARTASSIST(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C93

htons.WS2_32(?), ref: 0047F55A
connect.WS2_32(00000011,00000002,00000010), ref: 0047F576
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000011,00000002,00000010,?), ref: 0047F584

Strings

connect() failed, xrefs: 0047F57D
connect() failed, xrefs: 0047F528

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorSocket@$Check$qqripcconnecthtons$Error$qqrpciLastShow
String ID: connect() failed$connect() failed
API String ID: 2082332313-504624167
Opcode ID: 304df6a2cdfeb5212f54584f7988ac3f847f24f8f5df882b1191e56af7564088
Instruction ID: f22feb7388138ed8a50f6ef9f0ac68b0bb79c28eb12ad0fbfb37cdb674704187
Opcode Fuzzy Hash: 304df6a2cdfeb5212f54584f7988ac3f847f24f8f5df882b1191e56af7564088
Instruction Fuzzy Hash: 5E11A57121020596DB44EFB4C8C2BD637A8BF88300F1CC579AD4D9F24BDAB48485D774

Function 0050B348 Relevance: 13.6, APIs: 9, Instructions: 131windowCOMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 0050B389
73A1A570.USER32(00000000,?,00000018,?,00000000,0050B496,?,00000000,00000000,?,00000000,?), ref: 0050B3AC
SelectObject.GDI32(?,?), ref: 0050B41A
SelectObject.GDI32(0050BCCC,00000000), ref: 0050B429
StretchBlt.GDI32(0050BCCC,00000000,00000000,?,?,?,00000000,00000000,00000004,?,00CC0020), ref: 0050B455
SelectObject.GDI32(?,00000000), ref: 0050B463
SelectObject.GDI32(0050BCCC,00000000), ref: 0050B471
DeleteDC.GDI32(?), ref: 0050B487
DeleteDC.GDI32(0050BCCC), ref: 0050B490

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object$Select$Delete$A570Stretch
String ID:
API String ID: 1268976527-0
Opcode ID: c845c295858798944110c23ea20b694058ba367a00c738697a0aeaf0f321959b
Instruction ID: 7667d25a189fe37eff239463f1fef0e9a2cc0a368ea4cbf87d2069d204335575
Opcode Fuzzy Hash: c845c295858798944110c23ea20b694058ba367a00c738697a0aeaf0f321959b
Instruction Fuzzy Hash: E941DA75A40209AFEB50EAE8C896FAEBBBDFB49700F514415B614E7281D6759E008B60

Function 0047F594 Relevance: 13.6, APIs: 9, Instructions: 120timenetworkCOMMON

Download Yara Rule

APIs

@TcmSocket@ControlHBCheckTimer$qqro.Z39UARTASSIST(?,00000001), ref: 0047F5B8

Part of subcall function 0047E810: SetTimer.USER32(?,00000001,?,00000000), ref: 0047E849

@TcmSocket@IsEmptyAddr$qqrp9TInetAddr.Z39UARTASSIST(?,00000001), ref: 0047F5D2
getsockname.WS2_32(00000011,?,0000001C), ref: 0047F605
@TcmSocket@ip_ntoa$qqrpx6IPDATApco.Z39UARTASSIST(?,00000001), ref: 0047F634
htons.WS2_32(?), ref: 0047F672
KillTimer.USER32(?,00000003,?,00000001), ref: 0047F719

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@Timer$AddrAddr$qqrp9ApcoCheckControlEmptyInetKillSocket@ip_ntoa$qqrpx6Timer$qqrogetsocknamehtons
String ID:
API String ID: 985583281-0
Opcode ID: 739e4a57b882156de1a761d053dfec345e46b659ce7b9547e239bc94ff9e9266
Instruction ID: 2cf8ab8349858961be5e86f057d867a358fba929034930eb3bfff5141c682bb7
Opcode Fuzzy Hash: 739e4a57b882156de1a761d053dfec345e46b659ce7b9547e239bc94ff9e9266
Instruction Fuzzy Hash: EA419E709006469AC720EB74C844BEFBBF9BF84300F008D2EE4AA57251EB74694ACB95

Function 00478D9C Relevance: 13.6, APIs: 9, Instructions: 56synchronizationthreadCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?,?,?,004788A8), ref: 00478DBD
SetEvent.KERNEL32(?,?,?,?,004788A8), ref: 00478DC8
SetCommMask.KERNEL32(?,00000000,?,?,?,?,004788A8), ref: 00478DD5
CloseHandle.KERNEL32(?,?,00000000,?,?,?,?,004788A8), ref: 00478DE0
WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,?,?,?,?,004788A8), ref: 00478DF0
ReleaseMutex.KERNEL32(?,?,000000FF,?,?,00000000,?,?,?,?,004788A8), ref: 00478E11
WaitForSingleObject.KERNEL32(?,000000FF,?,000000FF,?,?,00000000,?,?,?,?,004788A8), ref: 00478E21
ReleaseMutex.KERNEL32(?,?,000000FF,?,000000FF,?,?,00000000,?,?,?,?,004788A8), ref: 00478E42
@cmSerialCommDriver32@TcmUart@LaunchThreads$qqro.Z39UARTASSIST(?,000000FF,?,000000FF,?,?,00000000,?,?,?,?,004788A8), ref: 00478E4C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommEventMutexObjectReleaseSingleWait$CloseDriver32@HandleLaunchMaskResetSerialThreads$qqroUart@
String ID:
API String ID: 1183545986-0
Opcode ID: fafd286c0dee550cada0de7f98a929b3cd0706b57bb2dfb83324a585127757f4
Instruction ID: 6e04ea8c939e93bea78a983525a1dc547a098b61aee1e99448d14bff2d3a5811
Opcode Fuzzy Hash: fafd286c0dee550cada0de7f98a929b3cd0706b57bb2dfb83324a585127757f4
Instruction Fuzzy Hash: 83212E35504005EBCB05EBA8CE45F9DBBB6BF84314F2042A9F1189B2B2DF319E42EB44

Function 00478E60 Relevance: 13.5, APIs: 9, Instructions: 49threadtimeCOMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@UpdateCommTimeouts$qqrv.Z39UARTASSIST ref: 00478E8C

Part of subcall function 00478B44: SetCommTimeouts.KERNEL32(?,?), ref: 00478B8F

ResetEvent.KERNEL32(?), ref: 00478E9D
SetEvent.KERNEL32(?,?), ref: 00478EA8
ResetEvent.KERNEL32(?,?,?), ref: 00478EBD
SetEvent.KERNEL32(?,?,?,?), ref: 00478EC8
@cmSerialCommDriver32@TcmUart@LaunchThreads$qqro.Z39UARTASSIST(?,?), ref: 00478EB2

Part of subcall function 00478EF8: CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478F39
Part of subcall function 00478EF8: CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478F72
Part of subcall function 00478EF8: CreateThread.KERNEL32(00000000,00002000,?,?,00000000,00000000), ref: 00478FAB

@cmSerialCommDriver32@TcmUart@LaunchThreads$qqro.Z39UARTASSIST ref: 00478ED4
@cmSerialCommDriver32@TcmUart@NotifyCommError$qqri.Z39UARTASSIST ref: 00478EE5
@cmSerialCommDriver32@TcmUart@Close$qqrv.Z39UARTASSIST ref: 00478EED

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@SerialUart@$Event$CreateThread$LaunchResetThreads$qqro$Close$qqrvError$qqriNotifyTimeoutsTimeouts$qqrvUpdate
String ID:
API String ID: 1898117476-0
Opcode ID: d8143fab02cb319f058224bf9d545da3bf06d9196a1162998d9bb33d1668e478
Instruction ID: 334013ab566967609b1a697080961f18655f8d5fc3dbd360a86ca3f979b4b200
Opcode Fuzzy Hash: d8143fab02cb319f058224bf9d545da3bf06d9196a1162998d9bb33d1668e478
Instruction Fuzzy Hash: 30117731904088EBDB51EBA8C54A9DDBBB2BF45304F2480DDE4546B363CB359F41E748

Function 004118EC Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 357COMMON

Download Yara Rule

Strings

Unresolved response expression!!!, xrefs: 00411CE9
Not engough response buffer, xrefs: 00411BE4
Corrupt response pattern, xrefs: 00411ACF
Not engough response buffer, xrefs: 00411A46

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend
String ID: Corrupt response pattern$Not engough response buffer$Not engough response buffer$Unresolved response expression!!!
API String ID: 3850602802-2396646025
Opcode ID: b4409134b50516c0ea69e916d4a1dac5f0c33edd5a5d9ea481b82bc27f325e3b
Instruction ID: 64120a4abf1b30e22f612dd1c92f668aad55bb6aa15ed5352b400c0374dd3b6b
Opcode Fuzzy Hash: b4409134b50516c0ea69e916d4a1dac5f0c33edd5a5d9ea481b82bc27f325e3b
Instruction Fuzzy Hash: 5DD13D786092419FC314CF19C49196BB7F5BFA9314F24895EE6D587321E338E886CF8A

Function 004AEF10 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 254COMMON

Download Yara Rule

APIs

@TcmEdit@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(?,00000000,00000000), ref: 004AEFCE

Strings

Debounce, xrefs: 004AEFAE, 004AEFB3
AUTO, xrefs: 004AF060
It is recommended to set it above 1000ms, otherwise there is a risk of blue screen!, xrefs: 004AF01C
ms (, xrefs: 004AF0EE
Serial hot-swap options, xrefs: 004AEF66
VJ, xrefs: 004AF021, 004AF03D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Classes@ComponentEdit@$bctr$qqrp18
String ID: AUTO$Debounce$It is recommended to set it above 1000ms, otherwise there is a risk of blue screen!$Serial hot-swap options$VJ$ms (
API String ID: 2056218710-4166863433
Opcode ID: 510b13da244ffd327ee2d9b06ffa1d74e48fc6499c7641d32d8487e846372cf3
Instruction ID: 4af3f4c28480f63d36eea478739303090945db536db2d7df69cbf77751a3db29
Opcode Fuzzy Hash: 510b13da244ffd327ee2d9b06ffa1d74e48fc6499c7641d32d8487e846372cf3
Instruction Fuzzy Hash: E5A18370A001099BDB44EF94C4857EEBBB5FF98304F2081A6E801AB396DB38DE16DB55

Function 00474AA8 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 246windowCOMMON

Download Yara Rule

APIs

@Cmbitmap@TcmBitmap@$bctr$qqrv.Z39UARTASSIST ref: 00474BA9

Part of subcall function 00509D20: MulDiv.KERNEL32(0000000B,?,00000048), ref: 00509D2D

Strings

About..., xrefs: 00474D5B
dlgHelp, xrefs: 00474D26
Window always on top, xrefs: 00474C1D
Cancel always on top, xrefs: 00474CBC
dlgToggleOn, xrefs: 00474C87
dlgToggleOff, xrefs: 00474BE8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Bitmap@$bctr$qqrvCmbitmap@
String ID: About...$Cancel always on top$Window always on top$dlgHelp$dlgToggleOff$dlgToggleOn
API String ID: 1434127231-1011513256
Opcode ID: 7af7c1aa1f62cc8d5ff29f124b5dcebda806ea4ce42259e7f28c79e386082036
Instruction ID: 1b95c449ca97225107dd68e3ee6865c3633b4ee47dc9df111ebb0af7247acb8a
Opcode Fuzzy Hash: 7af7c1aa1f62cc8d5ff29f124b5dcebda806ea4ce42259e7f28c79e386082036
Instruction Fuzzy Hash: D3A1A4705002068BDB50EF54C486BEEBBF5FF94304F1486A9ED446B386EB75DA06CBA1

Function 004D7D44 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004D7DDD
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004D7DF9
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 004D7E32
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004D7EAF
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004D7EC8
VariantCopy.OLEAUT32(?), ref: 004D7EFD

Strings

, xrefs: 004D7D5E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-3916222277
Opcode ID: 4bfcbe52899001bc3ece2cbb1380738b48f422fa4d72e0de6ccb9cba5f5afba6
Instruction ID: d22a4d8d0b2e7035bedb7195ddcdc737dc313482331ff9d167a91180ed58927e
Opcode Fuzzy Hash: 4bfcbe52899001bc3ece2cbb1380738b48f422fa4d72e0de6ccb9cba5f5afba6
Instruction Fuzzy Hash: A951DA75A046299BCB22DB59C8A5BD9B7BCBF48304F4041DBE508A7302E634AF858F65

Function 0051B6E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125registryCOMMON

Download Yara Rule

APIs

GetKeyboardLayoutList.USER32(00000040,?,00000000,0051B88B,?,023C1C14,?,0051B8ED,00000000,?,00530117,00531A48,?,00000000,0053016C), ref: 0051B736
RegOpenKeyExA.ADVAPI32(80000002,00000000), ref: 0051B79E
RegQueryValueExA.ADVAPI32(?,layout text,00000000,00000000,?,00000100,00000000,0051B847,?,80000002,00000000), ref: 0051B7D8
RegCloseKey.ADVAPI32(?,0051B84E,00000000,?,00000100,00000000,0051B847,?,80000002,00000000), ref: 0051B841

Strings

layout text, xrefs: 0051B7CF
System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0051B788
4K, xrefs: 0051B712

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseKeyboardLayoutListOpenQueryValue
String ID: 4K$System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
API String ID: 1703357764-3824119750
Opcode ID: e486251d16b8d8e5d891330212adf6dd16e5ef6ee4f448a18a5aef23c58a3dae
Instruction ID: be63b80b4a9faa82158fbe666d90335618c9cee78fb56126c8d66a35d80b7373
Opcode Fuzzy Hash: e486251d16b8d8e5d891330212adf6dd16e5ef6ee4f448a18a5aef23c58a3dae
Instruction Fuzzy Hash: CD414674A00209AFEB10DF55C985FDEBBF8FB88704F5040A5E904AB252D774AE80CB65

Function 0046A700 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 97libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll), ref: 0046A72A
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 0046A73B
FreeLibrary.KERNEL32(00000000,Iphlpapi.dll), ref: 0046A802

Strings

Iphlpapi.dll, xrefs: 0046A725
GetAdaptersInfo, xrefs: 0046A735
Bluetooth, xrefs: 0046A796
Virtual, xrefs: 0046A7AE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Bluetooth$GetAdaptersInfo$Iphlpapi.dll$Virtual
API String ID: 145871493-784332736
Opcode ID: fe8430d5dad853f38c0179428d72c05d35437be6b8b7cc6293ce586ff15f0f72
Instruction ID: a5f27b06d034782d1914eca0d8ba3c788742aed1229dedd36f3bdcd4f73960cf
Opcode Fuzzy Hash: fe8430d5dad853f38c0179428d72c05d35437be6b8b7cc6293ce586ff15f0f72
Instruction Fuzzy Hash: 16210635204B0267C710AA94CCC0BB77AECAB84756F04443EBD4466241FB78D9918BBB

Function 00411D94 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00411DA5
ReleaseMutex.KERNEL32(00000000,00000000,000000FF), ref: 00411DC1
ReleaseMutex.KERNEL32(00000000,00000000,000000FF), ref: 00411DF4

Strings

, xrefs: 00411E12
, xrefs: 00411E35

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MutexRelease$ObjectSingleWait
String ID: $
API String ID: 257779224-227171996
Opcode ID: dc0b63deab3a9c7ce4d53f74b14c3a519478b24a34b06a5a89137e75e9d5cddc
Instruction ID: 7187abd96b5718ddd86d7d96a898cabc0d65ffd12875382868d76317ca361d83
Opcode Fuzzy Hash: dc0b63deab3a9c7ce4d53f74b14c3a519478b24a34b06a5a89137e75e9d5cddc
Instruction Fuzzy Hash: 1D31D1316043019BD720DFA8C9C0A9BB7E5BF84300F54891AEA498B356D738E8D1C7A5

Function 00479958 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0047996C
@cmSerialCommDriver32@TcmUart@PurgeRead$qqro.Z39UARTASSIST ref: 0047997C

Part of subcall function 00479D20: PurgeComm.KERNEL32(EC75FF18,00000008), ref: 00479D4F

@cmSerialCommDriver32@TcmUart@SendData$qqrpvi.Z39UARTASSIST ref: 00479996

Part of subcall function 0047986C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0047989B
Part of subcall function 0047986C: ReleaseMutex.KERNEL32(?,?,?,000000FF), ref: 004798C7
Part of subcall function 0047986C: SetEvent.KERNEL32(?,?,?,?,000000FF), ref: 004798DB

Sleep.KERNEL32(00000001), ref: 004799BB
@cmSerialCommDriver32@TcmUart@RecvData$qqrpvi.Z39UARTASSIST(00000001), ref: 004799DB
GetTickCount.KERNEL32 ref: 00479A0E

Strings

2, xrefs: 0047999B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@SerialUart@$CountData$qqrpviPurgeTick$EventMutexObjectRead$qqroRecvReleaseSendSingleSleepWait
String ID: 2
API String ID: 1794962170-450215437
Opcode ID: a9ede89a54c0e5bfe6f411f696fbb3f4cd2e7b342303b416f2619b4652a33d5a
Instruction ID: 4b2440201b6e667131e00eff1ecbde0c6fa8e38b1885701fb99a1e6198272ca0
Opcode Fuzzy Hash: a9ede89a54c0e5bfe6f411f696fbb3f4cd2e7b342303b416f2619b4652a33d5a
Instruction Fuzzy Hash: 2531F5B0E0020ADBDF14DFA8C5856EEB7B1BF81300F20C55AE819A7354D7789E41DB96

Function 0055B648 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 47COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(h]K,?,004B5D68,00000000), ref: 0055B655
GetCurrentDirectoryA.KERNEL32(00000104,?,h]K,?,004B5D68,00000000), ref: 0055B670

Part of subcall function 0055C598: GetLastError.KERNEL32(0055B599,?,?,?,?,00000000,?,?,0055B432,?,?,?,?,00000001,?), ref: 0055C598

Strings

:, xrefs: 0055B69F
=, xrefs: 0055B6A8
:, xrefs: 0055B6B5
h]K, xrefs: 0055B651, 0055B654

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CurrentDirectory$ErrorLast
String ID: :$:$=$h]K
API String ID: 1128942804-1849354933
Opcode ID: 5f370387a1bb86e028971c6f31d8c866fa18eed48affd80ba159f0542e573d24
Instruction ID: 475fcfef4a2e3d0dadd7a2c6fbfbe3ef918fa5c963be56dca1f1fa5cdacb1a3c
Opcode Fuzzy Hash: 5f370387a1bb86e028971c6f31d8c866fa18eed48affd80ba159f0542e573d24
Instruction Fuzzy Hash: 2E01F07040439D5EEB1197F4486D7DD7F68BB51342F5441DBEC805A142D7B15B8CCB52

Function 004E29C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,004E2A96,?,00000000,?,00000001,004E2B36,004E0FEF,004E1037,?,00000000), ref: 004E2A01
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,004E2A96,?,00000000,?,00000001,004E2B36,004E0FEF,004E1037), ref: 004E2A07
GetStdHandle.KERNEL32(000000F5,004E2A50,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,004E2A96,?,00000000), ref: 004E2A1C
WriteFile.KERNEL32(00000000,000000F5,004E2A50,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,004E2A96,?,00000000), ref: 004E2A22
MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 004E2A40

Strings

Runtime error at 00000000, xrefs: 004E29FA, 004E2A39
Error, xrefs: 004E2A34

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: 04b273dd8596842fc2a1c55a2c8e1bec6d466086c331dca4ba82adae9ef7cfcd
Instruction ID: 93bbc4d2def9347cada23167616a7b420d29ec9a2ae87a3e676a291353af86c6
Opcode Fuzzy Hash: 04b273dd8596842fc2a1c55a2c8e1bec6d466086c331dca4ba82adae9ef7cfcd
Instruction Fuzzy Hash: C5F0F6606443C138FE70A3A04F4EF5A2ACCB7D4B21F145616F6646A0D6D6F854C4E7A6

Function 004641BC Relevance: 12.1, APIs: 8, Instructions: 104synchronizationCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004641CE
ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,000000FF), ref: 0046426C
WaitForSingleObject.KERNEL32(?,?,?,00000001,00000000,?,000000FF), ref: 00464276
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0046428F
CloseHandle.KERNEL32(?), ref: 004642A0
CloseHandle.KERNEL32(?,?), ref: 004642A9

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseHandleObjectSingleWait$CountReleaseSemaphoreTick
String ID:
API String ID: 159240036-0
Opcode ID: 1e0b98fc2e76c7331209d2131a8808b1c9c7b35afe34203a8ba54eda9ba62e45
Instruction ID: 4d443b7ab7fd6bb4e4cb013145510df5bc64e55f2b71a9286e272b33f4ac1013
Opcode Fuzzy Hash: 1e0b98fc2e76c7331209d2131a8808b1c9c7b35afe34203a8ba54eda9ba62e45
Instruction Fuzzy Hash: CC319E756003009BDB18DFA5C9C5E677BEAFFC4300B248989F9568B286D638FC01CB65

Function 004B9A54 Relevance: 12.1, APIs: 8, Instructions: 81COMMON

Download Yara Rule

APIs

@TPerformanceGraph@ScrollGraph$qqrv.Z39UARTASSIST ref: 004B9A60
@TPerformanceGraph@ShiftY$qqrv.Z39UARTASSIST ref: 004B9A68
@TPerformanceGraph@FirstY$qqrv.Z39UARTASSIST ref: 004B9A75
@TPerformanceGraph@NextY$qqri.Z39UARTASSIST ref: 004B9AF0
@TPerformanceGraph@RoundUp$qqrll.Z39UARTASSIST ref: 004B9B0D
@TPerformanceGraph@SetScale$qqrl.Z39UARTASSIST ref: 004B9B29
@TPerformanceGraph@LastY$qqri.Z39UARTASSIST ref: 004B9B3C
@TPerformanceGraph@DisplayPoints$qqrl.Z39UARTASSIST ref: 004B9B46

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Graph@Performance$Y$qqriY$qqrv$DisplayFirstGraph$qqrvLastNextPoints$qqrlRoundScale$qqrlScrollShiftUp$qqrll
String ID:
API String ID: 284696991-0
Opcode ID: d1de98e2a706a2c0dacba0cd835b123ea90aada9b730ee69820bd2fd37dea54f
Instruction ID: 9049e48e2602ba1b4ffb6ba20462fe3c7575072d93e8957a0392fd1ac934c850
Opcode Fuzzy Hash: d1de98e2a706a2c0dacba0cd835b123ea90aada9b730ee69820bd2fd37dea54f
Instruction Fuzzy Hash: 1A31B234E00149EBCB04DF99C5919EDB7B2BB88304F2482AAD915A7355D734AF02DB94

Function 004E111C Relevance: 11.4, APIs: 9, Instructions: 109COMMON

Download Yara Rule

APIs

CharNextA.USER32(00000000,?,00000000,00000000,?,004E12AE), ref: 004E1153
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E115D
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E117A
CharNextA.USER32(00000000,?,00000000,00000000,?,004E12AE), ref: 004E1184
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E11AD
CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E11B7
CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E11DB
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,004E12AE), ref: 004E11E5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: 3badd8ded02f2cc0bf05c13351edb3f1e0da4052d331d2460175cbe27ce7893a
Instruction ID: 5e3d41f4077ea3c59ab88d56aac1ef0399384038fba5d4ff1e729ffbe464062d
Opcode Fuzzy Hash: 3badd8ded02f2cc0bf05c13351edb3f1e0da4052d331d2460175cbe27ce7893a
Instruction Fuzzy Hash: 3421E5647C83D519DB31697A0CC0267EB8E5B6E35272805A7E3C28B32BC57D4C87822E

Function 00565AA4 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 227COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(0EEDFADE,C0000025,00000008,?,00000004,?,?,?,?,?,?,00000004,?,00000000,?), ref: 00565B77
RaiseException.KERNEL32(0EEFFACE,00000001,00000003,00000000), ref: 00565D60

Strings

cctrAddr, xrefs: 00565CE5
xx.cpp, xrefs: 00565CE0
xx.cpp, xrefs: 00565B10
typeID || (reThrow && (flags & XDF_ISDELPHIEXCEPTION)), xrefs: 00565B15

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID: cctrAddr$typeID || (reThrow && (flags & XDF_ISDELPHIEXCEPTION))$xx.cpp$xx.cpp
API String ID: 3997070919-2095381217
Opcode ID: c86bf7dcfa0f40a378c57e65e13b1e0b5fac9fbd5ed6924edd27fac6531bdd62
Instruction ID: fd0379e0c35f48fb0c2be5c0e42a8150c8ecb094e48b2b9819a372bc6240a4b0
Opcode Fuzzy Hash: c86bf7dcfa0f40a378c57e65e13b1e0b5fac9fbd5ed6924edd27fac6531bdd62
Instruction Fuzzy Hash: 5FA12374A11608AFCB15DF94D885E9EBBB1FF88314F148159F9096B3A2E731E881CF94

Function 00414614 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 154COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00414662
GetTickCount.KERNEL32 ref: 004146BB

Strings

authority/, xrefs: 004147C5
http://free.cmsoft.cn/assistcenter/, xrefs: 00414683, 00414731
http://free.scomm.cn/assistcenter/, xrefs: 004146DC, 00414763
http://www.cmsoft.cn/assistcenter/, xrefs: 00414795

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountTick
String ID: authority/$http://free.cmsoft.cn/assistcenter/$http://free.scomm.cn/assistcenter/$http://www.cmsoft.cn/assistcenter/
API String ID: 536389180-3997990144
Opcode ID: 782c9274183de0dab6517ec020427a47df8c0d8770c5061df4d5ed5a9bbf3c6d
Instruction ID: 87df9122819ee2312e752600508e17578de697b8473abc6b6bc82a9ba06962ac
Opcode Fuzzy Hash: 782c9274183de0dab6517ec020427a47df8c0d8770c5061df4d5ed5a9bbf3c6d
Instruction Fuzzy Hash: FE514D7090060ACBCB20EF50D5456EEB7F9FF81304F20862BD45697692EB34EE4ADB59

Function 00403430 Relevance: 10.6, APIs: 7, Instructions: 150COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,0000FFE3,-0058FA1D,0000FFE3), ref: 00403480
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,0000FFE3,00000000,00000000), ref: 004034A3
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,0000FFE3,00000000,00000000,0000FDE9,00000000,?,0000FFE3,00000000,00000000), ref: 004034D4
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,0059FA00,0001FFC6), ref: 004034F5
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,0000FDE9,00000000,?,0000FFE3,00000000,00000000,0000FDE9,00000000), ref: 00403516
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00403538
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040355D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: c156d4c659ff4f9670b136affeccdb2b2cdabe89d7a6e4e3d9ea1266db520ddb
Instruction ID: ae9a55ba65e15d0795b0522b51f243cdd16810031941c00c15659ae6df13ca43
Opcode Fuzzy Hash: c156d4c659ff4f9670b136affeccdb2b2cdabe89d7a6e4e3d9ea1266db520ddb
Instruction Fuzzy Hash: E041A6757442067BEB20DE989C86FAB2B9CEB85755F14403AFA08BF2C0C5B4ED054769

Function 0047DD50 Relevance: 10.6, APIs: 7, Instructions: 144COMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047DD64

Part of subcall function 0047DD14: WaitForSingleObject.KERNEL32(?,00000000,?,?,0047FB39), ref: 0047DD2F

GetTickCount.KERNEL32 ref: 0047DDB9
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047DDF2
@TcmSocket@ComboBox_ServerClientInsert$qqrp9TInetAddr.Z39UARTASSIST ref: 0047DE05
GetTickCount.KERNEL32 ref: 0047DE9E
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047DEC9
@TcmSocket@ComboBox_ServerClientInsert$qqrp9TInetAddr.Z39UARTASSIST ref: 0047DED5

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$AddrBox_ClientComboCountInetInsert$qqrp9ReleaseSemaphoreServerTick$Client$qqrvLockMultiObjectSingleWait
String ID:
API String ID: 1587921580-0
Opcode ID: 09ff6e6a3e07f92cabfe21d4e45b2276138fd3d4175ba04fe11d6e10ccdc3320
Instruction ID: b4cbe6b9cff28158001a53acab8ced1c930543323a390ff616525c3174bf6021
Opcode Fuzzy Hash: 09ff6e6a3e07f92cabfe21d4e45b2276138fd3d4175ba04fe11d6e10ccdc3320
Instruction Fuzzy Hash: 93513671A10600DFCB25DF68C484B9ABBF5BF98300F18C59AE9499F346D774E940CBA5

Function 004A99EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

SHGetMalloc.SHELL32(?), ref: 004A9A3E
SHGetDesktopFolder.SHELL32(?,00000000,004A9B9F), ref: 004A9A88
SetErrorMode.KERNEL32(00000001,00000000,004A9B9F), ref: 004A9B09
SHBrowseForFolder.SHELL32(?), ref: 004A9B23
SetErrorMode.KERNEL32(?,004A9B51,00000001,00000000,004A9B9F), ref: 004A9B3C

Strings

t@, xrefs: 004A9ACA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorFolderMode$BrowseDesktopMalloc
String ID: t@
API String ID: 2427564971-3653134846
Opcode ID: 5b458264c717bfc54950d2179e95f2ad42eee2703ca53ee2d3c58a2d082c64db
Instruction ID: d90214380e2e8d51b55405a3def6276d5004cd902ac344294a7057be3de46780
Opcode Fuzzy Hash: 5b458264c717bfc54950d2179e95f2ad42eee2703ca53ee2d3c58a2d082c64db
Instruction Fuzzy Hash: 654106B1A00248AFDB11EFA9D885A9EBBF8FB4D300F51446AF504E7661D779AD04CB24

Function 004434DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

@TSyncUart@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004435C6
@TSyncUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004435D8
@TSyncUart@Open$qqrv.Z39UARTASSIST(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004435DF
@TSyncUart@SendData$qqrpvi.Z39UARTASSIST(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00443628
@TSyncUart@Close$qqrv.Z39UARTASSIST(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044362F

Part of subcall function 0043B7F4: FindWindowA.USER32(UartAssist,00000000), ref: 0043B822
Part of subcall function 0043B7F4: SendMessageA.USER32(00000000,0000004A,00000065), ref: 0043B83C
Part of subcall function 0043B7F4: FindWindowExA.USER32(00000000,00000000,UartAssist,00000000), ref: 0043B84B

Strings

4K, xrefs: 00443531

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Sync$Uart@$FindSendWindow$Classes@Close$qqrvComponentData$qqrpviMessageOpen$qqrvOptionsoSettings$qqrp12UartUart@$bctr$qqrp18Update
String ID: 4K
API String ID: 3428542593-1660439029
Opcode ID: 2cd96f8b5d675d29e262218f857c9b9cd453320ce713b6ad372630a187bf62fd
Instruction ID: 5c204ce964a171fa67c9db98c4cfae9398af1c9c38a530aa13597a670f21d059
Opcode Fuzzy Hash: 2cd96f8b5d675d29e262218f857c9b9cd453320ce713b6ad372630a187bf62fd
Instruction Fuzzy Hash: E841F971E002056BDB20EF79DC42BDEB7F59B5CB09F14952AE808B7341EA38D9058B68

Function 0047F834 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(00000000), ref: 0047F88C
htons.WS2_32(00000000), ref: 0047F8CD
sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 0047F8F8
WSAGetLastError.WS2_32(00000000), ref: 0047F912
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(00000000), ref: 0047F931

Strings

send to() failed, xrefs: 0047F928

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Errorhtons$Check$qqripcLastSocket@sendto
String ID: send to() failed
API String ID: 4154557079-2875333197
Opcode ID: 07e97286f0547e7f9d91298c2abd49e51bd4185721cdf0d1fca6903d874d8c57
Instruction ID: 7655ed4f20519f67460c23b93d2ed35d49928e5c4465e55d0836e26f93fd85c8
Opcode Fuzzy Hash: 07e97286f0547e7f9d91298c2abd49e51bd4185721cdf0d1fca6903d874d8c57
Instruction Fuzzy Hash: 8531E8B2D04204ABCB10EF54C8817DAB7A4EF84700F18C57F9D4D9B356E7789948D7A6

Function 00470EF4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

\\.\COM%d, xrefs: 00470F21

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: \\.\COM%d
API String ID: 0-2455948239
Opcode ID: c8111d8f4ab64f38f67263a0a89a723186819a31ab26167a455d676c816ce93e
Instruction ID: 2d824ae583e20eac903e5a317bb158e11c9874f987e32357be0eae05c866315f
Opcode Fuzzy Hash: c8111d8f4ab64f38f67263a0a89a723186819a31ab26167a455d676c816ce93e
Instruction Fuzzy Hash: 6C21F971109381A6DB35AA348CC1BAB3BC47B06714F1C869AEED49F2C7D3A9C885D316

Function 004F6788 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

RO, xrefs: 004F6811

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: RO
API String ID: 0-2329933643
Opcode ID: 63ef96a35334208f9dc6371353a76f04cf93ccd03a438e65eac26a00ac59712e
Instruction ID: b49c87e506332521191d714f5f88b4d9585e939fde2737e39b52ebe7e8cabfbd
Opcode Fuzzy Hash: 63ef96a35334208f9dc6371353a76f04cf93ccd03a438e65eac26a00ac59712e
Instruction Fuzzy Hash: 8B11B770B4225D56DB50BA3A8809B7B7BC8AF50798F16002EBF45D7342CE2CCC058659

Function 0043CE84 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@fSetPort$qqr15TCommPortNumber.Z39UARTASSIST ref: 0043CEB1

Part of subcall function 0047919C: @cmSerialCommDriver32@TcmUart@Close$qqrv.Z39UARTASSIST ref: 004791CE
Part of subcall function 0047919C: @cmSerialCommDriver32@TcmUart@Open$qqrv.Z39UARTASSIST ref: 004791DF

@cmSerialCommDriver32@TcmUart@LoadSettings$qqr17System@AnsiString.Z39UARTASSIST ref: 0043CEE6

Part of subcall function 0047ADE0: @cmSerialCommDriver32@TcmUart@UpdateRegistryOptions$qqr17System@AnsiStringp12TUartOptionso.Z39UARTASSIST ref: 0047AE22
Part of subcall function 0047ADE0: @cmSerialCommDriver32@TcmUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST ref: 0047AE33

@cmSerialCommDriver32@TcmUart@fGetParity$qqrv.Z39UARTASSIST ref: 0043CF3E
@cmSerialCommDriver32@TcmUart@fGetDataBits$qqrv.Z39UARTASSIST ref: 0043CF59
@cmSerialCommDriver32@TcmUart@fGetStopBits$qqrv.Z39UARTASSIST ref: 0043CF74

Part of subcall function 00444BD8: @TcmTrayIcon@SetHint$qqr17System@AnsiString.Z39UARTASSIST(?,?), ref: 00444C8B

Strings

UartAssist, xrefs: 0043CECF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@Serial$Uart@$Uart@f$AnsiSystem@$Bits$qqrvOptionsoStringUartUpdate$Close$qqrvDataHint$qqr17Icon@LoadNumberOpen$qqrvOptions$qqr17Parity$qqrvPortPort$qqr15RegistrySettings$qqr17Settings$qqrp12StopStringp12Tray
String ID: UartAssist
API String ID: 2229213142-377352531
Opcode ID: 59d9f4d959a70cfadacd68d5f4c218fec602333023c911f611942cafa23ec3d8
Instruction ID: f2eef261fba652e253966fb4947687aee0937985c2d9f1f4c15a5be3957191d9
Opcode Fuzzy Hash: 59d9f4d959a70cfadacd68d5f4c218fec602333023c911f611942cafa23ec3d8
Instruction Fuzzy Hash: 8C314B34600505CFC700EF54D8C9AADB7B2FF89304F5891BAEC086B366DB35994ADB95

Function 00438814 Relevance: 10.6, APIs: 7, Instructions: 66COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,?), ref: 00438826
MulDiv.KERNEL32(?,?), ref: 0043883B
MulDiv.KERNEL32(?,?), ref: 00438850
SelectObject.GDI32(?,00000000), ref: 00438883
DeleteObject.GDI32(00000000), ref: 00438889
CreateSolidBrush.GDI32(?), ref: 0043888F
SelectObject.GDI32(?,00000000), ref: 0043889C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object$Select$BrushCreateDeleteSolid
String ID:
API String ID: 1979645813-0
Opcode ID: d5c2f4e42299b3013618045e9eeea4cb0ee026f5a58027d7f978e3f351647acb
Instruction ID: 02417fd2a81681f653aaa2c8b4c65306ee42eb62f8acb76609727498e9179794
Opcode Fuzzy Hash: d5c2f4e42299b3013618045e9eeea4cb0ee026f5a58027d7f978e3f351647acb
Instruction Fuzzy Hash: D8219475601215AFDB00EF68C989DAABFACFF48354B148555B948CB312D634EE81CBA4

Function 0055B71C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00000000,?,00000104,?,?,?,?,0055C12A,004B5EAE,00000000,?,?,004B5EAD), ref: 0055B754
SetEnvironmentVariableA.KERNEL32(0000003D,?,00000000,?,00000104,?,?,?,?,0055C12A,004B5EAE,00000000,?,?,004B5EAD), ref: 0055B773

Part of subcall function 0055C598: GetLastError.KERNEL32(0055B599,?,?,?,?,00000000,?,?,0055B432,?,?,?,?,00000001,?), ref: 0055C598

SetCurrentDirectoryA.KERNEL32(?,00000000,?,00000104,?,?,?,?,0055C12A,004B5EAE,00000000,?,?,004B5EAD), ref: 0055B783

Strings

:, xrefs: 0055B745
=, xrefs: 0055B738

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: EnvironmentVariable$CurrentDirectoryErrorLast
String ID: :$=
API String ID: 2603090644-2134709475
Opcode ID: 9f3153722fce537b4b3626254bc113d8b258944ac35e62ed02a55472adddc1d2
Instruction ID: b12bd8f127694c05211980277f82ab2e23e2df37182ae29b43d3f1c763eb4827
Opcode Fuzzy Hash: 9f3153722fce537b4b3626254bc113d8b258944ac35e62ed02a55472adddc1d2
Instruction Fuzzy Hash: AF11E7304083C7A8E7128778486979AFFB8FF96305F14818ADDD457243D775A60DC7A2

Function 004F02B0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000), ref: 004F02BA
GetTextMetricsA.GDI32(00000000), ref: 004F02C3

Part of subcall function 00509A94: CreateFontIndirectA.GDI32(?), ref: 00509BD2

SelectObject.GDI32(00000000,00000000), ref: 004F02D2
GetTextMetricsA.GDI32(00000000,?), ref: 004F02DF
SelectObject.GDI32(00000000,00000000), ref: 004F02E6
GetSystemMetrics.USER32(00000006), ref: 004F0314
GetSystemMetrics.USER32(00000006), ref: 004F032E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Metrics$ObjectSelectSystemText$A570CreateFontIndirect
String ID:
API String ID: 1816951023-0
Opcode ID: c7d72354c049557daa1d80b91f4b1a96e9e0f9c256078fc4354714863e97fd57
Instruction ID: 2340eaf852b20d263ab14a6fb90c851c5a94bf6bddbcbeffeb3613bea469ec85
Opcode Fuzzy Hash: c7d72354c049557daa1d80b91f4b1a96e9e0f9c256078fc4354714863e97fd57
Instruction Fuzzy Hash: C111ADA17043452BE310B6B88CCAB6B6ACCABC8354F441425FB858B393D9699C54C766

Function 0050B40C Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON

Download Yara Rule

APIs

SelectObject.GDI32(?,?), ref: 0050B41A
SelectObject.GDI32(0050BCCC,00000000), ref: 0050B429
StretchBlt.GDI32(0050BCCC,00000000,00000000,?,?,?,00000000,00000000,00000004,?,00CC0020), ref: 0050B455
SelectObject.GDI32(?,00000000), ref: 0050B463
SelectObject.GDI32(0050BCCC,00000000), ref: 0050B471
DeleteDC.GDI32(?), ref: 0050B487
DeleteDC.GDI32(0050BCCC), ref: 0050B490

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ObjectSelect$Delete$Stretch
String ID:
API String ID: 1458357782-0
Opcode ID: 5d5cab8245a741fdec907fec33ca2535f5960f16d2f6d1ef5f82df5c9e4a08e6
Instruction ID: 06436444a3578eadd4d879fe69e3bc252c457021335631dd95acd4bff13d3596
Opcode Fuzzy Hash: 5d5cab8245a741fdec907fec33ca2535f5960f16d2f6d1ef5f82df5c9e4a08e6
Instruction Fuzzy Hash: B0119C72E40206AFEB50DAE8C99AFAFBBFDBB48700F004414B614E7281C6759D01C7A0

Function 004F22CC Relevance: 9.3, APIs: 6, Instructions: 286windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004F2335
GetTickCount.KERNEL32 ref: 004F2357

Part of subcall function 004F21D8: SendMessageA.USER32(00000000,00000140,?,?), ref: 004F21F4

SendMessageA.USER32(00000000,0000014E,000000FF,00000000), ref: 004F2439
SendMessageA.USER32(00000000,00000142,00000000,00000000), ref: 004F2489

Part of subcall function 004F2204: SendMessageA.USER32(00000000,00000140,?,?), ref: 004F2245
Part of subcall function 004F2204: SendMessageA.USER32(00000000,0000014E,000000FF,00000000), ref: 004F2271
Part of subcall function 004F2204: SendMessageA.USER32(00000000,00000142,00000000,00000000), ref: 004F22A5

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004F25D1
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004F261E

Part of subcall function 004F110C: SendMessageA.USER32(00000000,00000157,00000000,00000000), ref: 004F1120

Part of subcall function 004F1130: SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 004F114D
Part of subcall function 004F1130: InvalidateRect.USER32(00000000,000000FF,000000FF), ref: 004F116A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$Send$CountPeekTick$InvalidateRect
String ID:
API String ID: 2065907832-0
Opcode ID: 4ed37ae40a9c2b951a547f4b9c97b79d7d1880092b75aa2cc9380d092d72c9a8
Instruction ID: 1d613fec74582479de3dd8aabdd5bb65deffb3991cbf356f713e1d662a026774
Opcode Fuzzy Hash: 4ed37ae40a9c2b951a547f4b9c97b79d7d1880092b75aa2cc9380d092d72c9a8
Instruction Fuzzy Hash: 85B16A30A0014DDFDF01EBA5CA95BEEB7B5AF45304F2440A6F504AB356CB78AE06DB19

Function 004850FC Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,00000000,0048523F), ref: 0048516C

Part of subcall function 00484FB8: DrawTextA.USER32(00000000,00000000,00000000,?,00000800), ref: 0048502C

@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,00000000,0048523F), ref: 004851BD
@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,?,?,00000000,0048523F), ref: 004851D3
@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,?,?,?,?,00000000,0048523F), ref: 004851E9
@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,?,?,?,?,?,?,00000000,0048523F), ref: 004851FF
@Cmlabel@TFontEffect@PutText$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,?,00000000,0048523F), ref: 00485224

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AnsiCanvasii17Cmlabel@Effect@FontGraphics@StringSystem@Text$qqrp16$DrawText
String ID:
API String ID: 3038429608-0
Opcode ID: a8f57b77f83aefd15441d5700b6e26afcce43f6a985d66281579fa8410f5b7e1
Instruction ID: 00e738a75c989ea7971de33a5513dadcede0697ec3fea50af49d9c85d2fd69a6
Opcode Fuzzy Hash: a8f57b77f83aefd15441d5700b6e26afcce43f6a985d66281579fa8410f5b7e1
Instruction Fuzzy Hash: 6C411B74B00509AFCB04EF5DC881A9EB7F9EF88314B14C46AB919CB356CA34EE41CB94

Function 005634A8 Relevance: 9.1, APIs: 6, Instructions: 95filewindowCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000080,00000000,-000000F6,?,00563682,Abnormal program termination,00564323,?,?,00000000,?,00563693,00000016,005656BA), ref: 005634E7
MessageBoxA.USER32(00000000,00000000,00000001,00000000), ref: 00563532
GetStdHandle.KERNEL32(000000F4,00000000,-000000F6,?,00563682,Abnormal program termination,00564323,?,?,00000000,?,00563693,00000016,005656BA,?), ref: 0056353E
WriteFile.KERNEL32(00000000,0059D2E8,00000002,?,00000000,000000F4,00000000,-000000F6,?,00563682,Abnormal program termination,00564323,?,?,00000000), ref: 00563553
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,0059D2E8,00000002,?,00000000,000000F4,00000000,-000000F6,?,00563682,Abnormal program termination), ref: 00563568
WriteFile.KERNEL32(00000000,0059D2EB,00000002,?,00000000,00000000,00000000,00000000,?,00000000,00000000,0059D2E8,00000002,?,00000000,000000F4), ref: 0056357B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$Write$HandleMessageModuleName
String ID:
API String ID: 1009477876-0
Opcode ID: b68058bcc775e64a53da464373ac506bf9c9fae30ad0a64d8ae2ba055df9d57c
Instruction ID: dc223cc9a312690d761db857a7dd7cb71644d0a9346292894f537f41c56afc2f
Opcode Fuzzy Hash: b68058bcc775e64a53da464373ac506bf9c9fae30ad0a64d8ae2ba055df9d57c
Instruction Fuzzy Hash: 0B21B475600305BAEF20D7649D4AFAA3FACBB61711F400252B506970D2EBB49F49CA72

Function 00486B94 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON

Download Yara Rule

APIs

@Cmbitmap@TcmBitmap@$bctr$qqrv.Z39UARTASSIST ref: 00486BB2
@Cmbitmap@CMRectHeight$qqrrx11Types@TRect.Z39UARTASSIST ref: 00486BBB
@Cmbitmap@CMRectWidth$qqrrx11Types@TRect.Z39UARTASSIST(00000000), ref: 00486BC3
StretchBlt.GDI32(00000000,00000000,00000000,00000000), ref: 00486C07
SetStretchBltMode.GDI32(00000000,00000003), ref: 00486C30
StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00486C67

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Rect$Cmbitmap@Stretch$Types@$Bitmap@$bctr$qqrvHeight$qqrrx11ModeWidth$qqrrx11
String ID:
API String ID: 2333992091-0
Opcode ID: b1ea0966403de0ddc2da10ae18a5ae8155bce3d3947bba3b0879787ab0ed7f77
Instruction ID: 5fc9b842252c0f1a72286ec20edc600e2b8647cf87331aca04ec072e13cba95b
Opcode Fuzzy Hash: b1ea0966403de0ddc2da10ae18a5ae8155bce3d3947bba3b0879787ab0ed7f77
Instruction Fuzzy Hash: 812117B1304201AFC650EB6DCC85F1B7BEDEF88700F144569FA49CB266CA75EC418BA5

Function 00439324 Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

GetObjectA.GDI32(00000000,0000003C,?), ref: 00439369
MulDiv.KERNEL32(00000000,?,00000048), ref: 004393C8
CreateFontIndirectA.GDI32(?), ref: 004393D6
SelectObject.GDI32(?,00000000), ref: 004393E0
SelectObject.GDI32(?,00000000), ref: 004393FC
DeleteObject.GDI32(00000000), ref: 00439402

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object$Select$CreateDeleteFontIndirect
String ID:
API String ID: 2035526678-0
Opcode ID: af047714d8953015f6fb116216fbeafadd597e93ca57ad945708823ee9f47104
Instruction ID: 4ad876096319b2fc78c7e6fda839a60252cc5908eced1a5cb98bcb1d5d0e28e9
Opcode Fuzzy Hash: af047714d8953015f6fb116216fbeafadd597e93ca57ad945708823ee9f47104
Instruction Fuzzy Hash: A4211271E002059FDB40EFA9C889A8EBBFCBF49310F544165F908EB256DA749D45CB94

Function 00471384 Relevance: 9.1, APIs: 6, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0047139A
PurgeComm.KERNEL32(?,00000008), ref: 004713B7
@TSyncUart@SendData$qqrpvi.Z39UARTASSIST(?,00000008), ref: 004713C4
Sleep.KERNEL32(00000001), ref: 004713E7
@TSyncUart@RecvData$qqrpvi.Z39UARTASSIST(00000001), ref: 00471405
GetTickCount.KERNEL32 ref: 0047142C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CountData$qqrpviSyncTickUart@$CommPurgeRecvSendSleep
String ID:
API String ID: 1824029913-0
Opcode ID: ef91ee8fbc04e9abfe6819ee02a24cba95af579c90c718745ee3f70b57a542d3
Instruction ID: 2159c0bb35576ce69a324ada5e71f2c242d4f190bcaad93cbae489b2e651a873
Opcode Fuzzy Hash: ef91ee8fbc04e9abfe6819ee02a24cba95af579c90c718745ee3f70b57a542d3
Instruction Fuzzy Hash: 5D219131A002099BDB20EE6DC9856DEB7B9AF84300F11C16AAC09E73A1DA389D44C799

Function 004B9BE0 Relevance: 9.1, APIs: 6, Instructions: 80COMMON

Download Yara Rule

APIs

@TPerformanceGraph@Initialize$qqrl.Z39UARTASSIST(?), ref: 004B9C23
@TPerformanceGraph@GetBandCount$qqrv.Z39UARTASSIST(?), ref: 004B9C46
@TPerformanceGraph@FirstY$qqrv.Z39UARTASSIST(?), ref: 004B9C5E
@TPerformanceGraph@NextY$qqri.Z39UARTASSIST(?), ref: 004B9C68
@TPerformanceGraph@DisplayPoints$qqrl.Z39UARTASSIST(?), ref: 004B9CA0
@TPerformanceGraph@NextY$qqri.Z39UARTASSIST(?), ref: 004B9CAB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Graph@Performance$NextY$qqri$BandCount$qqrvDisplayFirstInitialize$qqrlPoints$qqrlY$qqrv
String ID:
API String ID: 3754224730-0
Opcode ID: c7d436b034268089a4649cf1344048ab2298e8a832d20b0ec08bde8072c0b9de
Instruction ID: 1bd902a5a5df6f61a1b936f4d07f6f8a57fdd27e82a224a83dbfd26fe2f8e2cc
Opcode Fuzzy Hash: c7d436b034268089a4649cf1344048ab2298e8a832d20b0ec08bde8072c0b9de
Instruction Fuzzy Hash: 00317174A00109DBCB04DFA9D5819DEF7B1BF89314F2442AAE909B7351DB30AE41DB94

Function 004F38FC Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000), ref: 004F3936

Part of subcall function 00509A94: CreateFontIndirectA.GDI32(?), ref: 00509BD2

SelectObject.GDI32(00000000,00000000), ref: 004F3947
GetTextExtentPoint32A.GDI32(00000000,00000000,00000000,?), ref: 004F3979
SelectObject.GDI32(00000000,00000000), ref: 004F3980
GetSystemMetrics.USER32(00000005), ref: 004F398F
GetSystemMetrics.USER32(00000006), ref: 004F399D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MetricsObjectSelectSystem$A570CreateExtentFontIndirectPoint32Text
String ID:
API String ID: 3567956377-0
Opcode ID: f4922f6685df032d8d73a739ec57d3667c0467b362f976a73cac24f7bb42fb78
Instruction ID: 035eebdb39554ef26b63d7c141fc8d9fd0b183d141de2d62a3e9728930dad461
Opcode Fuzzy Hash: f4922f6685df032d8d73a739ec57d3667c0467b362f976a73cac24f7bb42fb78
Instruction Fuzzy Hash: 9121A4756002156BD710EF65CC8AFAF7BADFF89310F014165F914D7282DAB89A04CBA5

Function 0047FA58 Relevance: 9.1, APIs: 6, Instructions: 70timeCOMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047FA8C
@TcmSocket@SendTo$qqripvi.Z39UARTASSIST ref: 0047FAB5
GetTickCount.KERNEL32 ref: 0047FABE
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047FAE3
SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0047FAFF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$Client$qqrvCountLockMultiReleaseSemaphoreSendTickTimerTo$qqripvi
String ID:
API String ID: 2052836949-0
Opcode ID: b0dbe11d653e208a7c273f2ac5faba5c6b4a21cb907b9d293642540993557379
Instruction ID: 7d733e4a2719720d23600536d6b299438becc8bce5a2921b201ed927af988288
Opcode Fuzzy Hash: b0dbe11d653e208a7c273f2ac5faba5c6b4a21cb907b9d293642540993557379
Instruction Fuzzy Hash: 2221D87160474067D720EA25C881BEBB7D9AF94700F14C82FF48D47395D679BC49C76A

Function 00500C44 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

ValidateRect.USER32(00000000,00000000), ref: 00500C54
InvalidateRect.USER32(00000000,00000000,000000FF,00000000,00000000), ref: 00500C65
GetClientRect.USER32(00000000), ref: 00500C73
MapWindowPoints.USER32(00000000,00000000,00000000,00000002), ref: 00500C93
ValidateRect.USER32(00000000,?,00000000,00000000,000000FF,00000000,00000000), ref: 00500CA5
InvalidateRect.USER32(00000000,00000000,00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000), ref: 00500CBD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Rect$InvalidateValidate$ClientPointsWindow
String ID:
API String ID: 2846033224-0
Opcode ID: 957d546d3573720c1be42d94c87c62c0f5307ec5a358a7ed92c138653b039287
Instruction ID: 6993a52d5c8acbcc691bfe2b0c990f142c1c85d6f0fba92fcadea6ea94e3a2bb
Opcode Fuzzy Hash: 957d546d3573720c1be42d94c87c62c0f5307ec5a358a7ed92c138653b039287
Instruction Fuzzy Hash: 9DF0AF7069070366DA10BA789C8FF4A3F8C7B95710F000A347519EB287DE78F8858A76

Function 0050B10C Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0050A2A8: CreateBrushIndirect.GDI32(?), ref: 0050A352

UnrealizeObject.GDI32(00000000), ref: 0050B118
SelectObject.GDI32(?,00000000), ref: 0050B12A
SetBkColor.GDI32(?,00000000), ref: 0050B14D
SetBkMode.GDI32(?,00000002), ref: 0050B158
SetBkColor.GDI32(?,00000000), ref: 0050B173
SetBkMode.GDI32(?,00000001), ref: 0050B17E

Part of subcall function 00509578: GetSysColor.USER32(8B0050AE), ref: 00509582

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
String ID:
API String ID: 3527656728-0
Opcode ID: 60b6de37cc9273a24748d8718e394b008596fbd3f9c533ca6e2ba13d4c400d13
Instruction ID: c73de8cf75f154cb55467499fa52002b275b4f191d676f3fa356ca01ed539f6e
Opcode Fuzzy Hash: 60b6de37cc9273a24748d8718e394b008596fbd3f9c533ca6e2ba13d4c400d13
Instruction Fuzzy Hash: FBF066B96402029BDA00FFA8DACB94B6F9C7F953027448490B904DF29BCA66DC108731

Function 004B4654 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B4663
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B4681
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B4693
@TCCalendar@SetDateElement$qqrii.Z39UARTASSIST ref: 004B46AA
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B46B7
@TCCalendar@SetDateElement$qqrii.Z39UARTASSIST ref: 004B46C7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Calendar@Date$Element$qqri$Element$qqrii
String ID:
API String ID: 3550019470-0
Opcode ID: adb8ef6b38a7328a9e587f7a7a4fd3e7339856b04c8a589523b3d8210c78485f
Instruction ID: a601343adee9da652d6c4c4b473d666a5a65f89c12d2b22c493e658178913ba2
Opcode Fuzzy Hash: adb8ef6b38a7328a9e587f7a7a4fd3e7339856b04c8a589523b3d8210c78485f
Instruction Fuzzy Hash: DBF0E130B04004DBDB04E699C542BDE73E6DBC5304F28407AE8049B797CB7AAE129729

Function 004B46D0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B46DF
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B46FD
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B470F
@TCCalendar@SetDateElement$qqrii.Z39UARTASSIST ref: 004B4726
@TCCalendar@GetDateElement$qqri.Z39UARTASSIST ref: 004B4733
@TCCalendar@SetDateElement$qqrii.Z39UARTASSIST ref: 004B4743

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Calendar@Date$Element$qqri$Element$qqrii
String ID:
API String ID: 3550019470-0
Opcode ID: 20ab2a4cbbd17920599c3717c81ef36c7ed8b37c66dc66bbbf09564f2d91462e
Instruction ID: b08d661de41f6e00a6bfb22a4430748b00d7cc805c4ff60cca1af35ac1c6ac7d
Opcode Fuzzy Hash: 20ab2a4cbbd17920599c3717c81ef36c7ed8b37c66dc66bbbf09564f2d91462e
Instruction Fuzzy Hash: 7FF0EC30B04004DBDB00EA9AD582BDE73E5DB85304F28506AE8459B797DB7AAE429728

Function 00480908 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 287networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(?), ref: 00480936
gethostbyname.WS2_32(00000000), ref: 0048096C
gethostname.WS2_32(?,00000040), ref: 00480989
gethostbyname.WS2_32(?), ref: 0048099A

Strings

255.255.255.255, xrefs: 00480945

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: gethostbyname$gethostnameinet_addr
String ID: 255.255.255.255
API String ID: 2384514453-2422070025
Opcode ID: f22ff541561cc0cf35f73bc82a845455c09c29622af3145bac55d229d5ea3fbf
Instruction ID: 86bcb9611cd433d3fe1060a7d8bf9aaacf639610bcee55d8beb42b7c9a1eefda
Opcode Fuzzy Hash: f22ff541561cc0cf35f73bc82a845455c09c29622af3145bac55d229d5ea3fbf
Instruction Fuzzy Hash: 7991D2706283019BD7A8FE68C48077F77D5AF95314F148D2EE49687392C23CD88AD75A

Function 0047E214 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 261COMMON

Download Yara Rule

APIs

@TcmSocket@GenIPPortString$qqrp9TInetAddrpc.Z39UARTASSIST(?,00000000,?,0047DEDA), ref: 0047E261

Part of subcall function 0047E5B0: @TcmSocket@ip_ntoa$qqrpx6IPDATApco.Z39UARTASSIST(?,?,0047E266,?,00000000,?,0047DEDA), ref: 0047E5C9

@TcmSocket@ParseInetAddr$qqrpxcp9TInetAddro.Z39UARTASSIST ref: 0047E32C

Strings

ALL CLIENTS (, xrefs: 0047E50F
D, xrefs: 0047E4E4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Inet$Socket@$Addr$qqrpxcp9AddroAddrpcApcoParsePortSocket@ip_ntoa$qqrpx6String$qqrp9
String ID: ALL CLIENTS ($D
API String ID: 2114847395-3993225547
Opcode ID: 23c36384405fbe58083e5c2a986ac664989eacb36a01c33a383483406fcc75d5
Instruction ID: dbd8f680c06940efc32fc78c4a367affd62353d9a64f1c62b61a449fca904940
Opcode Fuzzy Hash: 23c36384405fbe58083e5c2a986ac664989eacb36a01c33a383483406fcc75d5
Instruction Fuzzy Hash: 04B1E874E00209CFCB04DFA5C485AEEB7B5FF88304F2486AAD81AAB355D734A946CF55

Function 0048993C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 217windowCOMMON

Download Yara Rule

APIs

@Cmmenu@TcmMenu@DrawGradualBar$qqrp16Graphics@TCanvasrx11Types@TRect.Z39UARTASSIST ref: 00489A6E
@Cmmenu@TcmMenu@DrawMenuText$qqrp16Graphics@TCanvasiip15Menus@TMenuItem.Z39UARTASSIST(?,?), ref: 00489B5C
@Cmmenu@TcmMenu@DrawMenuText$qqrp16Graphics@TCanvasiip15Menus@TMenuItem.Z39UARTASSIST(?,?,?,?), ref: 00489B73
@Cmmenu@TcmMenu@DrawMenuText$qqrp16Graphics@TCanvasiip15Menus@TMenuItem.Z39UARTASSIST(?,?), ref: 00489B91

Part of subcall function 0050A9AC: FillRect.USER32(?,?,00000000), ref: 0050A9D4

Strings

RO, xrefs: 00489985

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Menu$Cmmenu@DrawGraphics@Menu@$Canvasiip15ItemMenus@Text$qqrp16$Rect$Bar$qqrp16Canvasrx11FillGradualTypes@
String ID: RO
API String ID: 3743952999-2329933643
Opcode ID: c362b35b7882a6405c44af3afd012c6a50ff162f2529654de88a173f886b82cf
Instruction ID: 1680fb62abd5dcfd0c26c2c98d64d1bb1b03f4636baa5446953acd5fec142e32
Opcode Fuzzy Hash: c362b35b7882a6405c44af3afd012c6a50ff162f2529654de88a173f886b82cf
Instruction Fuzzy Hash: 2E814970B006099FCB04EFA9C9859AEB7F6FF88304F148569E845AB346CB34ED45CB95

Function 00443658 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 203windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004E1208: GetCommandLineA.KERNEL32(00000000,004E1259,?,?,?,00000000,?,00443672,00000000,005DFA4C), ref: 004E121F

@cmSerialCommDriver32@TcmUart@UpdateRegistryOptions$qqr17System@AnsiStringp12TUartOptionso.Z39UARTASSIST(?,?), ref: 0044389D
PostMessageA.USER32(00000000,0000040F,?,?), ref: 004438DE

Part of subcall function 004E1268: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 004E128C

Part of subcall function 004E1268: GetCommandLineA.KERNEL32 ref: 004E129E

Strings

UartAssist, xrefs: 00443886
-pos, xrefs: 0044369C
D, xrefs: 00443880

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommandLine$AnsiCommDriver32@FileMessageModuleNameOptions$qqr17OptionsoPostRegistrySerialStringp12System@UartUart@Update
String ID: -pos$D$UartAssist
API String ID: 1504899037-691800880
Opcode ID: 44ddab8899c1bff27ee0e063b2b92124e60b6321ac0c94772b7324826cb718b2
Instruction ID: 64e07887cae1f8cc953ba02e35cd1014b891cdb3d7f5cbe11e34e64baa334077
Opcode Fuzzy Hash: 44ddab8899c1bff27ee0e063b2b92124e60b6321ac0c94772b7324826cb718b2
Instruction Fuzzy Hash: 13718171D0020ACBDF14EFA9D8456EEB7B5FF84305F10812AE805B7292DB389A46CB59

Function 004991B8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 191registryCOMMON

Download Yara Rule

APIs

UnregisterHotKey.USER32(00000000,00000000), ref: 0049927A
RegisterHotKey.USER32(00000000,00000000,00000001,?), ref: 004992C3

Strings

Modification failed, hotkey already exists!, xrefs: 00499229
Prompt, xrefs: 00499240
, xrefs: 00499262

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: RegisterUnregister
String ID: $Modification failed, hotkey already exists!$Prompt
API String ID: 2330324139-418848957
Opcode ID: 1349199563a016bc7af1f1e8f7c5c7075e2d41be74edda740c1643ddc5246e34
Instruction ID: 1a3b3363ef2213143d2fbd3b947faa37bd1a7a901d6012c40c19d99e4910cf93
Opcode Fuzzy Hash: 1349199563a016bc7af1f1e8f7c5c7075e2d41be74edda740c1643ddc5246e34
Instruction Fuzzy Hash: 4761D330A0424A9BDF25DBACC4557EEBFB5AF9A314F08026AE841A73D2D7394C4AC355

Function 0046BB3C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 152windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(?,005828E5,005828E6,00000021), ref: 0046BCD8
ShellExecuteA.SHELL32(?,00000000,0046B8FF,00000000,00000000,00000001), ref: 0046BCF8

Strings

{'X, xrefs: 0046BBD8, 0046BC50, 0046BC8F
--------------------------------------------------, xrefs: 0046BB97
{'X, xrefs: 0046BCC1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExecuteMessageShell
String ID: --------------------------------------------------${'X${'X
API String ID: 649218774-487041030
Opcode ID: ccb6b8dd6bf69ee52b5a94a6604689c5d3dca038ed8305b1d37faf7690fa7f41
Instruction ID: 5fe92261f7e4ef377c63826d77ecfd0cafc4d3f1313e680622c85271db902103
Opcode Fuzzy Hash: ccb6b8dd6bf69ee52b5a94a6604689c5d3dca038ed8305b1d37faf7690fa7f41
Instruction Fuzzy Hash: 1751487090060ADFCB20DFA0C455AEFF7F9FF84300F10866AD901A7655EB74AA0ADB95

Function 004714A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMON

Download Yara Rule

APIs

Part of subcall function 004CB3D0: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,?,00000000,004CB4D5), ref: 004CB44A

@TSyncUart@UpdateSettings$qqrp12TUartOptionso.Z39UARTASSIST ref: 0047155E

Part of subcall function 004CB33C: RegCloseKey.ADVAPI32(00010000,004CB218,004CB393,004CB218,00000001,004CB2EA,?,?,004714DF), ref: 004CB34D

Strings

SOFTWARE\CMSOFT\, xrefs: 004714F5
COMPort, xrefs: 004715DF
COM, xrefs: 0047159F
D, xrefs: 0047164B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseOpenOptionsoSettings$qqrp12SyncUartUart@Update
String ID: COM$COMPort$D$SOFTWARE\CMSOFT\
API String ID: 1592612479-2195040797
Opcode ID: e96897e6855e89436f71246327fde2150f87a97713b6255bcf3a69303c48a314
Instruction ID: 37e42f722049ea4b60e927495d438b9ad30a1ea3259d341c8724c0dc88720e4c
Opcode Fuzzy Hash: e96897e6855e89436f71246327fde2150f87a97713b6255bcf3a69303c48a314
Instruction Fuzzy Hash: 28512D74D0120E8BCB00EFD4C495AEEFBB5FF88314F14516AD800B7256DB355A4A8BA5

Function 0043B3DC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0043B418

Part of subcall function 0046B5B8: @TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 0046B5EF

Strings

VICECENTER, xrefs: 0043B442
VICECENTER, xrefs: 0043B40E
VICECENTER, xrefs: 0043B496
8, xrefs: 0043B54C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoConfigReadUpgrader@$Value$qqrpcValue$qqrpct1pi
String ID: 8$VICECENTER$VICECENTER$VICECENTER
API String ID: 4141635535-3935447603
Opcode ID: 588a7612472823be7009ef24596a7e62f2aeae0420bba0c3aad7044b9844e46f
Instruction ID: 77541042ef393a4d0ace03dacb52811a87d2dbc48a5a948bc04437b28f995702
Opcode Fuzzy Hash: 588a7612472823be7009ef24596a7e62f2aeae0420bba0c3aad7044b9844e46f
Instruction Fuzzy Hash: 33419370A0010ADBCB10EB94D946AEEBBB5FF48304F204166E90467392EB349E05DBDE

Function 00464300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127synchronizationnetworkCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00464320
htons.WS2_32(?), ref: 00464394
ReleaseSemaphore.KERNEL32(?,00000001,00000000,000005E8,000005DC,?), ref: 004643EE
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0046445E

Strings

####Socket inqueue is out of space!, xrefs: 00464444

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphore$ObjectSingleWaithtons
String ID: ####Socket inqueue is out of space!
API String ID: 4175848404-1006925820
Opcode ID: d04905436f47ca2d8315886e50016f64767c7fe388395023f3500e7f79121ffd
Instruction ID: 622e31ce2f6ac9748c97dc54ee09345de851798f5a1eb73b1f913991f1b650e0
Opcode Fuzzy Hash: d04905436f47ca2d8315886e50016f64767c7fe388395023f3500e7f79121ffd
Instruction Fuzzy Hash: 974199B1A00205EFDF14DF95C885BAFB7B8FF88704F10815AE904AB241E774A944CB96

Function 0043CCA4 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@fSetActive$qqro.Z39UARTASSIST ref: 0043CCED

Part of subcall function 0047893C: @cmSerialCommDriver32@TcmUart@Open$qqrv.Z39UARTASSIST ref: 0047895C

Strings

Device inserted, reconnecting..., xrefs: 0043CDF4
Decice is pulled out!, xrefs: 0043CD02
Device inserted, reconnecting..., xrefs: 0043CE14
Decice is pulled out!, xrefs: 0043CD22

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDriver32@Serial$Active$qqroOpen$qqrvUart@Uart@f
String ID: Decice is pulled out!$Decice is pulled out!$Device inserted, reconnecting...$Device inserted, reconnecting...
API String ID: 3215387241-2498386668
Opcode ID: caba67a923d166a61b9f03a98bb725a6ec6852fcd85a1bc63af0bd1a16e48055
Instruction ID: 2b9d56b1dc0e17620ad19a1bce901e943096626b2a471e6612b5dd5d3a229e8c
Opcode Fuzzy Hash: caba67a923d166a61b9f03a98bb725a6ec6852fcd85a1bc63af0bd1a16e48055
Instruction Fuzzy Hash: 2841F834600245CFD710EB58E8897AABBF1FF59304F449177E4489B3A2CB389D89EB59

Function 00441020 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(00000470), ref: 00441086

Strings

, xrefs: 00441174
Prompt, xrefs: 004410AF
Stopping, xrefs: 00441052
Send fail, no connection available!, xrefs: 004410E1

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Event
String ID: $Prompt$Send fail, no connection available!$Stopping
API String ID: 4201588131-1658881785
Opcode ID: 71d55d606f6de9c7577aeaf8f5ff7c61d4086ce9d47cba96484602fadf831cf3
Instruction ID: 932292e5d020fbec4af81afbbc2d906d842ffe77c08781ad3b114f0142d45229
Opcode Fuzzy Hash: 71d55d606f6de9c7577aeaf8f5ff7c61d4086ce9d47cba96484602fadf831cf3
Instruction Fuzzy Hash: 394137309041898BEB10DB58D8857AEBBF1FB49304F108167C80597772D77849CAEB5E

Function 004B5C78 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

Part of subcall function 004D0E0C: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,?,004B5CD4), ref: 004D0E2B

@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString.Z39UARTASSIST ref: 004B5CE9
@Cdiroutl@TCDirectoryOutline@SetDrive$qqrc.Z39UARTASSIST ref: 004B5DA1
@Cdiroutl@TCDirectoryOutline@WalkTree$qqrrx17System@AnsiString.Z39UARTASSIST ref: 004B5DAE

Strings

, xrefs: 004B5CB9
.ZK, xrefs: 004B5C95, 004B5C98, 004B5CA9, 004B5DD7, 004B5CCC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cdiroutl@DirectoryOutline@$AnsiStringSystem@$Case$qqrrx17Drive$qqrcForceFullNamePathTree$qqrrx17Walk
String ID: $.ZK
API String ID: 960543299-3141183068
Opcode ID: 1e395b3924ea3d4917421b8018c2a85dd4e36019e3da7388396721692346abd4
Instruction ID: 82dacddb252240c779a66c9c947cc06b9f95d8b3152e1e17368592046544c4c9
Opcode Fuzzy Hash: 1e395b3924ea3d4917421b8018c2a85dd4e36019e3da7388396721692346abd4
Instruction Fuzzy Hash: 38411B7490150DABCF00EBA4D585ADEF7BAFF44304F6046A6E804A7252EB389F458BA5

Function 00416EBC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,00417EC8,?,00000000,00000000), ref: 00417009

Strings

UartAssist, xrefs: 00416F35
Sure to cancel the current authorization?, xrefs: 00416EF6
Prompt, xrefs: 00416EE1
.lic, xrefs: 00416F71

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: .lic$Prompt$Sure to cancel the current authorization?$UartAssist
API String ID: 2422867632-2986687754
Opcode ID: 0e5c9f380ce7afdd9cc07e783a7b7f2ca44e3a2eda66f11a1def49f4a4e1f97a
Instruction ID: e1e7f72b27a404d6608555825d5c8aa48e306fa1c33e727c862d6c67ac297b70
Opcode Fuzzy Hash: 0e5c9f380ce7afdd9cc07e783a7b7f2ca44e3a2eda66f11a1def49f4a4e1f97a
Instruction Fuzzy Hash: D0418F74E0010ADBDB00EBA4D8867EEBBF5FF95300F108276E814A7392DB749946CB55

Function 00476814 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 0047684D
CreateWindowExA.USER32(00000000,tooltips_class32,00000000,00000041,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0047686E
SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,00000000,tooltips_class32,00000000,00000041,00000000,00000000,00000000,00000000,00000000), ref: 00476886
SendMessageA.USER32(?,00000404,00000000), ref: 004768CF

Strings

tooltips_class32, xrefs: 00476867

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$CreateHandleMessageModuleSend
String ID: tooltips_class32
API String ID: 1589294261-1918224756
Opcode ID: 56ae58de72e1193a2cd08a62d36a9b80b2b181126bc9ad68f01c71ecc1ea29ef
Instruction ID: 4c17d36248ae7014c4ae3f7e63b0e7fa5d00e582ae69d0eec540ab263086bae6
Opcode Fuzzy Hash: 56ae58de72e1193a2cd08a62d36a9b80b2b181126bc9ad68f01c71ecc1ea29ef
Instruction Fuzzy Hash: D9215A74781202AFE314DF58CC86F5ABBA5FF89705F204159F614AB3C2D7B1AA21CB94

Function 0043B58C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0043B5BE

Part of subcall function 0046B5B8: @TcmAutoUpgrader@ReadConfigValue$qqrpct1pi.Z39UARTASSIST ref: 0046B5EF

@TcmAutoUpgrader@ReadConfigValue$qqrpc.Z39UARTASSIST ref: 0043B62C

Strings

, xrefs: 0043B610
QQNUMBER, xrefs: 0043B5FD
QQGROUP, xrefs: 0043B680

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoConfigReadUpgrader@$Value$qqrpc$Value$qqrpct1pi
String ID: $QQGROUP$QQNUMBER
API String ID: 715816077-2643771206
Opcode ID: 1223e233e603f52b0fd51d350db010927cfd6c0c1d76b5cfd3eb8c904719a924
Instruction ID: 363d099483b20a7475c1a0ffa0b99f8a47d933e1d310da235a12fbda9c4cc888
Opcode Fuzzy Hash: 1223e233e603f52b0fd51d350db010927cfd6c0c1d76b5cfd3eb8c904719a924
Instruction Fuzzy Hash: 3B31607190020AEACF14DF84C486BEEB374FF44304F1491BBE9096B292EB745B09DB96

Function 0046612C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82timeCOMMON

Download Yara Rule

APIs

SetLocalTime.KERNEL32(?), ref: 00466220

Strings

http://free.cmsoft.cn/tools/ntp/?handler=%d, xrefs: 00466150
hello, xrefs: 00466138
stamp, xrefs: 004661DC
time, xrefs: 00466195

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: LocalTime
String ID: hello$http://free.cmsoft.cn/tools/ntp/?handler=%d$stamp$time
API String ID: 481472006-1147298834
Opcode ID: db4cd798a69074aa32786ea2794c70a3a86d955a285ce8b421197f124974dca2
Instruction ID: 2d5482be50e4afb3f690d0a3a0ea8fcc2a5d76ebc650ece19942f64135c3ae09
Opcode Fuzzy Hash: db4cd798a69074aa32786ea2794c70a3a86d955a285ce8b421197f124974dca2
Instruction Fuzzy Hash: 3E210B71D002086ACB10F7649C46BED7B78EB54314F4045EAF948F2185FEB49B94CB5A

Function 004711B8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

SetupDiGetClassDevsA.SETUPAPI(0059B0AC,00000000,00000000,00000002), ref: 004711D5
SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,0000000C,00000000,?,00000104,00000000), ref: 00471213
SetupDiEnumDeviceInfo.SETUPAPI(00000000,00000000,?), ref: 00471251
SetupDiDestroyDeviceInfoList.SETUPAPI(00000000), ref: 0047125B

Strings

(COM, xrefs: 00471218

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Setup$Device$Info$ClassDestroyDevsEnumListPropertyRegistry
String ID: (COM
API String ID: 3478351294-1234306483
Opcode ID: fced2286acd962d13296cb29170b2e60fcf968954b1b3e90872d9b217508a649
Instruction ID: 16d38632641f22bb4524d023c90b9cc2007cb9717a572fdbf009734542c2a279
Opcode Fuzzy Hash: fced2286acd962d13296cb29170b2e60fcf968954b1b3e90872d9b217508a649
Instruction Fuzzy Hash: C5113A311483447AE230A6285C46FEF7B8CEBC2710F04855AFDC9AB1C2D6B8594583AA

Function 004E01C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.NTDLL(005E1348), ref: 004E01DA
RtlEnterCriticalSection.NTDLL(005E1348), ref: 004E01ED
LocalAlloc.KERNEL32(00000000,00000FF8,005E1348,00000000,$,?,?,004E0A5E,0420CE44,?,00000000,?,?,004E044D,004E0462,004E05B3), ref: 004E0217
RtlLeaveCriticalSection.NTDLL(005E1348), ref: 004E0274

Strings

$, xrefs: 004E01CA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID: $
API String ID: 730355536-1178188002
Opcode ID: 26209a3eae6947116f3ac313e040f3025e3a82b4b2abc6b79eee337b60cb38d8
Instruction ID: c6a488092afc473c34adfa7e3cc5862c2823c58dd24e9f6f8bc24a498783260d
Opcode Fuzzy Hash: 26209a3eae6947116f3ac313e040f3025e3a82b4b2abc6b79eee337b60cb38d8
Instruction Fuzzy Hash: 8201E530A44BC09ED3196BAA981A7193EC5F79D310F4048BAF0809AA91C6B84C84C71D

Function 00531100 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(00400000,BUTTON,?), ref: 00531119
GetClassInfoA.USER32(00000000,BUTTON,?), ref: 00531129
GetClassInfoA.USER32(00400000,BUTTON,?), ref: 0053113F
GetClassInfoA.USER32(?,BUTTON,?), ref: 00531151

Strings

BUTTON, xrefs: 00531112, 00531126, 00531136, 0053114C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ClassInfo
String ID: BUTTON
API String ID: 3534257612-3405671355
Opcode ID: 2041e0a0581f45601c2105a4f42029f0cbce15bed4eb1613afa54cd577144b44
Instruction ID: 81551e60a015202c45d97ca164d621db136ed0ab4a14fddf6233409a62974457
Opcode Fuzzy Hash: 2041e0a0581f45601c2105a4f42029f0cbce15bed4eb1613afa54cd577144b44
Instruction Fuzzy Hash: D801FFB26155166BAB10DFA9CD84EE27FECEF49310B110162FE04CB215E360EC00CBA4

Function 0047C008 Relevance: 7.8, APIs: 5, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9fcb138427c1c51c6db5a29f3accbecc62710ab0089ef68804b1d3d98f69238
Instruction ID: 101d7abc9537f5ac47e095e01ff9720089535a202181295d77f2db03766750a4
Opcode Fuzzy Hash: c9fcb138427c1c51c6db5a29f3accbecc62710ab0089ef68804b1d3d98f69238
Instruction Fuzzy Hash: 06B19B6140E3C05FD7139B7099A1AA57FB1AF53314F1E81EFD488CB1A3C2298C09D76A

Function 00476270 Relevance: 7.8, APIs: 5, Instructions: 280windowCOMMON

Download Yara Rule

APIs

StretchBlt.GDI32(00000000,00000000,?,?,00000000,?,00000000,?,?,00000010,00CC0020), ref: 004763E4
StretchBlt.GDI32(00000000,?,?,?,00000000,?,?,?,?,00000010,00CC0020), ref: 0047640D
StretchBlt.GDI32(00000000,?,00000000,?,?,?,?,00000000,00000004,?,00CC0020), ref: 00476436
StretchBlt.GDI32(00000000,?,?,?,?,?,?,?,00000010,?,00CC0020), ref: 00476466
@TcmForm@DrawTitle$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,00000007,00000000,?,?,?,?,?,?,?,00000010,?,00CC0020,00000000,?,00000000), ref: 004764C5

Part of subcall function 0050A9AC: FillRect.USER32(?,?,00000000), ref: 0050A9D4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Stretch$AnsiCanvasii17DrawFillForm@Graphics@RectStringSystem@Title$qqrp16
String ID:
API String ID: 200441658-0
Opcode ID: 335e8e4a44e1f181b59941618d07b580cf7aee55ca86476f899e0d7bcec6173d
Instruction ID: c23e08ce1400c17b176fa214e6efc260044468486bfd002be88f5e10c5d985a9
Opcode Fuzzy Hash: 335e8e4a44e1f181b59941618d07b580cf7aee55ca86476f899e0d7bcec6173d
Instruction Fuzzy Hash: BBB10B71A10118EFDB04DF98D885FEEBBB9FF89700F148159F905AB295DA74AC01CBA0

Function 0043950C Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Ellipse.GDI32(?,?,?,?,?), ref: 00439567

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Ellipse
String ID:
API String ID: 2210316278-0
Opcode ID: 7e48539de5f06cdb10eb256657d1ad7582fc261d26b0d171ed7d7cb69c19a60a
Instruction ID: 28c41e3f7c7bd34db676da15886fd139cbc12b64de23727633e8fd7b04843f63
Opcode Fuzzy Hash: 7e48539de5f06cdb10eb256657d1ad7582fc261d26b0d171ed7d7cb69c19a60a
Instruction Fuzzy Hash: 2C81E775A00219AFCB51DFA9C885ADEBBF4BF48300F044596E948EB355D634AE80CB54

Function 00409398 Relevance: 7.6, APIs: 5, Instructions: 129timewindowkeyboardCOMMON

Download Yara Rule

APIs

SetTimer.USER32(00000000,0000000C,000001F4,00000000), ref: 00409438
SendMessageA.USER32(00000000,00001015,00000000,00000000), ref: 00409475
SendMessageA.USER32(00000000,00001015,00000000,00000000), ref: 00409503
GetAsyncKeyState.USER32(00000001), ref: 0040953A
KillTimer.USER32(00000000,0000000C,?,?,?,?,0049A357), ref: 0040954E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSendTimer$AsyncKillState
String ID:
API String ID: 3141268707-0
Opcode ID: 6671076f9106cb8c4e4f5579ea95dadca100229d8dded0c622fc2cfbeb58f8f1
Instruction ID: fb77f2f3d6b047f2611e9e3de70d2ac7463ff4707b8a139c321d470586086479
Opcode Fuzzy Hash: 6671076f9106cb8c4e4f5579ea95dadca100229d8dded0c622fc2cfbeb58f8f1
Instruction Fuzzy Hash: B0419731300602BFD21AEA35CC89BAAF75DBBC1740F144626F469E72C2CB79BD51C656

Function 004C8F14 Relevance: 7.6, APIs: 5, Instructions: 89threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 004C8F1D
GetCurrentThreadId.KERNEL32 ref: 004C8F2C
RtlEnterCriticalSection.NTDLL(005E0A68), ref: 004C8F67
SetEvent.KERNEL32(?,?,005E0A68,?,?,00000000), ref: 004C8FFB
RtlLeaveCriticalSection.NTDLL(005E0A68), ref: 004C9024

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CriticalCurrentSectionThread$EnterEventLeave
String ID:
API String ID: 130076905-0
Opcode ID: 7a2daf1d3c05c77ae41d8cf5daa1270b32c63d7356933173182246ca9d323baf
Instruction ID: 2fea30af2fcc91b9b64a6b509dd9eb07bfc6ccb9340704086cce33c19d1b059a
Opcode Fuzzy Hash: 7a2daf1d3c05c77ae41d8cf5daa1270b32c63d7356933173182246ca9d323baf
Instruction Fuzzy Hash: AF315238604284AFD750CB6AEC49F6A7BF9FB59304F1140AFF400872A1CB799C44DB24

Function 0051D5E0 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 0051D603
SendMessageA.USER32(00000000,-0000BBEE,023C2008,?), ref: 0051D657
GetWindowLongA.USER32(00000000,000000FA), ref: 0051D667
SendMessageA.USER32(00000000,-0000BBEE,023C2008,?), ref: 0051D686

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend$CaptureLongWindow
String ID:
API String ID: 1158686931-0
Opcode ID: 2fbda3e493915d73ef9cae3a2d01f476a2eee53302915c99f03438d0bfcd3a1a
Instruction ID: b42c62c19e00e6fe2485013c4c955ebea3a61783b618ee0ee43a6092f49c7456
Opcode Fuzzy Hash: 2fbda3e493915d73ef9cae3a2d01f476a2eee53302915c99f03438d0bfcd3a1a
Instruction Fuzzy Hash: E111607120420AAFE770FA588D84FA77BECBB54310B204528FD9DC7642EA55FC908B70

Function 0047E5F0 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047E5FA

Part of subcall function 0047DD14: WaitForSingleObject.KERNEL32(?,00000000,?,?,0047FB39), ref: 0047DD2F

GetTickCount.KERNEL32 ref: 0047E602
closesocket.WS2_32(?), ref: 0047E64C
@TcmSocket@ComboBox_ClientRemove$qqrpv.Z39UARTASSIST(?), ref: 0047E655
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047E6AC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@$Box_ClientClient$qqrvComboCountLockMultiObjectReleaseRemove$qqrpvSemaphoreSingleTickWaitclosesocket
String ID:
API String ID: 4133281827-0
Opcode ID: c1091bfeebedbfc2dd65556f15ba28f11393a03f513de700561d58b4ae140458
Instruction ID: dbd308c2cd38c60395c1708d37725a5b7296569556ea5b3c56dfc339b32b28ba
Opcode Fuzzy Hash: c1091bfeebedbfc2dd65556f15ba28f11393a03f513de700561d58b4ae140458
Instruction Fuzzy Hash: 24214830604601AFC714DF29C5C4AAABBE5BF88314F54CA4EE89D87396CB34E851CB96

Function 00553330 Relevance: 7.5, APIs: 5, Instructions: 46COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,00000001), ref: 0055333C
GetTextMetricsA.GDI32(?,?), ref: 0055335A

Part of subcall function 00509A94: CreateFontIndirectA.GDI32(?), ref: 00509BD2

SelectObject.GDI32(?,00000000), ref: 0055336F
GetTextMetricsA.GDI32(?,?), ref: 0055337E
SelectObject.GDI32(?,00000000), ref: 00553388

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MetricsObjectSelectText$A570CreateFontIndirect
String ID:
API String ID: 977181872-0
Opcode ID: e1ed9a80d93eed0c969271a6ec7a5c050c860fc76be295bc4be1f3f0ce2e1a59
Instruction ID: edfc4ccb8a69d465fbc7a7220e292f41050a46c0c6f3e48bd5fef73a32d27437
Opcode Fuzzy Hash: e1ed9a80d93eed0c969271a6ec7a5c050c860fc76be295bc4be1f3f0ce2e1a59
Instruction Fuzzy Hash: 8B01EC75A04209BFDB50EBE8CC56E9EBBFCFB88700F410461B604E7652D6359E40CB60

Function 0051C27C Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON

Download Yara Rule

APIs

UnhookWindowsHookEx.USER32(00000000), ref: 0051C28B
SetEvent.KERNEL32(00000000,0051E60E,00000000,0051D6C3,?,?,023C2008,00000001,0051D783,?,?,?,023C2008), ref: 0051C2A6
GetCurrentThreadId.KERNEL32 ref: 0051C2AB
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0051E60E,00000000,0051D6C3,?,?,023C2008,00000001,0051D783,?,?,?,023C2008), ref: 0051C2C0
CloseHandle.KERNEL32(00000000,00000000,0051E60E,00000000,0051D6C3,?,?,023C2008,00000001,0051D783,?,?,?,023C2008), ref: 0051C2CB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
String ID:
API String ID: 2429646606-0
Opcode ID: f179b91a15291018a55f74530d2574b68a0ec0009ffb1a7959b0df81d2013f9f
Instruction ID: 666d551f4f1c69471a6e2ee5112e76f92ef4feef2a34f5757a7484cfb100368f
Opcode Fuzzy Hash: f179b91a15291018a55f74530d2574b68a0ec0009ffb1a7959b0df81d2013f9f
Instruction Fuzzy Hash: F1F01C795006C49BD718EBF8ECCDA593BECB3A4310F000916B0D2CB1A1E7349488EF58

Function 00408B38 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 299windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,0056CCAC,Prompt,00000030), ref: 00408ED3

Strings

Not found ", xrefs: 00408DD2
Prompt, xrefs: 00408EBA, 00408EBF
8, xrefs: 00408EA2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message
String ID: 8$Not found "$Prompt
API String ID: 2030045667-3750173787
Opcode ID: cc41ebea14d8a8fd2436d958263ecffbb257b69cc9a48b413c6de4b0e1b67f4d
Instruction ID: fbe673ffa27f264325c805ba8cbec6d40b533d4a7b86a76c76d87f00f59d5898
Opcode Fuzzy Hash: cc41ebea14d8a8fd2436d958263ecffbb257b69cc9a48b413c6de4b0e1b67f4d
Instruction Fuzzy Hash: CCC1CF30D11259DBDB00EBA4C949BEEBBB5FF80304F14403AE845BB386DB785909CBA5

Function 0044B0AC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 216windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0052D308: KiUserCallbackDispatcher.NTDLL(?,?,0056BEC0,?,00406375), ref: 0052D31B

LoadBitmapA.USER32(?,00000000), ref: 0044B1A9
@TcmButton@$bctr$qqrp18Classes@TComponent.Z39UARTASSIST ref: 0044B316
@TcmButton@SetCheckStyle$qqr31Cmcheckbutton@TCheckButtonStyle.Z39UARTASSIST ref: 0044B379

Strings

{W, xrefs: 0044B0CD

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Check$BitmapButtonButton@Button@$bctr$qqrp18CallbackClasses@Cmcheckbutton@ComponentDispatcherLoadStyleStyle$qqr31User
String ID: {W
API String ID: 2182213814-3406969006
Opcode ID: be3b7c99bb3deee29ff2a85a88a68eaa1a7374d2c5de4cfd163c8fbea89e29f6
Instruction ID: 86603e6bc2ad54374662a07fbbcec369bd3d67ed27027a40c0a23e8e66c67c3c
Opcode Fuzzy Hash: be3b7c99bb3deee29ff2a85a88a68eaa1a7374d2c5de4cfd163c8fbea89e29f6
Instruction Fuzzy Hash: 21A129B4A002158BDB14DF68C885BDDBBF5BF89304F1481B9E908AF396CB716946CF54

Function 004B6370 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 210COMMON

Download Yara Rule

APIs

@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString.Z39UARTASSIST ref: 004B639F
@Cdiroutl@TCDirectoryOutline@GetChildNamed$qqrrx17System@AnsiStringl.Z39UARTASSIST ref: 004B65E2

Strings

P, xrefs: 004B6600
2YK, xrefs: 004B638C, 004B63CA, 004B64C5, 004B6639, 004B64F5, 004B659D, 004B65C1, 004B661A, 004B6657, 004B6529, 004B6563, 004B6578, 004B6583, 004B63F9, 004B6418, 004B646F, 004B6488, 004B6493, 004B6443, 004B64C8, 004B661D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AnsiCdiroutl@DirectoryOutline@System@$Case$qqrrx17ChildForceNamed$qqrrx17StringStringl
String ID: 2YK$P
API String ID: 4150159167-1300926112
Opcode ID: ddfa1173472c85c88bf97717f7170fd2c70b2bf1d72932ab3dcd89dc314c6531
Instruction ID: 20ac78225ca8af3607c881d72cdb353a3eaf9c09d12e47862b68c9ed1c57b630
Opcode Fuzzy Hash: ddfa1173472c85c88bf97717f7170fd2c70b2bf1d72932ab3dcd89dc314c6531
Instruction Fuzzy Hash: 8C91F870D1011EDBCF04EFD0D88AAEDB7B9FF94304F10816AE41567266EB349A0A9F95

Function 004A06B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@fGetFCtrl$qqrv.Z39UARTASSIST(0056B57C), ref: 004A0870
@cmSerialCommDriver32@TcmUart@fSetFCtrl$qqr12TFlowControl.Z39UARTASSIST(0056B57C), ref: 004A087F
@cmSerialCommDriver32@TcmUart@SetSyncRequesting$qqro.Z39UARTASSIST(0056B57C), ref: 004A088B

Part of subcall function 00478E60: @cmSerialCommDriver32@TcmUart@UpdateCommTimeouts$qqrv.Z39UARTASSIST ref: 00478E8C
Part of subcall function 00478E60: ResetEvent.KERNEL32(?), ref: 00478E9D
Part of subcall function 00478E60: SetEvent.KERNEL32(?,?), ref: 00478EA8
Part of subcall function 00478E60: @cmSerialCommDriver32@TcmUart@LaunchThreads$qqro.Z39UARTASSIST(?,?), ref: 00478EB2
Part of subcall function 00478E60: ResetEvent.KERNEL32(?,?,?), ref: 00478EBD
Part of subcall function 00478E60: SetEvent.KERNEL32(?,?,?,?), ref: 00478EC8

Strings

, xrefs: 004A083B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Comm$Driver32@Serial$Event$Uart@$ResetUart@f$ControlCtrl$qqr12Ctrl$qqrvFlowLaunchRequesting$qqroSyncThreads$qqroTimeouts$qqrvUpdate
String ID:
API String ID: 4068052791-3916222277
Opcode ID: 8f7557ddc93e463a3baec4ff91b62a33f5dcdd64c97c37b514575ed948d65acf
Instruction ID: 6675fbb37fc36f19055d8fdda6bdffcd842d79d6b2d4a514d368c91f54f906f0
Opcode Fuzzy Hash: 8f7557ddc93e463a3baec4ff91b62a33f5dcdd64c97c37b514575ed948d65acf
Instruction Fuzzy Hash: 2661E130A00605DFDB20EF64C886BABB7B5FF95300F14852FD405A7291E738AE49CB98

Function 0043D520 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190sleepCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(00000470), ref: 0043D79C
SetEvent.KERNEL32(0000046C,00000470), ref: 0043D7A7
Sleep.KERNEL32(0000000A,0000046C,00000470), ref: 0043D7BD

Strings

,, xrefs: 0043D734

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Event$ResetSleep
String ID: ,
API String ID: 3112119646-3772416878
Opcode ID: 1f407684834f92ae06bbc30182aac652ea4d9b9be6d26a1a13bfa38985206ded
Instruction ID: a5b43e556af5ac6c23679ffaae875bc3af26da534ba9ac76ce26bc459559b34e
Opcode Fuzzy Hash: 1f407684834f92ae06bbc30182aac652ea4d9b9be6d26a1a13bfa38985206ded
Instruction Fuzzy Hash: 3181133090024ACFDB10DB64E889BEDB7F1BB49304F1051ABD405972A2CB786D49EB59

Function 00440E5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@fGetFCtrl$qqrv.Z39UARTASSIST(00570DB0), ref: 00440F00
@cmSerialCommDriver32@TcmUart@fSetFCtrl$qqr12TFlowControl.Z39UARTASSIST ref: 00440F20

Strings

Stop, xrefs: 00440FE3
Send, xrefs: 00440F9E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommDriver32@SerialUart@f$ControlCtrl$qqr12Ctrl$qqrvFlow
String ID: Send$Stop
API String ID: 2251837308-1901089382
Opcode ID: 1a4a7c8e8dc2223c82083914f6cda7ca6afc42fc4631dd25f8561f01fd600748
Instruction ID: 632d8d1514f2556a7058b52650d51d2d48226e40a413b25e291a1cbc51291555
Opcode Fuzzy Hash: 1a4a7c8e8dc2223c82083914f6cda7ca6afc42fc4631dd25f8561f01fd600748
Instruction Fuzzy Hash: ED512E34700600CFD324EB28C49869AB7F6FF89305F20847AE95A8B365DF75AD4ADB45

Function 0047FC64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047FC7D

Part of subcall function 0047DD14: WaitForSingleObject.KERNEL32(?,00000000,?,?,0047FB39), ref: 0047DD2F

closesocket.WS2_32(?), ref: 0047FCA6
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047FDB2

Strings

ALL CLIENTS (, xrefs: 0047FD0D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Client$qqrvLockMultiObjectReleaseSemaphoreSingleSocket@Waitclosesocket
String ID: ALL CLIENTS (
API String ID: 438266427-2699958977
Opcode ID: e641f9b2283dad040fadbd41565efca9ba9c98ba6d0c613bbe023ebacb575cbe
Instruction ID: dd7a55ed21580c460b0dde29648422e70858e53512183f709b74d81d95d60e8e
Opcode Fuzzy Hash: e641f9b2283dad040fadbd41565efca9ba9c98ba6d0c613bbe023ebacb575cbe
Instruction Fuzzy Hash: 45413070A0020ADFCB04DF94D485AEEFBF5FF88310F1485AAE905AB356DB74A945CB90

Function 00510484 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113windowCOMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,00000000), ref: 00510541
CreateHalftonePalette.GDI32(00000000,00000000,00000000), ref: 0051054E
DeleteObject.GDI32(00000000), ref: 005105CB

Strings

(, xrefs: 005104F7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: A570CreateDeleteHalftoneObjectPalette
String ID: (
API String ID: 1897567740-3887548279
Opcode ID: 399dcb8f9d9f9bfcec604902cc81e515505ca486c8ed43fb71865d6c49cdf446
Instruction ID: 35db6e8162a96f8599c9db9fe3b61917fcf30161d8594504f18f4358b9b05e00
Opcode Fuzzy Hash: 399dcb8f9d9f9bfcec604902cc81e515505ca486c8ed43fb71865d6c49cdf446
Instruction Fuzzy Hash: B841AF30A042099FEB14DFA8C489BDEBBF6FF49304F1140A6E404A7391D6B49E85DB81

Function 004D4AB4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,004D4C6F,?,?,?,?,004D4CD9,?,00000000,004D4D3B), ref: 004D4B1F
GetModuleFileNameA.KERNEL32(?,?,00000105,?,?,0000001C,00000000,004D4C6F,?,?,?,?,004D4CD9), ref: 004D4B41

Part of subcall function 004E4E74: LoadStringA.USER32(00000000,00010000,?,00000400), ref: 004E4EA5

Strings

HkM, xrefs: 004D4BC4
HjM, xrefs: 004D4C20

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: HjM$HkM
API String ID: 902310565-1010384884
Opcode ID: e090ac6acd870e42b4176be7696239925b1aa1c29542c111288f5cae10dbac99
Instruction ID: 4d7515481cd73b8e8530e1d52da412e432866f8bfa424b235571ac060c538d1a
Opcode Fuzzy Hash: e090ac6acd870e42b4176be7696239925b1aa1c29542c111288f5cae10dbac99
Instruction Fuzzy Hash: 8D410330900658CFDB60DF69CC85BCAB7B9AB99304F4040E6E408EB351D778AE88CF55

Function 004414AC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004D2760: GetLocalTime.KERNEL32(?), ref: 004D2768

PostMessageA.USER32(00000000,000000B7,00000000,00000000), ref: 00441604

Strings

[%s]# %s, xrefs: 00441521
yyyy-MM-dd HH:mm:ss.ZZZ, xrefs: 004414E5
, xrefs: 004414DF

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: LocalMessagePostTime
String ID: [%s]# %s$ $yyyy-MM-dd HH:mm:ss.ZZZ
API String ID: 1062205982-445605845
Opcode ID: 2dfb7189e8253b7e29f9b6d94c293024815588746ce223d9ff1a3ea70388379b
Instruction ID: 06ad535751817f11faf6030207d1078d960bb4eed623084a198a1ecd4bd34581
Opcode Fuzzy Hash: 2dfb7189e8253b7e29f9b6d94c293024815588746ce223d9ff1a3ea70388379b
Instruction Fuzzy Hash: 76413970A002459FE700EF58D88A7AE7BF0FB81304F14426BE4469B3E2DBB46D89DB55

Function 00498B50 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON

Download Yara Rule

APIs

UnregisterHotKey.USER32(00000000,?,?,?,00000021), ref: 00498C54

Strings

Sure to delete selected %d records?, xrefs: 00498B94
Prompt, xrefs: 00498BB7
, xrefs: 00498C42

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Unregister
String ID: $Prompt$Sure to delete selected %d records?
API String ID: 315482161-3851864719
Opcode ID: c8ec6c9c95d2babf95bb5d598f193d9921496e5fb571da3f135fa2f007be5bc2
Instruction ID: afbecf13f11fc66b68da1a91d19e3b0a8606c9de30bfd8f94dd9eb6b8c360478
Opcode Fuzzy Hash: c8ec6c9c95d2babf95bb5d598f193d9921496e5fb571da3f135fa2f007be5bc2
Instruction Fuzzy Hash: AA31A670A003499BDB10EB68C889B9E7FB8BF89304F04417AED05AB352DF759909C799

Function 00498A44 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON

Download Yara Rule

APIs

UnregisterHotKey.USER32(00000000,?,00000021), ref: 00498AE3

Strings

Prompt, xrefs: 00498A9E
@, xrefs: 00498AF1
Sure to delete all data records?, xrefs: 00498A87

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Unregister
String ID: @$Prompt$Sure to delete all data records?
API String ID: 315482161-4029161809
Opcode ID: 0ed3df33b60b0c6bfb207ddcbf882f1d89525b85a1b5fa6129abde8ce8014870
Instruction ID: 7de1e6a0ecf085a759125f01d7199f37578a594ceba8b359344f70f837951a47
Opcode Fuzzy Hash: 0ed3df33b60b0c6bfb207ddcbf882f1d89525b85a1b5fa6129abde8ce8014870
Instruction Fuzzy Hash: BD317070A002499FCB11EB68D4897AEBBF5FB85304F14417AE805AB356CB74AC45CB95

Function 00416860 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(?,00000000,0056F12B,00000000,00000000,00000001), ref: 00416941

Strings

donate/, xrefs: 0041687A
#rank, xrefs: 004168B3
http://www.cmsoft.cn/assistcenter/, xrefs: 0041688E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: #rank$donate/$http://www.cmsoft.cn/assistcenter/
API String ID: 587946157-3503382147
Opcode ID: 1492f719771eed29bc30da4f97fc570c2e1abd712414a534bf3826370e35e362
Instruction ID: 5203e865ec4c6ff0edcb9a1f7e4e4437d70394f694ca3cbe135837f04e2d8181
Opcode Fuzzy Hash: 1492f719771eed29bc30da4f97fc570c2e1abd712414a534bf3826370e35e362
Instruction Fuzzy Hash: F7311E7090010ADBCF44EF90D496BAFB7B9FF84300F5085A6D8056B29AEB74DA16DB51

Function 0050C1E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0050C098: GetObjectA.GDI32(?,00000054), ref: 0050C0AC

GetDIBits.GDI32(00000000,?,00000000,?,00000000,?,00000000), ref: 0050C24E
DeleteDC.GDI32(00000000), ref: 0050C27F

Strings

jQ, xrefs: 0050C1F9
jQ, xrefs: 0050C1EE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitsDeleteObject
String ID: jQ$jQ
API String ID: 2773124069-37713549
Opcode ID: 82277707a5818bf8820355d60e2ad23afa582fe5a75172bd4fea466bc860fa74
Instruction ID: 81c7bebceab84668a52a1472cd72717b67203414187718c3f8e44f51c944fa90
Opcode Fuzzy Hash: 82277707a5818bf8820355d60e2ad23afa582fe5a75172bd4fea466bc860fa74
Instruction Fuzzy Hash: C4113A79A04205BBDB10DBE98C95F9EBFFCFB8A710F508564B914E7281E6749D008760

Function 0047F9B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

send.WS2_32(000000FF,00000000,00000000,00000000), ref: 0047F9F4
WSAGetLastError.WS2_32(000000FF,00000000,00000000,00000000), ref: 0047FA0E
@TcmSocket@ErrorCheck$qqripc.Z39UARTASSIST(000000FF,00000000,00000000,00000000), ref: 0047FA2D

Strings

send to() failed, xrefs: 0047FA24

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Error$Check$qqripcLastSocket@send
String ID: send to() failed
API String ID: 1990143658-2875333197
Opcode ID: e87ee806363ec887404083b0d930094a2ab2d31e2980035caa25a24a4ee4c290
Instruction ID: 2e82f9d36d8dfb0dbef06b09d3f618343e3def94093aee179951460a8c6c2089
Opcode Fuzzy Hash: e87ee806363ec887404083b0d930094a2ab2d31e2980035caa25a24a4ee4c290
Instruction Fuzzy Hash: F1113DB2A08205BBDB20957C5C427DF76A49F84320F20C63BE52DD73C1E538CC498399

Function 004F9A64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoA.USER32(00000000,00000000,000000FF), ref: 004F9AB2
SetMenuItemInfoA.USER32(00000000,00000000,000000FF), ref: 004F9B04
DrawMenuBar.USER32(00000000), ref: 004F9B11

Strings

P, xrefs: 004F9AA4

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Menu$InfoItem$Draw
String ID: P
API String ID: 3227129158-3110715001
Opcode ID: 02bc53f4d9a835b7ce47c4f89d8d92cfa4105f5195c97d8a0b2c3646e5cf90df
Instruction ID: bbee3f3d05b156ea0973354d1afc72708aa06cd5b63150ec5d3b1f52d9517aa5
Opcode Fuzzy Hash: 02bc53f4d9a835b7ce47c4f89d8d92cfa4105f5195c97d8a0b2c3646e5cf90df
Instruction Fuzzy Hash: D611CE30605205AFD310DF29CC85BAB7AD8AF84364F148629F194CB3D9E739DC84C78A

Function 0045EE80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(000000FF,?,00000000,00000001), ref: 0045EEBB
WriteFile.KERNEL32(000000FF,00000000,?,0000001F,00000000,000000FF,?,00000000,00000001), ref: 0045EEDB
WriteFile.KERNEL32(000000FF,</Table></Worksheet></Workbook>,?,?,00000000,000000FF,00000000,?,0000001F,00000000,000000FF,?,00000000,00000001), ref: 0045EEF5

Strings

</Table></Worksheet></Workbook>, xrefs: 0045EEEC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$Write$Pointer
String ID: </Table></Worksheet></Workbook>
API String ID: 2567243663-1160089620
Opcode ID: f0c6b5104a592aee5c27be8499ef420236fc0e39e41b3245c966ceb65db14a93
Instruction ID: 4a6d8c471680469aea077da98c48d92e3a38e87ebc541f84c02de2afc7d91c7d
Opcode Fuzzy Hash: f0c6b5104a592aee5c27be8499ef420236fc0e39e41b3245c966ceb65db14a93
Instruction Fuzzy Hash: 1E0121722082007FD718DE58D886FAB77ECAB88724F10464DF6598B2C6DB74DC51C7A6

Function 0043B7F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

FindWindowA.USER32(UartAssist,00000000), ref: 0043B822
SendMessageA.USER32(00000000,0000004A,00000065), ref: 0043B83C
FindWindowExA.USER32(00000000,00000000,UartAssist,00000000), ref: 0043B84B

Strings

UartAssist, xrefs: 0043B81D, 0043B843

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FindWindow$MessageSend
String ID: UartAssist
API String ID: 1134572027-377352531
Opcode ID: 2c45f2c88e6d0a3aeec7cd6c050d98195e0ecd3628429e1ee2867c086a50a6b1
Instruction ID: 3795a7854f3168cf9f48d69e552b5519762f929662dad3af88264303c89c70c1
Opcode Fuzzy Hash: 2c45f2c88e6d0a3aeec7cd6c050d98195e0ecd3628429e1ee2867c086a50a6b1
Instruction Fuzzy Hash: 70F068A1B407167BE620A6585CD2F577A8CEBD8B50F05C12AB74CAB291E6B48C4446D2

Function 00465ACC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(?,?,000000FF,?,000000FF), ref: 00465AF9
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00465B09
WaitForSingleObject.KERNEL32(?,000000FF,?,000000FF), ref: 00465B15

Strings

HTTP_AsyncReponseThreadProc terminated, xrefs: 00465B1E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ObjectSingleWait$MutexRelease
String ID: HTTP_AsyncReponseThreadProc terminated
API String ID: 1412826340-452453133
Opcode ID: e72ecb7277c2c0420eb879f49703b3f3c339063e7b5281eb3f706b23a92c0ea8
Instruction ID: 1de62bedaff1f976dcdfb92b6fb20c3c58823b17c115ae6b215447b27d182e3d
Opcode Fuzzy Hash: e72ecb7277c2c0420eb879f49703b3f3c339063e7b5281eb3f706b23a92c0ea8
Instruction Fuzzy Hash: 2AF0F431104606ABCB10EF99CC82A4B3B9CEF40334F200316FC11972C6EB38DC4186AA

Function 00406144 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(?,SPLITTER_HOR), ref: 00406166
SelectObject.GDI32(00000000,00000000), ref: 00406192

Strings

5u~, xrefs: 004061C6
SPLITTER_HOR, xrefs: 00406158

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoadObjectSelect
String ID: 5u~$SPLITTER_HOR
API String ID: 1161856002-3241009401
Opcode ID: a50af7abbbce18c0e1cea9d1b9d22c766fac722c0b740c2cbf39274e1b23370d
Instruction ID: e034203306f86fee64d54faf5908885319fdda7aab2f195bb386152c3e969c1c
Opcode Fuzzy Hash: a50af7abbbce18c0e1cea9d1b9d22c766fac722c0b740c2cbf39274e1b23370d
Instruction Fuzzy Hash: E801C8706043058BDB05EF34C8C9A9A37A9BF89300F5444B9EC089F25ACB35DC428B60

Function 004BB40C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(comctl32.dll,004BB47D,00000100,00541466), ref: 004BB41A
GetProcAddress.KERNEL32(74B30000,InitCommonControlsEx), ref: 004BB438

Strings

InitCommonControlsEx, xrefs: 004BB42D
comctl32.dll, xrefs: 004BB415

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: InitCommonControlsEx$comctl32.dll
API String ID: 1646373207-802336580
Opcode ID: 06c0a340fe8b0394b4f2aeed1cb5738d6ca2e1c9ce4245f7bdb7750ddd835d80
Instruction ID: 6a466c90a47dbdabe89071647987c6a07480990c04ddb27f578638636656558a
Opcode Fuzzy Hash: 06c0a340fe8b0394b4f2aeed1cb5738d6ca2e1c9ce4245f7bdb7750ddd835d80
Instruction Fuzzy Hash: 8FD05E7082138A8AC708ABA8DCDAB893654F360304F00643AA0414FDE2CBFC0488EFA5

Function 0052BA38 Relevance: 6.2, APIs: 4, Instructions: 204COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0052BAAC
GetDesktopWindow.USER32 ref: 0052BBD1
SetCursor.USER32(00000000), ref: 0052BC26

Part of subcall function 00535CFC: ShowCursor.USER32(000000FF,00000000,?,0052BC01), ref: 00535D33

SetCursor.USER32(00000000), ref: 0052BC11

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cursor$DesktopWindow$Show
String ID:
API String ID: 110329033-0
Opcode ID: 5ab7dccce32c5e96be823993803ce5f41c495b52af110c7d5ecefa608e5a61a5
Instruction ID: ef682b9b1a64c8240f7cbedb3fc54f1dae57fe4195e2ec36a470653c7da5b843
Opcode Fuzzy Hash: 5ab7dccce32c5e96be823993803ce5f41c495b52af110c7d5ecefa608e5a61a5
Instruction Fuzzy Hash: BE915C74601A928FD318DF29EAC8EA57BE1BFE5340F048596E4858B3A6D730EC48DF45

Function 0043810C Relevance: 6.2, APIs: 4, Instructions: 171COMMON

Download Yara Rule

APIs

LPtoDP.GDI32(00000000,?,00000006), ref: 0043827D
CreatePolygonRgn.GDI32(?,00000006,00000001), ref: 0043828A
SelectClipRgn.GDI32(00000000,00000000), ref: 00438293
DeleteObject.GDI32(00000000), ref: 00438299

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ClipCreateDeleteObjectPolygonSelect
String ID:
API String ID: 4180103009-0
Opcode ID: fea621ca975dc0c24bc778d4c0615e66ef6b0415e059bd28c1d3015f690021b9
Instruction ID: 76483f7eb5cec81197128b11c4a29a5580514158b8078bdaa42066a7e90ca41d
Opcode Fuzzy Hash: fea621ca975dc0c24bc778d4c0615e66ef6b0415e059bd28c1d3015f690021b9
Instruction Fuzzy Hash: A751E274A00219EFCB00DF99C880DAEF7B9BF48314F04959AF905EB245DB74AD45CBA5

Function 0055AF94 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,?), ref: 0055B050
CreateFileA.KERNEL32(?,?,?,?,00000005,00000000,00000000,?,?,?,?), ref: 0055B108
GetLastError.KERNEL32(?,?,?,?,00000005,00000000,00000000,?,?,?,?), ref: 0055B114
CloseHandle.KERNEL32(00000000), ref: 0055B185

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$AttributesCloseCreateErrorHandleLast
String ID:
API String ID: 2927643983-0
Opcode ID: 3105a6216f009f406618ce75470915a142f57993a4ab6bc289a8cec4e9dfd854
Instruction ID: 23e2b6ff56ce64c19db22e2ce6e06acafafb6fc83cb20b0cb1b7c9cbacf827a5
Opcode Fuzzy Hash: 3105a6216f009f406618ce75470915a142f57993a4ab6bc289a8cec4e9dfd854
Instruction Fuzzy Hash: A25108319046099AFB148E68C8BD7BF7FA4FB45322F248617ED268B1E1D7759A4CC701

Function 0052B4B4 Relevance: 6.1, APIs: 4, Instructions: 139threadCOMMON

Download Yara Rule

APIs

Part of subcall function 0052B8EC: WindowFromPoint.USER32(0052B6DE,005E15E8,00000000,0052B4CE,?,005E15D0,?), ref: 0052B8F2
Part of subcall function 0052B8EC: GetParent.USER32(00000000), ref: 0052B909

GetWindow.USER32(00000000,00000004), ref: 0052B4D6
GetCurrentThreadId.KERNEL32 ref: 0052B5AA
GetWindowRect.USER32(00000000,?), ref: 0052B5C7
IntersectRect.USER32(?,?,?), ref: 0052B635

Part of subcall function 0052AA3C: GlobalFindAtomA.KERNEL32(00000000,?,004FA199,?,004F94D9,?,?,00000000,?,?,004FA8F7,?,?,0046D86B), ref: 0052AA50
Part of subcall function 0052AA3C: GetPropA.USER32(?,00000000), ref: 0052AA67

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$Rect$AtomCurrentFindFromGlobalIntersectParentPointPropThread
String ID:
API String ID: 2329882401-0
Opcode ID: 03102d2d18eb79d63db5e3519a9700fb2cd89315d4ccda794fdb60ca0faa48e2
Instruction ID: 77c8b20dee59aba03d069942c411a174512b7d4880864de4b4e68fed2c776544
Opcode Fuzzy Hash: 03102d2d18eb79d63db5e3519a9700fb2cd89315d4ccda794fdb60ca0faa48e2
Instruction Fuzzy Hash: FF517D31A006159FDB10DF6DE885AAEBBF4BF49350F1441A1E845EB391D730EE41CBA1

Function 004760E8 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON

Download Yara Rule

APIs

StretchBlt.GDI32(00000000,00000001,00000005,00000000), ref: 0047617A
StretchBlt.GDI32(00000000,00000001,00000005,00000000), ref: 004761A8
@TcmForm@DrawTitle$qqrp16Graphics@TCanvasii17System@AnsiString.Z39UARTASSIST(?,00000007,00000000,00000001,00000005,00000000), ref: 00476207
InvalidateRect.USER32(00000000,?,00000000,?,00000007,00000000,00000001,00000005,00000000), ref: 0047625A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Stretch$AnsiCanvasii17DrawForm@Graphics@InvalidateRectStringSystem@Title$qqrp16
String ID:
API String ID: 3304473458-0
Opcode ID: 84147a194aae434d35450a8a7cddc854d488b83068755b48e945d7828d1c2016
Instruction ID: 0672b3ff3c131e1fe94f9545b4c692e1ddd9ae911a11891bb7f72e90aaf2c00e
Opcode Fuzzy Hash: 84147a194aae434d35450a8a7cddc854d488b83068755b48e945d7828d1c2016
Instruction Fuzzy Hash: 5F414574600105AFDB14EF64C889BEEB7B5FF89300F1581A5FD05AF296EA70AD05CB91

Function 004693A4 Relevance: 6.1, APIs: 4, Instructions: 129synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00000000,?), ref: 004693CC

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ObjectSingleWait
String ID:
API String ID: 24740636-0
Opcode ID: 8c01fa20a365fd91b481daf0583a1b2a24497d2bf24da0c2ad4f2a9da78a9d66
Instruction ID: 78434a7f60e96069cfc691fa5bd1997dda18b28f6a496329f72d0a0037ff9266
Opcode Fuzzy Hash: 8c01fa20a365fd91b481daf0583a1b2a24497d2bf24da0c2ad4f2a9da78a9d66
Instruction Fuzzy Hash: C6419335508114ABCB20DE68C884B5A77A9AB45324F248357EC249B3D9EBB8DC46CB97

Function 00438AF8 Relevance: 6.1, APIs: 4, Instructions: 122windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00438814: MulDiv.KERNEL32(?,?), ref: 00438826
Part of subcall function 00438814: MulDiv.KERNEL32(?,?), ref: 0043883B
Part of subcall function 00438814: MulDiv.KERNEL32(?,?), ref: 00438850
Part of subcall function 00438814: SelectObject.GDI32(?,00000000), ref: 00438883
Part of subcall function 00438814: DeleteObject.GDI32(00000000), ref: 00438889
Part of subcall function 00438814: CreateSolidBrush.GDI32(?), ref: 0043888F
Part of subcall function 00438814: SelectObject.GDI32(?,00000000), ref: 0043889C

PatBlt.GDI32(?,?,?,00000001,?,00F00021), ref: 00438B99
PatBlt.GDI32(?,?,?,00000001,?,00F00021), ref: 00438BC2
PatBlt.GDI32(?,?,?,?,00000001,00F00021), ref: 00438BE2
PatBlt.GDI32(?,?,?,?,00000001,00F00021), ref: 00438C0D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object$Select$BrushCreateDeleteSolid
String ID:
API String ID: 1979645813-0
Opcode ID: b4f6753b063e79660941eda1cebf4592c861d626d5f15dde2abe8a4a13cad46c
Instruction ID: 5f06f7094e0d098fc3f0e7bff7ede5fd97fdf4b3f929ac729d491fb85434104c
Opcode Fuzzy Hash: b4f6753b063e79660941eda1cebf4592c861d626d5f15dde2abe8a4a13cad46c
Instruction Fuzzy Hash: D741D572A00219AFCB40DF9CD985E9EBBF8FB5C314B108155F948E7354D630FA819BA4

Function 0047D538 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

@TcmSocket@inet_aton$qqrpxcp6IPDATAi.Z39UARTASSIST ref: 0047D5D4
@TcmSocket@inet_aton$qqrpxcp6IPDATAi.Z39UARTASSIST ref: 0047D62A
@TcmSocket@inet_aton$qqrpxcp6IPDATAi.Z39UARTASSIST ref: 0047D67D
@TcmSocket@inet_aton$qqrpxcp6IPDATAi.Z39UARTASSIST ref: 0047D6CB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@inet_aton$qqrpxcp6
String ID:
API String ID: 2966448890-0
Opcode ID: a5abaf0b0cee950d9d055c4f165267791cc08a49d3a7741e3b6ac501f36f41e0
Instruction ID: 895bea4a984b9c0e0ca4affea8ba22975b9ef2354d361022ef65cd9af8ee5a63
Opcode Fuzzy Hash: a5abaf0b0cee950d9d055c4f165267791cc08a49d3a7741e3b6ac501f36f41e0
Instruction Fuzzy Hash: C4418E70A15605CBE724EA28C851BE333F6AF41304F15896FD08F5B2D1E778AC49CB29

Function 0047765C Relevance: 6.1, APIs: 4, Instructions: 117COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000), ref: 004776CE
SelectObject.GDI32(00000000,00000000), ref: 004776DF
GetTextExtentPoint32A.GDI32(00000000,00585A24,00000000,?), ref: 00477737
SelectObject.GDI32(00000000,00000000), ref: 0047775E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ObjectSelect$A570ExtentPoint32Text
String ID:
API String ID: 1121144139-0
Opcode ID: c81d2e2574e5b9a7e0540c8272e71617294c8844f15392e99f029d5a960cb7e2
Instruction ID: 2584d1eb8023c4080f67b35d5d8789e9e4d30c18873d0d753834cfe75b580a8e
Opcode Fuzzy Hash: c81d2e2574e5b9a7e0540c8272e71617294c8844f15392e99f029d5a960cb7e2
Instruction Fuzzy Hash: 1F416474A005059BCB04EF68C985ADEBBF9FF84301F508176F805A7356DB34AE05CB65

Function 004D799C Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004D7A4B
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004D7A67
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004D7ADE
VariantClear.OLEAUT32(?), ref: 004D7B07

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ArraySafe$Bound$ClearIndexVariant
String ID:
API String ID: 920484758-0
Opcode ID: 0ef4a6cc49254683737619236c9a8fa127eb48bc7ca9553b0f375beda7e1f9c5
Instruction ID: 455ea3e4f15c1c20d204b917400f787c647d52bde383c5977b93e5374d231ff1
Opcode Fuzzy Hash: 0ef4a6cc49254683737619236c9a8fa127eb48bc7ca9553b0f375beda7e1f9c5
Instruction Fuzzy Hash: 24412075A042199FCB61DB59CCA1BD9B3BCAF48314F0041DBE649A7312EA34AF808F65

Function 00487190 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

@Cmbitmap@TcmBitmap@InitHeader$qqrv.Z39UARTASSIST ref: 004871E5
73A1A570.USER32(00000000,00000000,-000000D0,00000000,-00000050,00000000,00000000), ref: 00487225
GetDIBits.GDI32(00000000,00000000), ref: 0048724E
GetDIBColorTable.GDI32(00000000,00000000,00000100,-000000EC), ref: 00487286

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: A570Bitmap@BitsCmbitmap@ColorHeader$qqrvInitTable
String ID:
API String ID: 1027656077-0
Opcode ID: 4f0e5ef4bdfbbbcc24abcfd566cd9294d80f4cd0fe2ae3c3eaa52fe0dbfbceb8
Instruction ID: 7e4ec7604928feae8b7d896abc5f669fad96d92a66e801dd5c5927a89275cb1b
Opcode Fuzzy Hash: 4f0e5ef4bdfbbbcc24abcfd566cd9294d80f4cd0fe2ae3c3eaa52fe0dbfbceb8
Instruction Fuzzy Hash: 1F310975600205AFE360EF58C885F9ABBE8FF49310F2045A9F684DB391DA35ED40CB90

Function 004B98D8 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

@TPerformanceGraph@GetBandCount$qqrv.Z39UARTASSIST ref: 004B98E7
@TPerformanceGraph@FirstY$qqrv.Z39UARTASSIST ref: 004B9930
@TPerformanceGraph@NextY$qqri.Z39UARTASSIST ref: 004B9953
@TPerformanceGraph@NextY$qqri.Z39UARTASSIST ref: 004B99B0

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Graph@Performance$NextY$qqri$BandCount$qqrvFirstY$qqrv
String ID:
API String ID: 2038855866-0
Opcode ID: 3e1b6862dff1a87592e9e61b619af7ebf0693d3cd9f9cfa16a3f289f63fee4af
Instruction ID: 9acd35ab9a03528c51b6ec9c52fc36728ee07693eed582cd9f9c48915e063a4d
Opcode Fuzzy Hash: 3e1b6862dff1a87592e9e61b619af7ebf0693d3cd9f9cfa16a3f289f63fee4af
Instruction Fuzzy Hash: 6D41E8B5E0010ADFCB44CF98C5819EEB7B1FB88314F2482AAD915A7385D7306F41CBA4

Function 00487D2C Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

@Cmbitmap@CMGetColor$qqr15Graphics@TColor.Z39UARTASSIST(?), ref: 00487D52
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 00487DE1
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 00487DF5
@Cmbitmap@CMIntToByte$qqri.Z39UARTASSIST ref: 00487E0A

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Cmbitmap@$Byte$qqri$ColorColor$qqr15Graphics@
String ID:
API String ID: 3698210595-0
Opcode ID: 5ebbab88b8abc909695151e112ffc69a8b8d0776b40a902ddab687e95baef062
Instruction ID: 819eee2e428278f70b11a4b332e11f0ad66aa51a3df9249c54d066a71672e121
Opcode Fuzzy Hash: 5ebbab88b8abc909695151e112ffc69a8b8d0776b40a902ddab687e95baef062
Instruction Fuzzy Hash: B931AE31A0818A9FCB11EF68C4906AEFBB5FF06304F1985D6C498EB306D730D945CB94

Function 00487334 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

@Cmbitmap@TcmBitmap@InitHeader$qqrv.Z39UARTASSIST ref: 00487363
73A1A570.USER32(00000000), ref: 0048737F
GetDIBits.GDI32(00000000,00000000,00000000,?,?,?,00000000), ref: 004873D1
DeleteObject.GDI32(00000000), ref: 004873D7

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: A570Bitmap@BitsCmbitmap@DeleteHeader$qqrvInitObject
String ID:
API String ID: 2007105792-0
Opcode ID: 5f977f2e559d8382e34d9688c920ffa74d67ac3ccc33e7c15bc5098d3cc28603
Instruction ID: 0b880162bc6552fb08556c7c3a20ccdcc8bf916f75a67c7c14d6b99105d9efcd
Opcode Fuzzy Hash: 5f977f2e559d8382e34d9688c920ffa74d67ac3ccc33e7c15bc5098d3cc28603
Instruction Fuzzy Hash: D3211A72244205AFEB50DE59CC85FAA7BACFB89710F140075FE08DF286DA70AD05CBA5

Function 0047FB24 Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

APIs

@TcmSocket@TryLockMultiClient$qqrv.Z39UARTASSIST ref: 0047FB34

Part of subcall function 0047DD14: WaitForSingleObject.KERNEL32(?,00000000,?,?,0047FB39), ref: 0047DD2F

ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047FB7E
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047FBB8
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0047FBDA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphore$Client$qqrvLockMultiObjectSingleSocket@Wait
String ID:
API String ID: 1699416865-0
Opcode ID: 8f51f7b249a68378b140972681d8870c17f2999b0ef021052630610fa4467f6c
Instruction ID: 117ea8f182268f7ae7a567ae7d421d2f90b63cbaa166e46f6def218e7ebf39c3
Opcode Fuzzy Hash: 8f51f7b249a68378b140972681d8870c17f2999b0ef021052630610fa4467f6c
Instruction Fuzzy Hash: E921A431604341ABDB24EB24C8D5FE7B7A4BB84710F54C96BEA584B286D379BC48C395

Function 00412E14 Relevance: 6.1, APIs: 4, Instructions: 73synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00412E28
ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,000000FF), ref: 00412E96
SetEvent.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000,000000FF), ref: 00412EA2
ReleaseMutex.KERNEL32(00000000,?,00000000,000000FF), ref: 00412ECA

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MutexRelease$EventObjectSingleWait
String ID:
API String ID: 2539647328-0
Opcode ID: 73534fe0fc03958198ce0699a0963e0a6e9658e85d8675a3a8e4b646e42959d6
Instruction ID: 531a4b84065381725b4e1dea9528c79ba1d442b04f158c45412781f22a297ea3
Opcode Fuzzy Hash: 73534fe0fc03958198ce0699a0963e0a6e9658e85d8675a3a8e4b646e42959d6
Instruction Fuzzy Hash: 401127B6601201ABC700EB68CC82D9F37ADFBD4700F04451AF908CB245E374ED5597A6

Function 00500D30 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON

Download Yara Rule

APIs

IsRectEmpty.USER32(?), ref: 00500D3B
IsWindowVisible.USER32(00000000), ref: 00500D66
SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000048,?,?,00000000,?,00500E47,00505D0C,?), ref: 00500D9E
SetFocus.USER32(00000000,?,?,?,?,00000048,?,?,00000000,?,00500E47,00505D0C,?), ref: 00500DD3

Part of subcall function 00500CC8: IsWindowVisible.USER32(00000000), ref: 00500CDF
Part of subcall function 00500CC8: SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,0000008C,00000000,?,?,00505BB6,00505BBE,?,?,00501498,00503C97), ref: 00500D06
Part of subcall function 00500CC8: SetFocus.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0000008C,00000000,?,?,00505BB6,00505BBE,?,?,00501498), ref: 00500D26

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$FocusVisible$EmptyRect
String ID:
API String ID: 698668684-0
Opcode ID: 6e6853709f0d1d136c6a698cb16427812c866d5b701182885be40ef1df43dd77
Instruction ID: 6855907dc4228b9e1c2b1962d896f93c33058052e39c9b46e591e695aef2a5ae
Opcode Fuzzy Hash: 6e6853709f0d1d136c6a698cb16427812c866d5b701182885be40ef1df43dd77
Instruction Fuzzy Hash: C911A3613406025BD210AAB98989B7EBF9DBFC5340F080524F558DB2C1DF25FC02A775

Function 00465B34 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 00465B64
ReleaseMutex.KERNEL32(?,?,00000000), ref: 00465B81
ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,00000000), ref: 00465B94
Sleep.KERNEL32(000003E8), ref: 00465BAB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Release$MutexObjectSemaphoreSingleSleepWait
String ID:
API String ID: 2872105231-0
Opcode ID: cb9ba737f06fa1b9e354bab285ee0c8b396e8a0e05996e9ae2087cd5ff4e1d72
Instruction ID: 80642e786c0c0fc9d55eebbc86d43de0ccfba9863b03a258d1d42bdbd793af5a
Opcode Fuzzy Hash: cb9ba737f06fa1b9e354bab285ee0c8b396e8a0e05996e9ae2087cd5ff4e1d72
Instruction Fuzzy Hash: 5411A731A00608AFDB14DF99C885B8EBBB8FF84704F10419AED059B282E375F981CB95

Function 0047555C Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 004755A3

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 666e8d05a39d96fdf1f9aa5f95c9d443200fe58df7b189538a4c4d28f30c7c32
Instruction ID: 55c9283b00f6af19c43679ae5a8b82181f78645c1662de4bf6b06f67432aee89
Opcode Fuzzy Hash: 666e8d05a39d96fdf1f9aa5f95c9d443200fe58df7b189538a4c4d28f30c7c32
Instruction Fuzzy Hash: D7017332341A002BE520B778AC86BC77356BB41311F148057F14CDF395C7F96C409788

Function 005633C8 Relevance: 6.0, APIs: 4, Instructions: 49fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,0059D490,00000000,-000000F6,00000000,?,005635BA,00000000,00000000,00000000), ref: 005633E8

Part of subcall function 00563378: GetLocalTime.KERNEL32(?,00000000,-000000F6,00000000,?,005635BA,00000000,00000000,00000000,-000000F6,?,00563682,Abnormal program termination,00564323,?,?), ref: 0056337C
Part of subcall function 00563378: wsprintfA.USER32 ref: 005633B5

WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,0059D490,00000000,-000000F6,00000000), ref: 0056340A
WriteFile.KERNEL32(00000000,0059B110,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,C0000000,00000000,00000000,00000002,00000080), ref: 0056341F
CloseHandle.KERNEL32(00000000,00000000,0059B110,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,C0000000,00000000,00000000,00000002), ref: 00563425

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: File$Write$CloseCreateHandleLocalTimewsprintf
String ID:
API String ID: 893966949-0
Opcode ID: 6801949894958ee7e536c336b4d24299321911bb97a9fc9db6ec1e937ac9ab1f
Instruction ID: cd7b298dfc52495c7f5c391c16989206a8525b212d70ea84e6cca4cfee9b8245
Opcode Fuzzy Hash: 6801949894958ee7e536c336b4d24299321911bb97a9fc9db6ec1e937ac9ab1f
Instruction Fuzzy Hash: 99F0307664030979F620A6A5DC8BFEF6B9CEBC2B61F504116B604AF0C2DDB4AD0083B4

Function 00479D20 Relevance: 6.0, APIs: 4, Instructions: 44synchronizationsleepCOMMON

Download Yara Rule

APIs

PurgeComm.KERNEL32(EC75FF18,00000008), ref: 00479D4F
WaitForSingleObject.KERNEL32(0575C085,00000000,EC75FF18,00000008), ref: 00479D66
ReleaseMutex.KERNEL32(0575C085,0575C085,00000000,EC75FF18,00000008), ref: 00479D87
Sleep.KERNEL32(00000005,0575C085,00000000,EC75FF18,00000008), ref: 00479D90

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommMutexObjectPurgeReleaseSingleSleepWait
String ID:
API String ID: 1985745619-0
Opcode ID: 79a69317882b310c17a051922e84c14e2218afbe66d03e0c4411e04e2849ce5c
Instruction ID: a7778b1c3f02d21074a40c99afb8d49f489195731e087d2a8a2e329ea54812bc
Opcode Fuzzy Hash: 79a69317882b310c17a051922e84c14e2218afbe66d03e0c4411e04e2849ce5c
Instruction Fuzzy Hash: 2411A130D04149EFCB25DB94C906BDEBBB2FF40304F1081EAE4196B2A2CB794E41DB45

Function 00479DAC Relevance: 6.0, APIs: 4, Instructions: 44synchronizationsleepCOMMON

Download Yara Rule

APIs

PurgeComm.KERNEL32(?,00000004), ref: 00479DDB
WaitForSingleObject.KERNEL32(?,00000000,?,00000004), ref: 00479DF2
ReleaseMutex.KERNEL32(?,?,00000000,?,00000004), ref: 00479E13
Sleep.KERNEL32(00000005,?,00000000,?,00000004), ref: 00479E1C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommMutexObjectPurgeReleaseSingleSleepWait
String ID:
API String ID: 1985745619-0
Opcode ID: 633fb91e3e4b4e1f4303f2fbffb908d571f4e1c307d9d9e15f7dea95ea119afd
Instruction ID: 12c3921eb63bffe7035219a5758e718ce274ce006a08b14765918ee2615d0531
Opcode Fuzzy Hash: 633fb91e3e4b4e1f4303f2fbffb908d571f4e1c307d9d9e15f7dea95ea119afd
Instruction Fuzzy Hash: 77118B30C04149EFCF15DB94C906BEEBBB2FF00304F1081AAE5196B2A2DB754E42EB45

Function 004D0B38 Relevance: 6.0, APIs: 4, Instructions: 39timefileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 004D0B48
GetLastError.KERNEL32(?,?), ref: 004D0B51
FileTimeToLocalFileTime.KERNEL32(?), ref: 004D0B65
FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 004D0B74

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: FileTime$DateErrorFindLastLocalNext
String ID:
API String ID: 2103556486-0
Opcode ID: 70a68a76d8633bbb03718614686ea239fd8d12b82f0ac77e60ccc1aa24eb4bca
Instruction ID: 5009ba00b6e9a76dc3110824b3581c4279176bb7841bec3705955eba3eba1123
Opcode Fuzzy Hash: 70a68a76d8633bbb03718614686ea239fd8d12b82f0ac77e60ccc1aa24eb4bca
Instruction Fuzzy Hash: 9EF03CB21042059FCF44EFA4C8CAD9777ECEB89324B1449A3AD05CF24AE634E954CBA5

Function 0051C208 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0051C220
SetWindowsHookExA.USER32(00000003,0051C1C4,00000000,00000000), ref: 0051C230
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,0051EB91,?,?,023C2008,?,?,0051E54C,?), ref: 0051C24B
CreateThread.KERNEL32(00000000,000003E8,0051C168,00000000,00000000), ref: 0051C26F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateThread$CurrentEventHookWindows
String ID:
API String ID: 1195359707-0
Opcode ID: 01ebd38dab7c2cf233b4730a8816a2993d5e80bc01ad67496828fd7700bf0a46
Instruction ID: c9b18a4d05630413c825f91ecbf46739156fa21318577b4f03c2a201c46bc5dc
Opcode Fuzzy Hash: 01ebd38dab7c2cf233b4730a8816a2993d5e80bc01ad67496828fd7700bf0a46
Instruction Fuzzy Hash: 87F030746C07C0BFF724AB649C8AF653E98B3A6B15F100026F1C26E1D1C3B114C49E59

Function 0051D468 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON

Download Yara Rule

APIs

GetLastActivePopup.USER32(?), ref: 0051D474
IsWindowVisible.USER32(?), ref: 0051D485
IsWindowEnabled.USER32(?), ref: 0051D48F
SetForegroundWindow.USER32(?), ref: 0051D499

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Window$ActiveEnabledForegroundLastPopupVisible
String ID:
API String ID: 2280970139-0
Opcode ID: 164f103c9b32ad699d1e49241377763154bdf02c281de1b0a1fdd9c66967d568
Instruction ID: 51c7977548c29913faaac560d1e6de5edc348b681d9c44fe0cccee958d95cde0
Opcode Fuzzy Hash: 164f103c9b32ad699d1e49241377763154bdf02c281de1b0a1fdd9c66967d568
Instruction Fuzzy Hash: 36E0121160372637AE7676768A899DF2AAD7D8A3907045071BC04F7502DBF5ECC086F2

Function 00457B50 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 393COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(00000000,000000F0), ref: 00457B74
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 00457B87

Strings

t, xrefs: 00457DE8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: LongWindow
String ID: t
API String ID: 1378638983-2238339752
Opcode ID: e2f64d73435eafd9f741ca494c42e5e5013c3caf97f5b04df83c37473c5f634a
Instruction ID: ad738b6df2bb1c3550a092c8756e34cff0d317a37b9f9c949bb09105753da67f
Opcode Fuzzy Hash: e2f64d73435eafd9f741ca494c42e5e5013c3caf97f5b04df83c37473c5f634a
Instruction Fuzzy Hash: DD02933090420ACFDB10EFA4D099BEDBBB5FF84304F208566D8155B26ADB74A94ECB45

Function 00482968 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

@TcmSocket@ParseHostAddr$qqrpxcpit2o.Z39UARTASSIST(?), ref: 004829DB
@TcmSocket@ip_aton$qqrpxcp6IPDATAo.Z39UARTASSIST ref: 00482A2B

Strings

D, xrefs: 00482C0C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Addr$qqrpxcpit2oHostParseSocket@Socket@ip_aton$qqrpxcp6
String ID: D
API String ID: 824452390-2746444292
Opcode ID: bcafc4ec95b53f561bc7be1bb829820b0f42af64f8cc9124b41fd8c6014c7ffb
Instruction ID: 8be1d9788de7c39009e4db8efeea20721d2b536cc4fa4464a942174d434ff13c
Opcode Fuzzy Hash: bcafc4ec95b53f561bc7be1bb829820b0f42af64f8cc9124b41fd8c6014c7ffb
Instruction Fuzzy Hash: 14A18F30A0015ACBCF15EFA4C9887EEBBB1FF44300F144666D805AB396DB785E4ADB65

Function 00443900 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 226windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,0000040F,00000000,?), ref: 00443B94

Part of subcall function 0043BFC4: SetEvent.KERNEL32(00000470), ref: 0043C00E
Part of subcall function 0043BFC4: @cmSerialCommDriver32@TcmUart@Close$qqrv.Z39UARTASSIST ref: 0043C034

Strings

,, xrefs: 00443BDC
4K, xrefs: 00443919

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Close$qqrvCommDriver32@EventMessagePostSerialUart@
String ID: ,$4K
API String ID: 403512938-2912318814
Opcode ID: c7ebb8a10bd63baa0e07871acae4beeafc4fb0d0de4b01be78b90ef163604cf4
Instruction ID: d81e5ab1fb3647ef2e7ec9d87d4f22a622070c10e00647001cdd89a956d687cb
Opcode Fuzzy Hash: c7ebb8a10bd63baa0e07871acae4beeafc4fb0d0de4b01be78b90ef163604cf4
Instruction Fuzzy Hash: B9912A70A005469FEB04DF64C8C5BEEBBB5FF45705F08416AE844AB392DB396E4ACB44

Function 00416A98 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(?,00000000,?,00000000,00000000,00000001), ref: 00416C40

Strings

Opening browser..., xrefs: 00416B06
8, xrefs: 00416BEB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: 8$Opening browser...
API String ID: 587946157-3155203500
Opcode ID: fd8d63af695fda736fe326e536658ea4f4c7e630b226818070190776b4e086a6
Instruction ID: 7b2170aaa06717d07ebd0accd9494ed7a9d3e2212c99d6be146db9612e3022c2
Opcode Fuzzy Hash: fd8d63af695fda736fe326e536658ea4f4c7e630b226818070190776b4e086a6
Instruction Fuzzy Hash: F3519030A00219CBCB00EF94D8857EEBBB5FF85344F10416AE801AB366DB359D46CBD9

Function 00496264 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 165networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(00000000), ref: 00496384
htons.WS2_32(?), ref: 00496394

Strings

, xrefs: 0049641D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: htons
String ID:
API String ID: 4207154920-3916222277
Opcode ID: 33cc579ea3f6c7ca3f4e7a3f9cb72cad32692afacc0fd1dc6e8cbcfca9c0eeec
Instruction ID: 270345c3bba0791dd42a89c6666dfdf08d932866442e7a8d3785b381b671d604
Opcode Fuzzy Hash: 33cc579ea3f6c7ca3f4e7a3f9cb72cad32692afacc0fd1dc6e8cbcfca9c0eeec
Instruction Fuzzy Hash: B351A3B1D00208EBDF10EB94DC86BEEBBB8EF49304F158166F90167292E7745E05C7A6

Function 0049A3F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163registryCOMMON

Download Yara Rule

APIs

UnregisterHotKey.USER32(00000000,?,00000008,?,00000000), ref: 0049A45D
RegisterHotKey.USER32(00000000,?,00000001,?,00000008,?,00000000), ref: 0049A4A2

Strings

, xrefs: 0049A446

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: RegisterUnregister
String ID:
API String ID: 2330324139-3916222277
Opcode ID: 225ee7f65a81ef6517f433a73b9efca0fbbee92969b2762fe12b0c50b27a1e10
Instruction ID: 0c99e1a2c99ddc9b3312aa1b039ce34167ce73d180d43d1436db245e1ef52f58
Opcode Fuzzy Hash: 225ee7f65a81ef6517f433a73b9efca0fbbee92969b2762fe12b0c50b27a1e10
Instruction Fuzzy Hash: D8519130A0024A9BCF10DBA4C4597EEBFB5FF85310F18816AD85567392EB399D06CB96

Function 004B5388 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString.Z39UARTASSIST ref: 004B5530

Strings

D, xrefs: 004B5535
*.*, xrefs: 004B544D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AnsiCase$qqrrx17Cdiroutl@DirectoryForceOutline@StringSystem@
String ID: *.*$D
API String ID: 2852121963-3091054508
Opcode ID: cd7148e8489ac7d2ba3514313b4967ee4ee6d040a559a7006e9742bed0901bf9
Instruction ID: c317a02379ecee12c49836d95d4ec88f6db09df1777421e472802da92b4cb7f4
Opcode Fuzzy Hash: cd7148e8489ac7d2ba3514313b4967ee4ee6d040a559a7006e9742bed0901bf9
Instruction Fuzzy Hash: BE711870A1122C8BCB60EB20CD55BEEB3B5BF46304F5482EAD44C67252DB359F8A8F55

Function 00443BF4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@SendData$qqrpvi.Z39UARTASSIST ref: 00443C2B

Part of subcall function 0047986C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0047989B
Part of subcall function 0047986C: ReleaseMutex.KERNEL32(?,?,?,000000FF), ref: 004798C7
Part of subcall function 0047986C: SetEvent.KERNEL32(?,?,?,?,000000FF), ref: 004798DB

Strings

TX:, xrefs: 00443CC7
COM%d, xrefs: 00443C7C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CommData$qqrpviDriver32@EventMutexObjectReleaseSendSerialSingleUart@Wait
String ID: COM%d$TX:
API String ID: 1855903974-523180663
Opcode ID: bf66a2d4b3346b2a39e80a558f3a5477fd4c7afb7bc707a8d52e3466352a0342
Instruction ID: ec4832a753a3da83cc4d31f4991291eff63c17719e980bb9bfa5ea771a8202ef
Opcode Fuzzy Hash: bf66a2d4b3346b2a39e80a558f3a5477fd4c7afb7bc707a8d52e3466352a0342
Instruction Fuzzy Hash: 7451177460050B9BD704EF64D8966BEBBF9FF99304F108226D80483752EB34AA4BDB95

Function 004B7800 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159windowCOMMON

Download Yara Rule

APIs

@TCGauge@PaintBackground$qqrp16Graphics@TBitmap.Z39UARTASSIST ref: 004B7879
@TCGauge@GetPercentDone$qqrv.Z39UARTASSIST ref: 004B7887

Strings

8, xrefs: 004B78B3

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Gauge@$Background$qqrp16BitmapDone$qqrvGraphics@PaintPercent
String ID: 8
API String ID: 2924455710-4194326291
Opcode ID: df99c1901a1b3f980051179e6ea65805b4fdb42a20365212ac2756a89eb76191
Instruction ID: 621c35e77a1b9a1dd2909a751a7c0b0a70f037d55ce2bf99fee571b93fdcc976
Opcode Fuzzy Hash: df99c1901a1b3f980051179e6ea65805b4fdb42a20365212ac2756a89eb76191
Instruction Fuzzy Hash: A3516331D0020DABCB04EBE4D8469DEBBB5FF95314F20456AE50067292DB359E4ACB68

Function 00509A94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON

Download Yara Rule

APIs

Part of subcall function 00508D90: RtlEnterCriticalSection.NTDLL(?), ref: 00508D94

CreateFontIndirectA.GDI32(?), ref: 00509BD2

Strings

MS Sans Serif, xrefs: 00509B71
Default, xrefs: 00509B60

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CreateCriticalEnterFontIndirectSection
String ID: MS Sans Serif$Default
API String ID: 2931345757-2137701257
Opcode ID: 517e29099343e42f8cac4eeeac28c76b9e4842c7879d10031bd7b7533dad744f
Instruction ID: c9b071e0c4435beb008f8b03085348473bab751bc99179df4f9dbf192692db7a
Opcode Fuzzy Hash: 517e29099343e42f8cac4eeeac28c76b9e4842c7879d10031bd7b7533dad744f
Instruction Fuzzy Hash: 3B515730A08248DFDB11CFA8D581B8DBFF6BF48314F6580AAE840A7296D2749E05CB65

Function 004835C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

@TcmSocket@ParseHostAddr$qqrpxcpit2o.Z39UARTASSIST(?), ref: 00483612
@TcmSocket@ParseHostPort$qqrpxc.Z39UARTASSIST ref: 0048369D

Strings

8, xrefs: 004836AE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: HostParseSocket@$Addr$qqrpxcpit2oPort$qqrpxc
String ID: 8
API String ID: 948049566-4194326291
Opcode ID: 73cf74fbd9c5c06d4df573db90d6ec238ca668fbd6cee31140d38900d13afa31
Instruction ID: 083fb450995cb213f94351d5e1ab90964b2ffe8d4ab16171a742a5d67d0b079f
Opcode Fuzzy Hash: 73cf74fbd9c5c06d4df573db90d6ec238ca668fbd6cee31140d38900d13afa31
Instruction Fuzzy Hash: 79411970D0010A9BCF10EF94C4896EEBBB5FF44304F24856AD815B7392EB749E49DB65

Function 00480CA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

@TcmSocket@MapErrorCode$qqri.Z39UARTASSIST(?,socket() failed,00000000), ref: 00480D26

Strings

: , xrefs: 00480CF8
socket() failed, xrefs: 00480CA8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Code$qqriErrorSocket@
String ID: : $socket() failed
API String ID: 921977879-3054834518
Opcode ID: 945136e9ea59e301763f6c0092ec21da4b3331998b56f1fd0c874305ee2a3345
Instruction ID: 984dc5065e481fc569b82914aedc19760eba03be7766fbe7e0b0c2f3ccc8e480
Opcode Fuzzy Hash: 945136e9ea59e301763f6c0092ec21da4b3331998b56f1fd0c874305ee2a3345
Instruction Fuzzy Hash: F5311C70E1010E9BCF40EB94C4856FEF7B9FF88304F148566D814A7256EB749A0ADB65

Function 0047B6CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,000000FF,000000FF), ref: 0047B71F

Part of subcall function 0050A964: Ellipse.GDI32(?,?,?,?,?), ref: 0050A992

InflateRect.USER32(?,00000001,00000001), ref: 0047B73D

Part of subcall function 0050A4E4: Arc.GDI32(?,?,?,?,00808080,?,L~G,?,?), ref: 0050A522

Strings

L~G, xrefs: 0047B705

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: InflateRect$Ellipse
String ID: L~G
API String ID: 3816802421-3754241533
Opcode ID: 66e3732167b4ef40a3ea83d7efe376e7e79533a69b9938c39cadc66b7d55db7b
Instruction ID: deaab114913d0e6bc3f96b59f904390759cde6ae98ae923a2fcd6bd0d3d15a22
Opcode Fuzzy Hash: 66e3732167b4ef40a3ea83d7efe376e7e79533a69b9938c39cadc66b7d55db7b
Instruction Fuzzy Hash: 3D310975304601ABCB14EF59C8C6D4AB7EABFC9710B148658B5498F3AACA31EC05CB61

Function 00403784 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

Invalid digital input, xrefs: 0040384A
Prompt, xrefs: 0040386C

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID:
String ID: Invalid digital input$Prompt
API String ID: 0-2664087997
Opcode ID: b72d13f7b7bc8357dc3d8943cf05f3279714f9d9b8be84da41cd0fb1710e3548
Instruction ID: ea918334435cc59351f968218afe9b7a0c4238df95b7114467cf263137c199a9
Opcode Fuzzy Hash: b72d13f7b7bc8357dc3d8943cf05f3279714f9d9b8be84da41cd0fb1710e3548
Instruction Fuzzy Hash: 7021D771A1054496DB25AB14888136E7FA9AB42706F2481BBE501EB3D2DB3CCE4687CE

Function 0047EE94 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

@TcmSocket@inet_aton$qqrpxcp6IPDATAi.Z39UARTASSIST ref: 0047EF06

Strings

0.0.0.0, xrefs: 0047EF7F
, xrefs: 0047EF8D

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Socket@inet_aton$qqrpxcp6
String ID: $0.0.0.0
API String ID: 2966448890-1685620526
Opcode ID: 30aed029a82861c2bd81fda916b8335eec46675413fb3b947a32292793fea214
Instruction ID: 524d1ce086c73355e5798e2e2fa1afc4bbc144a2f8ed878b78a853ba77133de0
Opcode Fuzzy Hash: 30aed029a82861c2bd81fda916b8335eec46675413fb3b947a32292793fea214
Instruction Fuzzy Hash: 69317E3090024EDADF00EBA0C5857EDB7B5FF44304F2486B6D80D6B296EB749A09DB66

Function 0044C7A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000000,00577E3B,00000000,00000000,00000001), ref: 0044C889

Strings

,, xrefs: 0044C82F
autoreply/, xrefs: 0044C835

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: ,$autoreply/
API String ID: 587946157-3921207096
Opcode ID: 57c9537efbfb2cf4c2f24004a1cf7b441958aa5df330fe33e40efaa8f1e4ee50
Instruction ID: d468ab2ee24fa56f8c99dd1e3e7458228084e4f96af298dd5801eca2273ceb50
Opcode Fuzzy Hash: 57c9537efbfb2cf4c2f24004a1cf7b441958aa5df330fe33e40efaa8f1e4ee50
Instruction Fuzzy Hash: D731217091110EDBDF00EBA0D98ABEEB7B9FF44304F2442A6E40567251EB746F05DB65

Function 00442FEC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000000,00571DB8,00000000,00000000,00000001), ref: 004430D5

Strings

,, xrefs: 0044307B
assistscript/, xrefs: 00443081

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: ,$assistscript/
API String ID: 587946157-3342015788
Opcode ID: ec68da63c559110554559c51ac621a009ca5d08a15ee912efaa8290e6e78f1d8
Instruction ID: 10db5d02a87ec4e67c714e8489b1167452b99405c0c81fe1c1842467931be103
Opcode Fuzzy Hash: ec68da63c559110554559c51ac621a009ca5d08a15ee912efaa8290e6e78f1d8
Instruction Fuzzy Hash: 84314C30A0010EDBDF10EBA0D986AEEB7B9FF44304F2042A6E40467296EB756F05DB55

Function 0050C098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000054), ref: 0050C0AC

Strings

(, xrefs: 0050C0C1
jQ, xrefs: 0050C0C8

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Object
String ID: ($jQ
API String ID: 2936123098-597219741
Opcode ID: 4a07a2922f07a6669af6ffe9c7ab9633b6b68b808dd474c7e18a5ee70a284c0a
Instruction ID: de0c72b97e8f28825995aa46c0816c270f1ea71cb35c31f1ece7e0f9f87606bb
Opcode Fuzzy Hash: 4a07a2922f07a6669af6ffe9c7ab9633b6b68b808dd474c7e18a5ee70a284c0a
Instruction Fuzzy Hash: 4F217FB4614211CBDB18DF28C9D925EBEE1BF8A304F14866AE849CF29BD734C944C766

Function 004B6074 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000100,00000000), ref: 004B60AD
GetCurrentDirectoryA.KERNEL32(00000100,00000000), ref: 004B60E1

Strings

, xrefs: 004B6151

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-3916222277
Opcode ID: a3dbad2fa1df42465ebe98b3e43ad3efd8530a6974e992a54611978620bfc5ea
Instruction ID: 844e0623ad13c8f960eeceaf8f95a1562d1f8d75e1c6b4a41db264ebe7771926
Opcode Fuzzy Hash: a3dbad2fa1df42465ebe98b3e43ad3efd8530a6974e992a54611978620bfc5ea
Instruction Fuzzy Hash: B1313C30C1121DEBCF01EF94E989AEEBFB5FF44315F20412AF50066261D7794A84DB95

Function 004582C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

Strings

Prompt, xrefs: 0045836B
Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 00458349

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: MessageSend
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 3850602802-1347421534
Opcode ID: f9b533cd0b9973ffb2eeb3937d8ead8ac7daadb3f81878bdbf1742db6eaf46b1
Instruction ID: cb4a9056c23d6f2b2cec3676669bbd9f560c9937ce3ae36c7b2866d6e8113637
Opcode Fuzzy Hash: f9b533cd0b9973ffb2eeb3937d8ead8ac7daadb3f81878bdbf1742db6eaf46b1
Instruction Fuzzy Hash: 782138302042449ADB219754D88276E7FE5AB43701F1441AFED45BB3A3CE799C0AD78A

Function 0044D65C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 0044D6BD

Part of subcall function 004EFF34: SendMessageA.USER32(00000000,000000B1,00000000,000000FF), ref: 004EFF48

Strings

Prompt, xrefs: 0044D705
Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 0044D6E3

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$BeepSend
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 1008054038-1347421534
Opcode ID: 333078a7b6482a8b938752047b5d3c8ec60e4a5c86b6e22f84918ee9e883a932
Instruction ID: ae64fa1a00b0046014828c7f73e53ddd44b8d6846d8af6bb4b95c924701c1e07
Opcode Fuzzy Hash: 333078a7b6482a8b938752047b5d3c8ec60e4a5c86b6e22f84918ee9e883a932
Instruction Fuzzy Hash: A9213530B042405BEB119F54C8557BEBBE5FB81344F2481BBE8485F382CA785D06D799

Function 0048E8A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 0048E902

Part of subcall function 004EFF34: SendMessageA.USER32(00000000,000000B1,00000000,000000FF), ref: 004EFF48

Strings

Prompt, xrefs: 0048E94A
Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 0048E928

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$BeepSend
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 1008054038-1347421534
Opcode ID: 359687d460dc996c6e633bcdada9c992d2a172d75a4a708964bdae1c283b31a6
Instruction ID: 46eb5081f2de57a1c7b9a9cc1185ad0e9672d2da30238b5e898c693feb9997c2
Opcode Fuzzy Hash: 359687d460dc996c6e633bcdada9c992d2a172d75a4a708964bdae1c283b31a6
Instruction Fuzzy Hash: 9E216A70604204DBEB61B715C8957AF7BA5EB82310F1445A7E588AB392CBF89C06C35A

Function 004A00E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(?,ICON_MESSAGE_GRAY), ref: 004A0143

Strings

ICON_MESSAGE, xrefs: 004A012D, 004A0139
ICON_MESSAGE_GRAY, xrefs: 004A0134

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoad
String ID: ICON_MESSAGE$ICON_MESSAGE_GRAY
API String ID: 3581186644-596663843
Opcode ID: 24597471d8fce91286fee33c0be06ca69a5a0a53d21272aeee1605b06a9ab11a
Instruction ID: ae6856cd078475d42e409db92e13b71554fb22a2ed78daf4fce9dd43130b7baa
Opcode Fuzzy Hash: 24597471d8fce91286fee33c0be06ca69a5a0a53d21272aeee1605b06a9ab11a
Instruction Fuzzy Hash: 1C2105307016129FC720DBB8E889BCEBBE5FF6A310F44452AE44A9B361D739AC04CB55

Function 0046213C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 00462195

Strings

Prompt, xrefs: 004621DD
Only the digital 0 or 1 can be entered, xrefs: 004621BB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BeepMessage
String ID: Only the digital 0 or 1 can be entered$Prompt
API String ID: 2359647504-327199117
Opcode ID: 4a03f9a12548120cdd8a707f1c9e799698d376ce943d108cedbf987258f366e9
Instruction ID: 3e1588a6c1df15e956f9eaeab278e10f4b506fa773c0da958a655f54a30cd37c
Opcode Fuzzy Hash: 4a03f9a12548120cdd8a707f1c9e799698d376ce943d108cedbf987258f366e9
Instruction Fuzzy Hash: B8112430A04619ABD7109754CC553FEBBB5FF82300F204063E6006B391EBB88D06979A

Function 004B5A4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00531300: GetClassInfoA.USER32(?,?,?), ref: 005313C4
Part of subcall function 00531300: UnregisterClassA.USER32(?,?), ref: 005313EC
Part of subcall function 00531300: RegisterClassA.USER32(?), ref: 00531402

@Cdiroutl@TCDirectoryOutline@CurDir$qv.Z39UARTASSIST(00000000,00000000), ref: 004B5AAC

Part of subcall function 004B6074: GetCurrentDirectoryA.KERNEL32(00000100,00000000), ref: 004B60AD
Part of subcall function 004B6074: GetCurrentDirectoryA.KERNEL32(00000100,00000000), ref: 004B60E1

@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString.Z39UARTASSIST ref: 004B5AB9

Strings

, xrefs: 004B5ACE

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Directory$Class$Cdiroutl@CurrentOutline@$AnsiCase$qqrrx17Dir$qvForceInfoRegisterStringSystem@Unregister
String ID:
API String ID: 3712666593-3916222277
Opcode ID: f6ff92214c847b0a858a868b4edab626387151f8872268a17b567301345fdf29
Instruction ID: b8ce32d68eec2eccb3fdfebef0b2c4d62a637a9fefbabd1fa7c1af80944e621d
Opcode Fuzzy Hash: f6ff92214c847b0a858a868b4edab626387151f8872268a17b567301345fdf29
Instruction Fuzzy Hash: E3210E3491114E9BCF00EBA0D5456EEF7B9FF44305F1442AAE40477252EB789F0587AA

Function 00454830 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 0045487D

Part of subcall function 004EFF34: SendMessageA.USER32(00000000,000000B1,00000000,000000FF), ref: 004EFF48

Strings

Prompt, xrefs: 004548C5
Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 004548A3

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Message$BeepSend
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 1008054038-1347421534
Opcode ID: 9f335c1724f40a1b10ca44b772b47208cd8a7ac1db8bd5c8746836e91e3b1d5e
Instruction ID: df6b856f05d6bf8818e1893775c199eed62e39c9477d6d12f74c297900e6f3d2
Opcode Fuzzy Hash: 9f335c1724f40a1b10ca44b772b47208cd8a7ac1db8bd5c8746836e91e3b1d5e
Instruction Fuzzy Hash: 7A113634A042819BDB10BF44C4457AE7BA5FFC1309F1441B6E8486F383DA784D4DD75A

Function 004758CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(?,dlgDragHnd), ref: 00475938
@TcmForm@update_workbitmap$qqrv.Z39UARTASSIST ref: 00475967

Strings

dlgDragHnd, xrefs: 0047592B

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapForm@update_workbitmap$qqrvLoad
String ID: dlgDragHnd
API String ID: 2310468496-1624917145
Opcode ID: 69e3bebc5b004b069111b80aa5f48b69a950b9aea48402af596530afe77b41c6
Instruction ID: 07f45c6458a631cf69e9b16a68a47f8428dcf65879e334991e79f11a48f9856e
Opcode Fuzzy Hash: 69e3bebc5b004b069111b80aa5f48b69a950b9aea48402af596530afe77b41c6
Instruction Fuzzy Hash: 551101B0704A05CFD320EB38C845BDA7BE8BB48310F04846AE99DDB391DAB5AC05DB85

Function 005043DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SetScrollRange.USER32(00000000,>FP,00000000,0000007F,000000FF), ref: 00504414
SetScrollRange.USER32(00000000,>FP,00000000,00000000,000000FF), ref: 00504431

Strings

>FP, xrefs: 005043F9, 00504407, 00504424

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: RangeScroll
String ID: >FP
API String ID: 3104354439-486320383
Opcode ID: 0b15bde65472c8e636cd33be9b29c5421dfed87fae47774dcd1c04839506571f
Instruction ID: 3f2889ac84d0a29baa5062d4e030a84426feb0f077382b78d5b865b4247a32ce
Opcode Fuzzy Hash: 0b15bde65472c8e636cd33be9b29c5421dfed87fae47774dcd1c04839506571f
Instruction Fuzzy Hash: 2F0140B1644216AFDB10DF59EC85F5E7BE8FB55720F204611FA18DB2D1C630FC408A64

Function 00440588 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

@cmSerialCommDriver32@TcmUart@SetAutoWrap$qqro.Z39UARTASSIST ref: 00440630

Strings

Data Log, xrefs: 004405CC
Data Receive, xrefs: 004405E3

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: AutoCommDriver32@SerialUart@Wrap$qqro
String ID: Data Log$Data Receive
API String ID: 642324948-2375008308
Opcode ID: c231eccc96cad7e2b1948cca5e8fc3f63eb361e26f11f06b0cf6c91d50065bcd
Instruction ID: 8b5d2f013cc922d4a6515493b19fe240018adaca3bd3b27539d282932c722179
Opcode Fuzzy Hash: c231eccc96cad7e2b1948cca5e8fc3f63eb361e26f11f06b0cf6c91d50065bcd
Instruction Fuzzy Hash: CB117A30A046049FF720D724D4453AABBE4FB85300F1481A7D94A87751CB388D05EF8A

Function 0048A684 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 0048A6BC

Strings

Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 0048A6E2
Prompt, xrefs: 0048A704

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BeepMessage
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 2359647504-1347421534
Opcode ID: f45d15c715a0e4f9ae2d0bfa10e9553eadd3c5197975480c56d33db9af58bdbb
Instruction ID: c56ffe1f5e3527b1e81873b442cdcbd874ac782a34982afda4c6bafa6e7eb075
Opcode Fuzzy Hash: f45d15c715a0e4f9ae2d0bfa10e9553eadd3c5197975480c56d33db9af58bdbb
Instruction Fuzzy Hash: BB1106306042449BEB10FB54D8467AD7BB5FB42304F2801A7E9847B382DBB85C05C79A

Function 00458228 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000010), ref: 0045824E

Strings

Only hexadecimal characters can be entered in hexadecimal input mode., xrefs: 00458274
Prompt, xrefs: 00458296

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BeepMessage
String ID: Only hexadecimal characters can be entered in hexadecimal input mode.$Prompt
API String ID: 2359647504-1347421534
Opcode ID: 5fb274821e4872ba42a05b225f8b610b1b3f6051965acd99110a16273a6f3d2a
Instruction ID: 6cdd3670782f7d8f54bd18de56ee49d79964ba512148f36dcc5712a5d787ec6c
Opcode Fuzzy Hash: 5fb274821e4872ba42a05b225f8b610b1b3f6051965acd99110a16273a6f3d2a
Instruction Fuzzy Hash: 9E014530604644A7EB119798E8527AE7FA5FB41301F1041EEF948BB3D2CFB81E49D39A

Function 004B3DF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

@TCCalendar@GetCellText$qqrii.Z39UARTASSIST(00000000), ref: 004B3E45
@TCCalendar@SetDateElement$qqrii.Z39UARTASSIST(00000000), ref: 004B3E83

Strings

, xrefs: 004B3E1E

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: Calendar@$CellDateElement$qqriiText$qqrii
String ID:
API String ID: 3454364302-3916222277
Opcode ID: 3eca272e38f0d3deef974a01385c717eae67cee64def0abe06e7072f52a6f658
Instruction ID: 785efef2eb4016ab602dade9614efe7ab7bf4ec6f4ba0ec34f0871e259e0e811
Opcode Fuzzy Hash: 3eca272e38f0d3deef974a01385c717eae67cee64def0abe06e7072f52a6f658
Instruction Fuzzy Hash: 2211CB3491011DEBCF00EB95D846AEEB7B9FF44305F104166E814A3352EB349A059B95

Function 00480C48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C57
@TcmSocket@ShowError$qqrpci.Z39UARTASSIST(00000011,?,00000000,?,0047EA87,00000002), ref: 00480C93

Strings

3', xrefs: 00480C5F

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: ErrorError$qqrpciLastShowSocket@
String ID: 3'
API String ID: 3372320692-280543908
Opcode ID: d5c03d546197111c017385ff0997047134ba75a9d179c77e8a66991fddbbf5e2
Instruction ID: 32213d2778e8d0f40046f1d51f3ab1d4277c3dea3b56b050f84072087f3f1871
Opcode Fuzzy Hash: d5c03d546197111c017385ff0997047134ba75a9d179c77e8a66991fddbbf5e2
Instruction Fuzzy Hash: ECF082217002504BDB78BD7D4CC865A7A88ABC5331F180B7AED258B3D6EB788C4D9358

Function 004A0088 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

LoadBitmapA.USER32(?,ICON_DIAMOND_GRAY), ref: 004A00CB

Strings

ICON_DIAMOND_GRAY, xrefs: 004A00BD
ICON_DIAMOND, xrefs: 004A00B6, 004A00C2

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: BitmapLoad
String ID: ICON_DIAMOND$ICON_DIAMOND_GRAY
API String ID: 3581186644-4170127655
Opcode ID: 95b31525b47da9cd90d86f7c0555738dcc52312ee41f7fdbd37ecf76a4a7baf5
Instruction ID: bdca4726231ae017d7e7951fd55aa78a35a97d23a80ed78be877e0d2a7497875
Opcode Fuzzy Hash: 95b31525b47da9cd90d86f7c0555738dcc52312ee41f7fdbd37ecf76a4a7baf5
Instruction Fuzzy Hash: 74F02720345240AFC620D334B4917A72BE8BBB7350F18042BE4C4CB312C2265C4CD359

Function 00563378 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,00000000,-000000F6,00000000,?,005635BA,00000000,00000000,00000000,-000000F6,?,00563682,Abnormal program termination,00564323,?,?), ref: 0056337C
wsprintfA.USER32 ref: 005633B5

Strings

%02d/%02d/%04d %02d:%02d:%02d.%03d , xrefs: 005633AB

Memory Dump Source

Source File: 00000000.00000002.2976743314.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2976727559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.00000000005F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000609000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2976743314.0000000000634000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2977124136.000000000063F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_z39UartAssist.jbxd

Yara matches

Similarity

API ID: LocalTimewsprintf
String ID: %02d/%02d/%04d %02d:%02d:%02d.%03d
API String ID: 1577811021-3388318165
Opcode ID: eb3957204e758c7a8375dcf873a999eebb8db6e6f64385e3f3ef39027146551c
Instruction ID: 019273b13007477afafbb448bc011b99e4a78b1975df8467d3b36c66a0161fe0
Opcode Fuzzy Hash: eb3957204e758c7a8375dcf873a999eebb8db6e6f64385e3f3ef39027146551c
Instruction Fuzzy Hash: ACE012A644C662658254DF4B5C0183FB5ECBACCF11F44490DB9D4812C1F27CC484E377

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report z39UartAssist.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Cmsoft\uartassist.sys

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
z39UartAssist.exe

Function 0043E9B4 Relevance: 41.1, APIs: 10, Strings: 13, Instructions: 802
windowCOMMON

Function 004A55DC Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 192
libraryloaderCOMMON

Function 004E4518 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184
registrystringlibraryCOMMON

Function 00472254 Relevance: 26.7, APIs: 7, Strings: 8, Instructions: 420
registryCOMMON

Function 004E4624 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98
stringlibrarythreadCOMMON

Function 00464D20 Relevance: 44.2, APIs: 19, Strings: 6, Instructions: 495
networkCOMMON

Function 0043B92C Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 287
timeCOMMON

Function 0043BFC4 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 291
sleepCOMMON

Function 0046B70C Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 321
COMMON

Function 00478140 Relevance: 15.6, APIs: 10, Instructions: 631
COMMON

Function 004784DC Relevance: 15.3, APIs: 10, Instructions: 253
timeCOMMON

Function 00469DB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53
networkwindowCOMMON

Function 00474F44 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 214
windowCOMMON