Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1545804
MD5:	61162abf98861e7e3176df82d232523e
SHA1:	3f2eb1c68e088fccb1b33577dc5fbc491e29efd6
SHA256:	e552849b11e4c38df89416fcee9110fdcdbba56b66ed3c18113c428e842de0f3
Tags:	exeuser-Bitsight
Infos:

Detection

WhiteSnake Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected WhiteSnake Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large strings

.NET source code references suspicious native API functions

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

One or more processes crash

PE / OLE file has an invalid certificate

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6280 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 61162ABF98861E7E3176DF82D232523E)

InstallUtil.exe (PID: 6392 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

WerFault.exe (PID: 6728 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 1036 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1679122389.0000000005830000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_WhiteSnake	Yara detected WhiteSnake Stealer	Joe Security
Process Memory Space: file.exe PID: 6280	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: file.exe PID: 6280	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 6392	JoeSecurity_WhiteSnake	Yara detected WhiteSnake Stealer	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.file.exe.5830000.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.file.exe.3a7ebe8.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.file.exe.3a2ebc8.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for domain / URL

Source: http://185.217.98.121:80

Virustotal: Detection: 12%

Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 15%
Source: file.exe	Virustotal: Detection: 27%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 95.3% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 00000000000000000400000000000000l.pdbbt. source: InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1680094978.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1680094978.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E01000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vlUtil.pdb source: InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000001.00000002.2890924169.00000000009F7000.00000004.00000010.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05FE9950
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05FE9948
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 05FE4C00h	0_2_05FE4B48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 05FE4C00h	0_2_05FE4B40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0600D848
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 0603B1B9h	0_2_0603AFD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 0603B1B9h	0_2_0603AFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 0603AC41h	0_2_0603A850
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 0603AC41h	0_2_0603A860
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 06153E77h	0_2_06153AD1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 06153E77h	0_2_06153AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 06153E77h	0_2_06153BDD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 02B53382h	1_2_02B52CF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 02B533A5h	1_2_02B52CF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 02B53382h	1_2_02B52CE8

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.file.exe.3a7ebe8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3a2ebc8.1.raw.unpack, type: UNPACKEDPE

Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://101.126.19.171:80
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://101.43.160.136:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://107.161.20.142:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://116.202.101.219:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://129.151.109.160:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://132.145.17.167:9090
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.28.185.29:80
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://159.203.174.113:8090
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://167.235.70.96:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://168.138.211.88:8099
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://18.228.80.130:80
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:80
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://194.164.198.113:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.78.55.47:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://206.166.251.4:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://209.38.221.184:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://38.207.174.88:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://38.60.191.38:80
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://41.216.183.9:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://41.87.207.180:9090
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://46.235.26.83:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://47.96.78.224:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.159.4.50:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://65.49.205.24:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://67.230.176.97:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.216.92.21:8080
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.219.110.16:9999
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.222.143.111:8080
Source: file.exe	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: file.exe	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: file.exe	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: file.exe	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: file.exe	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: file.exe	String found in binary or memory: http://nsis.sf.net/License
Source: file.exe	String found in binary or memory: http://nsis.sf.net/License)
Source: file.exe	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: file.exe	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: file.exe	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: file.exe	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: file.exe	String found in binary or memory: http://subca.ocsp-certum.com01
Source: file.exe	String found in binary or memory: http://subca.ocsp-certum.com02
Source: file.exe	String found in binary or memory: http://subca.ocsp-certum.com05
Source: file.exe	String found in binary or memory: http://www.certum.pl/CPS0
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://138.2.92.67:443
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://154.9.207.142:443
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://185.217.98.121:443
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://192.99.196.191:443
Source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://5.196.181.135:443
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: file.exe	String found in binary or memory: https://jrsoftware.org0
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: file.exe	String found in binary or memory: https://www.certum.pl/CPS0

System Summary

.NET source code contains very large strings

Source: 0.2.file.exe.3d63e10.4.raw.unpack, bSqekn.cs

Long String: Length: 11394

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE7F58 NtResumeThread,	0_2_05FE7F58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE6AD8 NtProtectVirtualMemory,	0_2_05FE6AD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE7F50 NtResumeThread,	0_2_05FE7F50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE6AD0 NtProtectVirtualMemory,	0_2_05FE6AD0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0120D348	0_2_0120D348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012094C1	0_2_012094C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012094D0	0_2_012094D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01209AE8	0_2_01209AE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01209AF8	0_2_01209AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE2DF8	0_2_05FE2DF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE3D40	0_2_05FE3D40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FEDCB8	0_2_05FEDCB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FEEAE8	0_2_05FEEAE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FED768	0_2_05FED768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE20EF	0_2_05FE20EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05FE6818	0_2_05FE6818
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06000028	0_2_06000028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06000040	0_2_06000040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06027F40	0_2_06027F40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06028FB8	0_2_06028FB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0602D5C8	0_2_0602D5C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0602C3C0	0_2_0602C3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0602C6E7	0_2_0602C6E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06027F30	0_2_06027F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06028FA8	0_2_06028FA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06020006	0_2_06020006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06020040	0_2_06020040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0602806B	0_2_0602806B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0603BBA4	0_2_0603BBA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0603BC43	0_2_0603BC43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06037870	0_2_06037870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0603C00B	0_2_0603C00B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06152540	0_2_06152540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615AD40	0_2_0615AD40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615B8C8	0_2_0615B8C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06152530	0_2_06152530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06152E90	0_2_06152E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06152E83	0_2_06152E83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615AA69	0_2_0615AA69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06153AD1	0_2_06153AD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06153AE0	0_2_06153AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06153BDD	0_2_06153BDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0629001D	0_2_0629001D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_062ADC70	0_2_062ADC70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06290040	0_2_06290040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_02B51EF0	1_2_02B51EF0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 1036

Source: file.exe

Static PE information: invalid certificate

Source: file.exe, 00000000.00000002.1657328530.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.1676055881.0000000003B67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKltdkxt.dll" vs file.exe
Source: file.exe, 00000000.00000002.1676055881.0000000003B67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamem65fad4c5a45e6e95b83ca9.exep( vs file.exe
Source: file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamem65fad4c5a45e6e95b83ca9.exep( vs file.exe
Source: file.exe, 00000000.00000002.1678345333.0000000005230000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameKltdkxt.dll" vs file.exe
Source: file.exe, 00000000.00000002.1658517848.00000000029A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.1680094978.0000000006180000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000000.1647730037.00000000006FE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinnoinstaller.exe* vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameinnoinstaller.exe* vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe, PolicyReaderCollection.cs	Cryptographic APIs: 'CreateDecryptor'
Source: file.exe, PolicyReaderCollection.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs	Cryptographic APIs: 'CreateDecryptor'

Source: file.exe, DefinitionParamSpec.cs	Task registration methods: 'RegisterTask', 'CreateTask'
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'

Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.3d63e10.4.raw.unpack, jEHltQ.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.file.exe.3d63e10.4.raw.unpack, jEHltQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.file.exe.3d63e10.4.raw.unpack, p5r7.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/1@0/0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6728:64:WilError_03

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Temp\helloworld.txt

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	ReversingLabs: Detection: 15%
Source: file.exe	Virustotal: Detection: 27%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 1036
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 1341360 > 1048576

Source: file.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x13a800

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 00000000000000000400000000000000l.pdbbt. source: InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1680094978.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1680094978.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E01000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000001.00000002.2892476953.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vlUtil.pdb source: InstallUtil.exe, 00000001.00000002.2891001836.0000000000D12000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000001.00000002.2890924169.00000000009F7000.00000004.00000010.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs

.Net Code: Type.GetTypeFromHandle(cfW0J2GQEJ83yHlLbZf.k5tP7nukMm(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(cfW0J2GQEJ83yHlLbZf.k5tP7nukMm(16777252)),Type.GetTypeFromHandle(cfW0J2GQEJ83yHlLbZf.k5tP7nukMm(16777284))})

.NET source code contains potential unpacker

Source: file.exe, PolicyReaderCollection.cs	.Net Code: ReadAlgo System.Reflection.Assembly.Load(byte[])
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3a2ebc8.1.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.file.exe.5830000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1679122389.0000000005830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6280, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0602A752 pushfd ; retf	0_2_0602A755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_060235F2 push ecx; retf	0_2_060235F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0603F938 push esp; retf	0_2_0603F941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615D67A push es; ret	0_2_0615D680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615D68D push es; ret	0_2_0615D6BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0615D712 push ebx; ret	0_2_0615D719

Source: file.exe

Static PE information: section name: .text entropy: 7.708988508924863

Source: 0.2.file.exe.3c743f0.3.raw.unpack, AssemblyLoader.cs	High entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'aAgiWrkKuSAyGyCF89d'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, cfW0J2GQEJ83yHlLbZf.cs	High entropy of concatenated method names: 'k5tP7nukMm', 'ErbPTky723', 'w0ecS5jIiZp9RGZPF1w', 'hy7XZvjr8nYsQLYZOOm', 'eAU15sj62qdP9odiLvp', 'CH0wlnjdJsqZWLLR2xT'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, GDNIACGsPZCXo8eS7HU.cs	High entropy of concatenated method names: 'WO6GSn2u1s', 'tRyGZ1JHIR', 'W4JGFUHux1', 'kP6GVkhGdn', 'HbxG8gxYNd', 'wVtG1itEJU', 'UpTGvPeoPX', 'KPjGxltDdg', 'xucG2mWGoA', 'jjkGwD3Ube'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, wNjgIHGzlm3qoHc9aTC.cs	High entropy of concatenated method names: 'Md1CbAqgtn', 'JLTCNNFUne', 'rlfC5jU2Wd', 'k4MCAChPKu', 'naVC3X2wju', 'tleCearIp6', 'pJjCUmNHbK', 'fNjoqx8M0y', 'zpaCfnNwaS', 'sdgCQsqRQi'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, Pm9eLOtOt5hjuqFklEr.cs	High entropy of concatenated method names: 'eXXHn4kZDPx4c21GRvU', 'wg7KZJkFhZJdRLjMKYN', 'zYvGGh2Lhd', 'qGYsjxkvJdgJ5wLtgiQ', 'WJKCVVkxRMXqNcFmu4d', 'x3kyNqk2A1PlZQUUSuL', 'LGRdiMkw1uxqZTMTuBq', 'Wyukt7kzODXxPFxru1n', 'LttX0ijm28vVHKTqfAh', 'H253lwjpDGUdk7BKPKr'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, NZZSFPYQcuciEMGwg1p.cs	High entropy of concatenated method names: 'XksYgED2uc', 'AZTYusKyX6', 'WPwYOwi3uS', 'aYMYsXWeW0', 'FvkYROJcfS', 'jKNpias7NJJytHHUZR8', 'yvDGqUsTquSGeAvQrkO', 'Lr6GccsCe0wSyBcoosk', 'YjZDQysLRet96xPuVP9', 'O5fmF6sIjhf16ZiwdWg'
Source: 0.2.file.exe.3c743f0.3.raw.unpack, B2nHmqtTsx3u1WUddO2.cs	High entropy of concatenated method names: 'l5OtLYDnQ7', 'zYktIDmy5q', 'AZAIV9hh8KJRQPPpxBN', 'gqBvA5hkgorS0spXMFK', 'yOGiOohjPFdAdhPL1LT', 'hPxUqOhXH8WDW9yriKc', 'aHpqLEhWpVm2DXdPOWT', 'XaTv9QhBVswtu1GZxmr', 'CJ9JCnhcE5EBWuD5Y8k', 'NrVdjXhPLkirjwP53kE'

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: file.exe PID: 6280, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: file.exe, 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: EXPLORERJSBIEDLL.DLLKCUCKOOMON.DLLLWIN32_PROCESS.HANDLE='{0}'MPARENTPROCESSIDNCMDOSELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILUREPVERSIONQSERIALNUMBERSVMWARE\|VIRTUAL\|A M I\|XENTSELECT * FROM WIN32_COMPUTERSYSTEMUMANUFACTURERVMODELWMICROSOFT\|VMWARE\|VIRTUALXJOHNYANNAZXXXXXXXX

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 1200000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 29A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 49A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 11C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 11C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1676055881.0000000003B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2890672066.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: qemu'
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: crosoft\|VMWare\|Virtual
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtualh
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: file.exe, 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware\|VIRTUAL\|A M I\|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft\|VMWare\|VirtualXjohnYannaZxxxxxxxx
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q 1:en-CH:Microsoft\|VMWare\|Virtual
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWareLR^q\|
Source: file.exe, 00000000.00000002.1658517848.0000000002D67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q 1:en-CH:VMware\|VIRTUAL\|A M I\|Xen

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Code function: 1_2_02B539E9 LdrInitializeThunk,

1_2_02B539E9

Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.file.exe.3d63e10.4.raw.unpack, kQGy9H.cs	Reference to suspicious API methods: GetProcAddress(n2SW, kP2z8m)
Source: 0.2.file.exe.3d63e10.4.raw.unpack, jCb3L.cs	Reference to suspicious API methods: OpenProcess(1040u, bInheritHandle: false, xM92h5.Id)
Source: 0.2.file.exe.3d63e10.4.raw.unpack, jCb3L.cs	Reference to suspicious API methods: ReadProcessMemory(intPtr, lpBuffer.BaseAddress, array, array.Length, out var lpNumberOfBytesRead)
Source: 0.2.file.exe.3a7ebe8.5.raw.unpack, ResourceReferenceValue.cs	Reference to suspicious API methods: NativeMethods.LoadLibrary(ResourceFilePath)

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 428000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 42A000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: BD5008	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected WhiteSnake Stealer

Source: Yara match	File source: 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 6392, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: s\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdfjmmkpcnlpebklmnkoeoihofec</string></args></command><command name="3"><args><string>Phantom</string><string>bfnaelmomeimhlpmgjnjophhpkkoljpa</string></args></command><command name="0"><args><string>%UserProfile%\Desktop</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Desktop Files</string></args></command><command name="0"><args><string>%UserProfile%\Documents</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.;cc.;cxx.;hpp.;cs.;java.;ts.;php.;rb.;rs.;swift.;kt.;kts.;pl.;r.;sh.;lua.;py.;go.;</string><string>Grabber\Documents</string></args></command><command name="0"><args><string>%UserProfile%\Downloads</string><string>doc.;docx.;xls.;xlsx.;ppt.;pptx.;pdf.;txt.;rtf.;odt.;ods.;odp.;csv.;html.;htm.;epub.;md.;tex.;wpd.;wps.;pub.;xps.;odg.;ott.;ots.;otp.;msg.;eml.;crt.;cer.;pem.;der.;p7b.;p7c.;pfx.;p12.;sst.;csr.;key.;private.;sig.;signature.;p7s.;asc.;gpg.;authenticode.;kdb.;kdbx.;agilekeychain.;opvault.;lastpass.;psafe3.;ovpn.;log.;cfg.;conf.;c.;cpp.*;cc.
Source: file.exe, 00000000.00000002.1676055881.0000000003B67000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Remote Access Functionality

Yara detected WhiteSnake Stealer

Source: Yara match	File source: 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 6392, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 Scheduled Task/Job	211 Process Injection	3 Virtualization/Sandbox Evasion	OS Credential Dumping	121 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	3 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Data from Local System	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	Logon Script (Windows)	1 DLL Side-Loading	211 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	32 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	22 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	16%	ReversingLabs	Win32.Trojan.Generic
file.exe	28%	Virustotal		Browse
file.exe	100%	Avira	HEUR/AGEN.1323674
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://stackoverflow.com/q/11564914/23354;	0%	URL Reputation	safe
http://subca.ocsp-certum.com02	0%	URL Reputation	safe
http://subca.ocsp-certum.com01	0%	URL Reputation	safe
http://crl.certum.pl/ctnca2.crl0l	0%	URL Reputation	safe
http://repository.certum.pl/ctnca2.cer09	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.certum.pl/CPS0	0%	URL Reputation	safe
http://repository.certum.pl/ctnca.cer09	0%	URL Reputation	safe
https://stackoverflow.com/q/14436606/23354	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://crl.certum.pl/ctnca.crl0k	0%	URL Reputation	safe
https://www.certum.pl/CPS0	0%	URL Reputation	safe
https://stackoverflow.com/q/2152978/23354	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
http://185.217.98.121:80	12%	Virustotal		Browse
http://repository.certum.pl/ctsca2021.cer0A	0%	Virustotal		Browse
https://138.2.92.67:443	4%	Virustotal		Browse
http://crl.certum.pl/ctsca2021.crl0o	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://repository.certum.pl/ctsca2021.cer0A	file.exe	false	0%, Virustotal, Browse	unknown
http://crl.certum.pl/ctsca2021.crl0o	file.exe	false	0%, Virustotal, Browse	unknown
http://185.217.98.121:80	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false	12%, Virustotal, Browse	unknown
https://138.2.92.67:443	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse	unknown
https://github.com/mgravell/protobuf-netJ	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	false		unknown
http://167.235.70.96:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://20.78.55.47:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s	file.exe	false		unknown
http://107.161.20.142:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://5.196.181.135:443	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://101.43.160.136:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://repository.certum.pl/ccsca2021.cer0	file.exe	false		unknown
https://192.99.196.191:443	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://168.138.211.88:8099	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://github.com/mgravell/protobuf-neti	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	false		unknown
http://18.228.80.130:80	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://subca.ocsp-certum.com05	file.exe	false		unknown
https://stackoverflow.com/q/11564914/23354;	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://subca.ocsp-certum.com02	file.exe	false	URL Reputation: safe	unknown
http://subca.ocsp-certum.com01	file.exe	false	URL Reputation: safe	unknown
http://crl.certum.pl/ctnca2.crl0l	file.exe	false	URL Reputation: safe	unknown
http://repository.certum.pl/ctnca2.cer09	file.exe	false	URL Reputation: safe	unknown
https://jrsoftware.org0	file.exe	false		unknown
http://ccsca2021.ocsp-certum.com05	file.exe	false		unknown
http://185.217.98.121:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://8.219.110.16:9999	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	file.exe, 00000000.00000002.1658517848.0000000002E13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.certum.pl/CPS0	file.exe	false	URL Reputation: safe	unknown
http://8.216.92.21:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://65.49.205.24:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://47.96.78.224:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://129.151.109.160:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://repository.certum.pl/ctnca.cer09	file.exe	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.28.185.29:80	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/soap/encoding/	InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.certum.pl/ctnca.crl0k	file.exe	false	URL Reputation: safe	unknown
http://nsis.sf.net/License)	file.exe	false		unknown
https://154.9.207.142:443	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://209.38.221.184:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://github.com/mgravell/protobuf-net	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	false		unknown
http://206.166.251.4:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://194.164.198.113:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://38.207.174.88:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.certum.pl/CPS0	file.exe	false	URL Reputation: safe	unknown
http://159.203.174.113:8090	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://101.126.19.171:80	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://185.217.98.121:443	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://46.235.26.83:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://116.202.101.219:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://38.60.191.38:80	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://67.230.176.97:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://stackoverflow.com/q/2152978/23354	file.exe, 00000000.00000002.1676055881.0000000003A06000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1679652542.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://132.145.17.167:9090	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://nsis.sf.net/License	file.exe	false		unknown
http://schemas.xmlsoap.org/wsdl/	InstallUtil.exe, 00000001.00000002.2892476953.00000000031CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://51.159.4.50:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://8.222.143.111:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://41.216.183.9:8080	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://41.87.207.180:9090	InstallUtil.exe, 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2892476953.0000000002E26000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545804
Start date and time:	2024-10-31 02:49:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 285 Number of non-executed functions: 25
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	Apache Avro version 101
Category:	dropped
Size (bytes):	55
Entropy (8bit):	3.7031094858192377
Encrypted:	false
SSDEEP:	3:eA7GAFiPQXGgKgF/R:tGgEQXGgKgFJ
MD5:	CD0950A4AD9821873BC7ED32633C99F3
SHA1:	A5A62D11005523B85DAE57FFE25AC3AA5A7ACA22
SHA-256:	15E89B94E9B024745F25D11681CBCE8590722406949390545DA23CB7741229C4
SHA-512:	652F9C8A9575239E2691E06890CEDEA6FDAAFD6B3A09F2C96A0846916FB72D3E4F9E612F814EF593E9BCFCE4C42B2ADE07007BB3D91B114A7F2036362B2E4ED3
Malicious:	false
Reputation:	low
Preview:	Object reference not set to an instance of an object...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.6705687436026055
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'341'360 bytes
MD5:	61162abf98861e7e3176df82d232523e
SHA1:	3f2eb1c68e088fccb1b33577dc5fbc491e29efd6
SHA256:	e552849b11e4c38df89416fcee9110fdcdbba56b66ed3c18113c428e842de0f3
SHA512:	1524f16485b77eddafb5525233ccd88795b2b4b80a6bac786bda58a163f3bee0188dfa3aee7df8352768c9321720fd5ac0175010b66645a3a22b0584de541a12
SSDEEP:	24576:8/0AlqaB5TXKYSo4m/vup8Lb7nygnVD+LaH:P345TXT/vup8LnygB+aH
TLSH:	6D55E003FA9B86A2C2896777C6D6441C13B5E5847393FB1A75CE23EE6C0B77A9D02107
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T."g............................n.... ........@.. ....................................`................................

File Icon


Icon Hash:	44591141757355cc

Static PE Info

General

Entrypoint:	0x53c76e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6722DE54 [Thu Oct 31 01:33:08 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	17/04/2024 10:58:14 17/04/2025 10:58:13
Subject Chain	CN="Open Source Developer, Martijn Laan", O=Open Source Developer, L=Aalsmeer, S=Noord-Holland, C=NL
Version:	3
Thumbprint MD5:	A0EE7978E7B1952E23D91FE8DAC3BE11
Thumbprint SHA-1:	2514B6114FBBD66B24E6D171B428464B903C33D9
Thumbprint SHA-256:	9E2FD5561E1311C50C3F659667C89D4DDB1FB5C240E6A7779B85686038C6A856
Serial:	529DA3EA8D3FDD03C4BA1ACF5729E0CE

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x13c720	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x13e000	0xa054	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x144e00	0x29b0	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x14a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x13a774	0x13a800	0fc3ff074e2630486e1253f2b351b665	False	0.8539914857412559	data	7.708988508924863	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x13e000	0xa054	0xa200	9a2308ed2da94c0a118eccc84c085901	False	0.27859760802469136	data	5.54929817489867	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x14a000	0xc	0x200	344ab6b0650ed765afa157c8a804f8ba	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x13e250	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	0.4189189189189189
RT_ICON	0x13e378	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.1723826714801444
RT_ICON	0x13ec20	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	0.1814516129032258
RT_ICON	0x13f2e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.1755780346820809
RT_ICON	0x13f850	0x1a89	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.959369939643751
RT_ICON	0x1412dc	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	0.11307274444969297
RT_ICON	0x145504	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.1037344398340249
RT_GROUP_ICON	0x147aac	0x68	data	0.7884615384615384
RT_VERSION	0x147b14	0x352	data	0.4388235294117647
RT_MANIFEST	0x147e68	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Target ID:	0
Start time:	21:49:53
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x5c0000
File size:	1'341'360 bytes
MD5 hash:	61162ABF98861E7E3176DF82D232523E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1679122389.0000000005830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1658517848.0000000002A07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	21:49:54
Start date:	30/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x860000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_WhiteSnake, Description: Yara detected WhiteSnake Stealer, Source: 00000001.00000002.2892476953.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	21:49:55
Start date:	30/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 1036
Imagebase:	0x940000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.5%
Dynamic/Decrypted Code Coverage:	98.8%
Signature Coverage:	10.8%
Total number of Nodes:	251
Total number of Limit Nodes:	22

Executed Functions

Function 0602C3C0 Relevance: 16.2, Strings: 12, Instructions: 1176COMMON

Download Yara Rule

Strings

$^q, xrefs: 0602C653
,bq, xrefs: 0602CE7A
$^q, xrefs: 0602CC91
$^q, xrefs: 0602CCEA
$^q, xrefs: 0602CCFA
$^q, xrefs: 0602C8C7
$^q, xrefs: 0602C807
$^q, xrefs: 0602C817
$^q, xrefs: 0602CCA1
4, xrefs: 0602CD95
$^q, xrefs: 0602C643
$^q, xrefs: 0602C8B7

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 7b12cb803820c2f6b4e89b6ef33b01165716b84abe92ce52a69a55c16d915041
Instruction ID: 689ccbebb518af8a9f1470c5023a04c89ac220550e68e69d11b7f76a415d1395
Opcode Fuzzy Hash: 7b12cb803820c2f6b4e89b6ef33b01165716b84abe92ce52a69a55c16d915041
Instruction Fuzzy Hash: B3B20834A40229DFDB94DFA4C884BADBBF6BF88700F148599E505AB2A5CB71DC85CF50

Function 0602C6E7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,bq, xrefs: 0602CE7A
$^q, xrefs: 0602CC91
$^q, xrefs: 0602CCEA
$^q, xrefs: 0602C807
4, xrefs: 0602CD95
$^q, xrefs: 0602C8B7

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: c3b3cc5cec1442ff36edce93a75db709855ce65881819e65635a329904f67adb
Instruction ID: bffc997ff521631bb03a8127cdd66153bcb9df33e61f8cfdf5ea72e117ee1a42
Opcode Fuzzy Hash: c3b3cc5cec1442ff36edce93a75db709855ce65881819e65635a329904f67adb
Instruction Fuzzy Hash: 6A221A34A40225DFEB94DFA4C884BADBBF2BF88700F148199E509AB295DB71DD81CF50

Function 0120D348 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pbq, xrefs: 0120DF02
TJcq, xrefs: 0120D4EA
Te^q, xrefs: 0120DA6B
xbaq, xrefs: 0120D475

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: 48b73db95f2122f4487e94c4059b51fb6cd37aaaab31860ef1cce1852f81e1e0
Instruction ID: c3c93cd4321507fdd2c201c6b7dda5c959bad2302c88b8b2f1931720ebeb7788
Opcode Fuzzy Hash: 48b73db95f2122f4487e94c4059b51fb6cd37aaaab31860ef1cce1852f81e1e0
Instruction Fuzzy Hash: 27A2D774A01228CFDB55CF69C984AD9BBB2FF89304F1581E9D509AB366DB319E81CF40

Function 05FE2DF8 Relevance: 3.1, Strings: 2, Instructions: 637
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 05FE2EFD
fcq, xrefs: 05FE2F10

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: 9b321578106dc37de2ea34b2a69d5d6cc2e9e5ecba60fe04c53f5be8b2ac3da6
Instruction ID: 0fafa9faed9da9870f8b52e971454ac9ed6ba27afac59db6d02c6228d70b5443
Opcode Fuzzy Hash: 9b321578106dc37de2ea34b2a69d5d6cc2e9e5ecba60fe04c53f5be8b2ac3da6
Instruction Fuzzy Hash: B562F675E006298FDB64DF69D844ADDB7B1FF89300F1086AAD909A7344DB70AE85CF90

Function 06027F40 Relevance: 3.0, Strings: 2, Instructions: 458
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

&M, xrefs: 0602809A
Te^q, xrefs: 06028316

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q$&M
API String ID: 0-3890748486
Opcode ID: 41e4fc34014786583087328cecf29543553680af05ea7519b03e90bc571a6b9a
Instruction ID: b16bedd91b02176119c208a182670a15e0f6d7159402d410b866449512904ab1
Opcode Fuzzy Hash: 41e4fc34014786583087328cecf29543553680af05ea7519b03e90bc571a6b9a
Instruction Fuzzy Hash: 21120574E45229CFEBA4DF59D844BADBBB2BF49300F1081AAD50DA7344DB709D898F90

Function 06027F30 Relevance: 2.9, Strings: 2, Instructions: 449
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

&M, xrefs: 0602809A
Te^q, xrefs: 06028316

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q$&M
API String ID: 0-3890748486
Opcode ID: 9f4392433cda0e4596618d5636e70351e9d8d58fee4bdb116fc869e34e882748
Instruction ID: 69cd4121b98b53700296e3675d982bcd7e91c1566c261f295f393b01bdc34f0b
Opcode Fuzzy Hash: 9f4392433cda0e4596618d5636e70351e9d8d58fee4bdb116fc869e34e882748
Instruction Fuzzy Hash: 2012F574E45229CFEBA4DF59D884B9DBBB2BF49300F1081AAD50DA7344DB709E898F50

Function 0602D5C8 Relevance: 2.9, Strings: 2, Instructions: 403
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 0602D96C
,bq, xrefs: 0602D6BE

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 49dfefbf1f0b7541808ccd36f9e3179f28b49e04a5d41cf0d390c9016f7f5c9a
Instruction ID: 75124a4f26ffbd73a7018c92259c5d975d99ef152f5e8701f2134ad08ce47de1
Opcode Fuzzy Hash: 49dfefbf1f0b7541808ccd36f9e3179f28b49e04a5d41cf0d390c9016f7f5c9a
Instruction Fuzzy Hash: D1F17B35A402558FCB95CF68C594AADBBF2FF89300F19C499E845AB3A2D734EC41CB90

Function 0602806B Relevance: 2.9, Strings: 2, Instructions: 365
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

&M, xrefs: 0602809A
Te^q, xrefs: 06028316

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q$&M
API String ID: 0-3890748486
Opcode ID: db4ee434c918b1eb90f773717bbf54624e13c2faf5476683f9322507e6c24762
Instruction ID: 631ff31a60a82645641c52e4fd975332f647ef5358a6f4220efee57f85dd31db
Opcode Fuzzy Hash: db4ee434c918b1eb90f773717bbf54624e13c2faf5476683f9322507e6c24762
Instruction Fuzzy Hash: 7002F374E45229CFDBA4DF59D884B9DBBB2BF49300F1081A9D509A7344DB709E89CF90

Function 06037870 Relevance: 1.9, Strings: 1, Instructions: 675COMMON

Download Yara Rule

Strings

(bq, xrefs: 06037A28

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 1f358652e7baf4146b8aad4bfbe214683bbd3c823bb9dda73f60f7a86b78e6d9
Instruction ID: 572f167ba0db105994ea5bc22f6158744993dc3f117b69e8f9328ab71e8a4be8
Opcode Fuzzy Hash: 1f358652e7baf4146b8aad4bfbe214683bbd3c823bb9dda73f60f7a86b78e6d9
Instruction Fuzzy Hash: 54427B74B006198FCB94DF69C494A6EBBF6FF88301F24852DE55AD7381DB30A941CB85

Function 05FE6AD0 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05FE6B8D

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 0ac4814f1a9e691bc5a2de36180866c80a4f2210d3e3abbb4dd298b097fc2ae2
Instruction ID: f35002627c3f21d94504d531ad4bd88bbd07fb7a1cfbfe3262143647cf0be91b
Opcode Fuzzy Hash: 0ac4814f1a9e691bc5a2de36180866c80a4f2210d3e3abbb4dd298b097fc2ae2
Instruction Fuzzy Hash: 2F4189B5D002589FCF10CFA9D980ADEFBB5BB59310F10902AE815B7210D735A945CF64

Function 05FE6AD8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05FE6B8D

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: cc42c89fcbdd8b615c671a627711e927de8be6cdc9b9e3ce50ac2d41983dc3c0
Instruction ID: e0933a03a035e31bec503d2cb9961c967f90460c25aafa568a30e20347d7f503
Opcode Fuzzy Hash: cc42c89fcbdd8b615c671a627711e927de8be6cdc9b9e3ce50ac2d41983dc3c0
Instruction Fuzzy Hash: 474177B9D0425C9FCF10CFAAD980ADEFBB5BB59310F10942AE819B7210D735A945CF68

Function 05FE7F50 Relevance: 1.6, APIs: 1, Instructions: 92nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05FE7FE6

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 7eb5c6aa460950b5738ad7580b4c80ea987521692d0a17b6b40177b885b97960
Instruction ID: 1278d4e8b2526e9a383bc5f2808cd9d97b60a90b409883a758796ebb32100351
Opcode Fuzzy Hash: 7eb5c6aa460950b5738ad7580b4c80ea987521692d0a17b6b40177b885b97960
Instruction Fuzzy Hash: 3731EBB5D012189FCB04DFA9E984A9EBBF1BF48310F10842AE819B7310CB79A945CF94

Function 05FE7F58 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05FE7FE6

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c2f0263d5dbc71c2e7dbf937540a79984d415298171aaaacce1d9b700600f787
Instruction ID: 73eed3ad4d0aee6122bbbdee7809d45fe31289666e807c9aa95b5a72250168e5
Opcode Fuzzy Hash: c2f0263d5dbc71c2e7dbf937540a79984d415298171aaaacce1d9b700600f787
Instruction Fuzzy Hash: 2431A8B5D012589FCB10DFA9D980A9EFBF5FB49310F20942AE815B7200C739A946CF94

Function 06028FB8 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06029358

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: abbdd4bc39c065a2bd90de6a805b32a73c576e58eb84e75c5125242a760299d4
Instruction ID: c58f91d26413e1a08cbb4be7f1c1ab7c107f9187e728f8619646b205786829ad
Opcode Fuzzy Hash: abbdd4bc39c065a2bd90de6a805b32a73c576e58eb84e75c5125242a760299d4
Instruction Fuzzy Hash: DEB1F6B0E45229CFEB54DFAAD984B9DBBF2BF89300F109069D40DAB255DB705985CF40

Function 06028FA8 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06029358

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 25c30c89111756939c0365ff15079781e029475a10a0fed26b08df475b5d5b03
Instruction ID: 1033634cd879914e05ec185d8ffc46c7fffca10277ccfac8273b31581f215fb3
Opcode Fuzzy Hash: 25c30c89111756939c0365ff15079781e029475a10a0fed26b08df475b5d5b03
Instruction Fuzzy Hash: 86B105B0E45219CFEB94DFAAD984B9DBBF2BF89300F208069D409AB355DB705985CF40

Function 0615B8C8 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

]%~>, xrefs: 0615BB3E

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID: ]%~>
API String ID: 0-1450755515
Opcode ID: 29573ede56b3959228835421f86c71099bdafba59f5672672ed0c2a5980c73be
Instruction ID: 1d6bca29cc33785677457f38fd92a42ce4b1dd9b5ccbaf68ef6a80f5db53502f
Opcode Fuzzy Hash: 29573ede56b3959228835421f86c71099bdafba59f5672672ed0c2a5980c73be
Instruction Fuzzy Hash: 83B134B0E08218CFDB44DFA9D854BEEBBB1BF49300F11816AE929AB354DB745945CF90

Function 0615AA69 Relevance: .6, Instructions: 609COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0d29d59d37bdb7edc22cd110f56c17c1b27b47d51cd395da037ee4d07b35df
Instruction ID: 72ffc808103c8a4fa190a52e90173d3f2053fcd40f435f2684434adc2b8bc5c8
Opcode Fuzzy Hash: ce0d29d59d37bdb7edc22cd110f56c17c1b27b47d51cd395da037ee4d07b35df
Instruction Fuzzy Hash: 93B10570E45218CFDB94EF6AD884B9DFBB2BF49300F1181AAD819A7354DB705A85CF90

Function 05FEDCB8 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46a1a756bd698ae71922f74b2aa620e5532669bc541d0d55dacd00496432b42f
Instruction ID: 4ef520f9372e38fcec5ee301836a6782f3b933885dfc6b431dd22f820123c38e
Opcode Fuzzy Hash: 46a1a756bd698ae71922f74b2aa620e5532669bc541d0d55dacd00496432b42f
Instruction Fuzzy Hash: 4E02C3B0D00219CFDB24CFA8D885B9DBBF1BF49304F1481AAD909B7254EB749A85CF55

Function 05FEEAE8 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0136bccfdeed2225f283d95a22b5baf27962a8bd1ed80a90977f2ac40d299bcd
Instruction ID: 08c66eec85c49959ece05c199c672fd72ee364bb22a87f0c88c760a9da4088db
Opcode Fuzzy Hash: 0136bccfdeed2225f283d95a22b5baf27962a8bd1ed80a90977f2ac40d299bcd
Instruction Fuzzy Hash: 87F1E4B0D00219CFDB20DFA8D981B9DBBF2BF49304F1481AAD909B7254EB749A85CF51

Function 06152540 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d75be956617b0a944fbacfbe90c7b61125434489e74ddccc925f912c66b4de60
Instruction ID: fc7cb78c10a1b45cc63c31fea8df5d436c6dfc810d7689ba7dbd92e6bf6a1330
Opcode Fuzzy Hash: d75be956617b0a944fbacfbe90c7b61125434489e74ddccc925f912c66b4de60
Instruction Fuzzy Hash: 5BD12271E05218CFEB98DFA5D944BADBBF2FB49300F1180A9D419AB395CB745A84CF40

Function 06152530 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7188650cf36e899950974df6224b8fd65c7f495a2721511b357bddd1e15b3c74
Instruction ID: ebb8829f20d2f178c51c6747adbfdda475da294f8ccedf062904ab9db77a34c1
Opcode Fuzzy Hash: 7188650cf36e899950974df6224b8fd65c7f495a2721511b357bddd1e15b3c74
Instruction Fuzzy Hash: BCD13271E05218CFEB98DFA5D944BADBBF2FB49300F1181A9D409AB394CB745A88CF40

Function 0603BC43 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760cbaf01ecfe80749941e61f4ba363b9008b64b1c8831f78bcb06b4204f1c1e
Instruction ID: 3fefe9be85d69e0de0073e47e994c9524b7a02174a870a8e82798a24a60a6853
Opcode Fuzzy Hash: 760cbaf01ecfe80749941e61f4ba363b9008b64b1c8831f78bcb06b4204f1c1e
Instruction Fuzzy Hash: 6BE12874A44228CFDBA4DF29D944BE9BBF5EB48305F1081E9D509AB384DB705E85CF80

Function 0603BBA4 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d7badecd00981df6c3eec119269fbf39216d9cd3def8d30250a9350532ddeb8
Instruction ID: 7914559f112e21c27bb1225a8620b39c2458c740c87d1b9c7ff9ef07818e0937
Opcode Fuzzy Hash: 1d7badecd00981df6c3eec119269fbf39216d9cd3def8d30250a9350532ddeb8
Instruction Fuzzy Hash: A8D12670A44228CFDBA4DF29D944BE9BBF5AB49305F1095E9D50DAB380DB705EC48F80

Function 0615AD40 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cfc673addd3900863ccdf7d6319de7217bff3370928aaf35cd367dacf73e28
Instruction ID: fa4e637fdc0ca870d05c9904223b3fa52d406a14f6c8eb044fce201dc99c928d
Opcode Fuzzy Hash: 10cfc673addd3900863ccdf7d6319de7217bff3370928aaf35cd367dacf73e28
Instruction Fuzzy Hash: 96B10570E45218CFEB98EF69D844B9DBBB2FF49301F11816AD819A7354DB705A85CF80

Function 0603C00B Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac65202bbdbd153dc9b492a8521f7b9a8623311768577daa50d699832be6654
Instruction ID: 616cf34909ee295f5ef51cf767794951c70b0a9e5ed6c185f4e0cc7591b92f6f
Opcode Fuzzy Hash: cac65202bbdbd153dc9b492a8521f7b9a8623311768577daa50d699832be6654
Instruction Fuzzy Hash: DEC13770A44228CFDBA4DF29D944BE9BBF5AB49305F1085A9D50DAB384DB709EC58F80

Function 05FE6818 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8b9895d10e768ffe7fefa5112eab25cfd2c736be19f2afdf2b17c9df872b7d1
Instruction ID: a939e9002cf4a546393ba02e0c3ae49d3520f4096ceb5cbfd2984c9835464963
Opcode Fuzzy Hash: c8b9895d10e768ffe7fefa5112eab25cfd2c736be19f2afdf2b17c9df872b7d1
Instruction Fuzzy Hash: 0581D574E01209DFCB44DFA9E544AAEBBF5FF88300F10842AE419EB365DB74A9458F90

Function 0603AFD0 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9554762ad363f4536f6a76f201a40e00d1806bf818088058ec6fa67f2d954a
Instruction ID: 604097d5f2c684deaa3d79d9d6c7e44475da4618bfa164a29133b8563abf9fbe
Opcode Fuzzy Hash: 5c9554762ad363f4536f6a76f201a40e00d1806bf818088058ec6fa67f2d954a
Instruction Fuzzy Hash: D9512570E85218CFEB94DFA9D548BEDBBFAEB5930AF10502AD019A7384C7745985CF80

Function 0603AFC0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543422739966d1d82decb9878bfced875f0e1f78cb7f594706f661f835c6f680
Instruction ID: 2a209050b5ed60afdbbf807eb924d91f0d53668a04b293c01b8da3ba91d50936
Opcode Fuzzy Hash: 543422739966d1d82decb9878bfced875f0e1f78cb7f594706f661f835c6f680
Instruction Fuzzy Hash: 7B513470E45218CFEB54DFA9D548BEDBBFAFB8930AF10502AD019A7384C7705985CB80

Function 05FE20EF Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfcba2df5f7d8e111c80bab702e79103ad924a860c9b99af5db45c82b406005b
Instruction ID: 97fd2c2a23b98e525e26b37054c622f391a948514b1d66b92c3176f2e5fead5a
Opcode Fuzzy Hash: cfcba2df5f7d8e111c80bab702e79103ad924a860c9b99af5db45c82b406005b
Instruction Fuzzy Hash: 21311975D05218DBDB18CF9AD840B9DFBFABF89300F14C0AAD519A7254EB385A41CF41

Function 05FE3D40 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c511cb700ceba0b8de8f67264f146e90cd09e18b2c01ff2c14a46f541b613a0
Instruction ID: 63bb18bf3b11db0d319f39667b1bdc3a8a13edba7d07a4c42c8eb67a67cfe7c0
Opcode Fuzzy Hash: 9c511cb700ceba0b8de8f67264f146e90cd09e18b2c01ff2c14a46f541b613a0
Instruction Fuzzy Hash: 78315C71D04219CBDB58CF6AD945BEEBBF6BF88300F00C4AAD409AB354DB7429418F90

Function 0120EEF8 Relevance: 6.6, Strings: 5, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 0120F241
(bq, xrefs: 0120F146
(bq, xrefs: 0120F11A
(bq, xrefs: 0120F063
(bq, xrefs: 0120F00C

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq$(bq$(bq
API String ID: 0-2298650571
Opcode ID: fbf685c5c9033bd5d50b753954762d193d4f088f30502766c31df8bf7af6c47d
Instruction ID: f7d4ac342e25f467fbc3a755073fe249cde8f186675989ca52db9e10607d95bd
Opcode Fuzzy Hash: fbf685c5c9033bd5d50b753954762d193d4f088f30502766c31df8bf7af6c47d
Instruction Fuzzy Hash: 14B11F367102558FDB15DF69E844AAE7BE6EF88310B14857AEA05CB396CF34DC02CB90

Function 060355B0 Relevance: 5.2, Strings: 4, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(_^q, xrefs: 06035CA3
(_^q, xrefs: 06035C5D
(_^q, xrefs: 06035C53
(_^q, xrefs: 06035CD9

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$(_^q$(_^q
API String ID: 0-2697572114
Opcode ID: 3ce84f4196a20d3348ecb69f1e2f2025fa2dd904c162c7de0cbf0a8e712629a8
Instruction ID: 76cb33cb13318473423f444cf54b037c0ef70094edb7b20ef4a186b2ecb9ebb2
Opcode Fuzzy Hash: 3ce84f4196a20d3348ecb69f1e2f2025fa2dd904c162c7de0cbf0a8e712629a8
Instruction Fuzzy Hash: AB71F035A40204CFC754DF68C8959AEBBF6EF86305B244869E846DB361DB35EC82CB90

Function 06033B40 Relevance: 4.1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 06033C69
Hbq, xrefs: 06033CC1
(bq, xrefs: 06033C95

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq
API String ID: 0-2835675688
Opcode ID: c3095ed40d80bb8d1d336f1eac2bfa6940258263b5ffb41e41b5ca0e6b46a4e2
Instruction ID: bb2bf8b82e0ed5baad2e9d80bd2b9e4280744165eba5f3d07b96d5337b37b514
Opcode Fuzzy Hash: c3095ed40d80bb8d1d336f1eac2bfa6940258263b5ffb41e41b5ca0e6b46a4e2
Instruction Fuzzy Hash: A2E12F34A10258DFCB44EF68E4949ADBBB6FF89301F108569E805AB364DF30ED41CB91

Function 0602EA99 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0602EDC3
$^q, xrefs: 0602EDB3

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: b3e7b75471adbacc1a501871bd49bc167d3f2cab65d178758f6bcba62cd4f23b
Instruction ID: 87d23dd24d7ecf0418476540fe78a0cca88c3c73bc210346af321b7613e491a8
Opcode Fuzzy Hash: b3e7b75471adbacc1a501871bd49bc167d3f2cab65d178758f6bcba62cd4f23b
Instruction Fuzzy Hash: 27126030E8062A8FCB95DFA4D854AAEBFF1FF48700F148519E851AB394DB349946CF90

Function 0602DC60 Relevance: 2.7, Strings: 2, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 0602DDF5
(bq, xrefs: 0602DD66

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 3f5190b06bdd00b75c7105f1a9803cfe49ca501e677d53c8973713017ab86fec
Instruction ID: b2ed437e2f64da3c04fab92bdf5aa1c246cd62497a42ce6a399c45ca6c9478c1
Opcode Fuzzy Hash: 3f5190b06bdd00b75c7105f1a9803cfe49ca501e677d53c8973713017ab86fec
Instruction Fuzzy Hash: 39518835B402558FC799AF38D45466EBBF6AFD9300B20886DE4069B3A5DF31ED02CB91

Function 06034DA0 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

Hbq, xrefs: 06034E1B
(bq, xrefs: 06034DEF

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: dbce9ac40eec83553ff43a0b14773a5d72d924f15be260edc04d667c474170b5
Instruction ID: 163351154b3b5064d4c2f069e99af35a6068fbf7f6712a3e4a0b4cf47ae65bb6
Opcode Fuzzy Hash: dbce9ac40eec83553ff43a0b14773a5d72d924f15be260edc04d667c474170b5
Instruction Fuzzy Hash: 0E41D0317882949FC7419B79D85169A7FFAEF86200F1485AEE405CF3A2EE35DC05C391

Function 06035EA8 Relevance: 2.6, Strings: 2, Instructions: 143COMMON

Download Yara Rule

Strings

Hbq, xrefs: 06035FCC
(bq, xrefs: 06035EF6

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 19e7ef89c9640cc42d0d6dff9e00dd08df9f6122046709ec3b062a543b7a41af
Instruction ID: f433abbac2d3934c88a2526489a33e41723825c43cacaf6ba92073971d6b7d74
Opcode Fuzzy Hash: 19e7ef89c9640cc42d0d6dff9e00dd08df9f6122046709ec3b062a543b7a41af
Instruction Fuzzy Hash: 2241C135B442509FC7859B28C854A2E7FFAEF89351F1584AAE405CB3A2DF35DC02CB91

Function 0602F268 Relevance: 2.6, Strings: 2, Instructions: 53COMMON

Download Yara Rule

Strings

$^q, xrefs: 0602F2BF
$^q, xrefs: 0602F2CF

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 57e02b6b21e39ada3344e9619cfcb48b02083425818385f519f37e99e2ed6fe8
Instruction ID: a561369d3e56fb17cc59ebfb5ef34dfe94d9e434422cf78804192d4e2db02273
Opcode Fuzzy Hash: 57e02b6b21e39ada3344e9619cfcb48b02083425818385f519f37e99e2ed6fe8
Instruction Fuzzy Hash: 5A11E179AC021BDFEBA4CE98C044BA9BFF9AF06390F204066E400DB260D771DD88CB50

Function 06295630 Relevance: 2.5, Strings: 2, Instructions: 46COMMON

Download Yara Rule

Strings

], xrefs: 0629570B
0, xrefs: 062956DC

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID: 0$]
API String ID: 0-1058599021
Opcode ID: edbbe0ae8dd58732a12c9b5dbce635db556c8147d9d122ae54dfd11b9e51e6c0
Instruction ID: 2ba1d5338fb674ebd843c7ee12827968da8fafc1ccd2ac40e57b63438788ba61
Opcode Fuzzy Hash: edbbe0ae8dd58732a12c9b5dbce635db556c8147d9d122ae54dfd11b9e51e6c0
Instruction Fuzzy Hash: 2E21F5B4E0122D8FDB65DF18D884BD9B7B2EF89304F5040E9D508A7384CB709E948F45

Function 0603F649 Relevance: 2.5, Strings: 2, Instructions: 40COMMON

Download Yara Rule

Strings

$, xrefs: 0603F6D2
(, xrefs: 0603F6F5

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: $$(
API String ID: 0-72908402
Opcode ID: 9d6c84e4c98f51378fdf887fc54e089ae4e904514b33c47f5c7f3ad7bebd5300
Instruction ID: e3c0e877257db5720a5b34c18f36733bbb2b201ecbcdfb7a317ed5bb63f40622
Opcode Fuzzy Hash: 9d6c84e4c98f51378fdf887fc54e089ae4e904514b33c47f5c7f3ad7bebd5300
Instruction Fuzzy Hash: B6111830A40514CFCB94EF25E989A9A7BB1BF48304F1082EAD509AB354DB74AE85CF80

Function 06030040 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 060303BB

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 69ba038dd90e94894b15f92006ae85ca91d7be99f274a671f9066eb811a32de9
Instruction ID: 829924f7c8f3659ba4f38a70989d07dc28a63cc4182129c11be3918e27303c3b
Opcode Fuzzy Hash: 69ba038dd90e94894b15f92006ae85ca91d7be99f274a671f9066eb811a32de9
Instruction Fuzzy Hash: 56520975E402288FDB64DF68C985BDDBBF6BB88300F1581D9E549AB351DA309E80CF61

Function 0602F620 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 0602F8B0

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 584b84eb0458eb1479927a4dfcfb3304a9cb3b1b5f703ee678031f408e8b9bd9
Instruction ID: c22dfd0d559cd60cc482fe60d4d27bb4c6cd41d5da83824327d3e8e274b3710e
Opcode Fuzzy Hash: 584b84eb0458eb1479927a4dfcfb3304a9cb3b1b5f703ee678031f408e8b9bd9
Instruction Fuzzy Hash: 15228D35A802169FDB44DFA4D494AADBBF6FF88340F148469E8059F3A5CB71ED81CB90

Function 05FE72BD Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05FE752F

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: ee530896ade7848bf43c72df6c9830c793d439ca7981a813855df2ccdcbac9eb
Instruction ID: ed7e49bba22e28b0acefc31e6f17c4cf2f52ed3bc815df81e3407d59633aea3a
Opcode Fuzzy Hash: ee530896ade7848bf43c72df6c9830c793d439ca7981a813855df2ccdcbac9eb
Instruction Fuzzy Hash: 5CA100B0D01258CFDF10DFA9C845BEEBBB1FB09314F14916AE859A7240DB789986CF85

Function 05FE72C8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05FE752F

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 89f4182531a6410d048378468a4a6c1645fd82041e5d98a40916200de9ed1a51
Instruction ID: 3522774803d32b72761d9f5727dcb72312d692b5cef311a147a8b3c40629685f
Opcode Fuzzy Hash: 89f4182531a6410d048378468a4a6c1645fd82041e5d98a40916200de9ed1a51
Instruction Fuzzy Hash: 1BA101B0D01298CFDF10DFA9C845BEEBBB1FB09314F149169E859A7240DB789986CF85

Function 06030EE8 Relevance: 1.6, Strings: 1, Instructions: 394COMMON

Download Yara Rule

Strings

$^q, xrefs: 0603100F

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 506c1af48a6d456fd78be45ac9f8c598a3692d9b4483ca927cbf17083b8610b8
Instruction ID: 13474d4fb801b68f0d36a69c162601af10e8c18991bf95cc192fa33570204b7a
Opcode Fuzzy Hash: 506c1af48a6d456fd78be45ac9f8c598a3692d9b4483ca927cbf17083b8610b8
Instruction Fuzzy Hash: A2E1B171B402628FE794AF64D451B2E7EFAAF89301F1484ADE982CB3D1DA34CD85C752

Function 05FE7D40 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05FE7E13

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 21a8b2460521a89e2718f4c7482397e19b70105bf516f6227b74582aa1359885
Instruction ID: 0b426fa3f74467cff355ad48999083a47a93a6f5f0ac851aea40deddff399012
Opcode Fuzzy Hash: 21a8b2460521a89e2718f4c7482397e19b70105bf516f6227b74582aa1359885
Instruction Fuzzy Hash: 674199B5D012589FCB10DFA9D984ADEFBF1FB49310F10942AE819B7210D739AA45CB54

Function 05FE7D39 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05FE7E13

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e60639e40bee6860e9e7964617b6a6ff0415e3ac4c60acfa319910dc970248fe
Instruction ID: 994590f455511b5f5e18e1d4b9b9e9317fca05a58a412c1259c0573c9c2f735b
Opcode Fuzzy Hash: e60639e40bee6860e9e7964617b6a6ff0415e3ac4c60acfa319910dc970248fe
Instruction Fuzzy Hash: B94198B5D012588FCB10DFA9D984AEEBBF1FB49310F20942AE819B7210D738AA45CB54

Function 05FE7BD8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FE7C8A

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: df3eca4ff3b9eacd2418c953a216aff9d60af56e10be8e340e24f779aede2be3
Instruction ID: e06ebeb8dbf911d67eeb12ca433af3d017dc1659d5d92ba65dd11ebd217bee5f
Opcode Fuzzy Hash: df3eca4ff3b9eacd2418c953a216aff9d60af56e10be8e340e24f779aede2be3
Instruction Fuzzy Hash: 1B3197B9D052589FCF10DFA9D980ADEFBB5FB49310F10A02AE815B7210D735A946CF58

Function 05FE7BE0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05FE7C8A

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1b4ec26a3f8f1a5a6b0d25ad597aa39e565bbd4f400f24ec9a6587893c88a4a7
Instruction ID: d9894df6f8ef2352ba86bb28f28be6467168ee262bf2dd2c5c942763ab7c0aa1
Opcode Fuzzy Hash: 1b4ec26a3f8f1a5a6b0d25ad597aa39e565bbd4f400f24ec9a6587893c88a4a7
Instruction Fuzzy Hash: A431A8B9D052589FCF10DFA9D980ADEFBB5FB49310F10902AE815B7210D735A945CF58

Function 05FE8229 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05FE82D4

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 09226c5bb5dc2f2dd91fc44dc97a6c2dd43e90fd0b716f1634ffdc2dbedc43b6
Instruction ID: 268775c03094667c45f9c4175bb72f2328249e2bc013e49dd1d46cc47ce1e353
Opcode Fuzzy Hash: 09226c5bb5dc2f2dd91fc44dc97a6c2dd43e90fd0b716f1634ffdc2dbedc43b6
Instruction Fuzzy Hash: D131B9B5D002589FCF10DFA9D980AEEFBB1BB49310F10942AE815B7210D739A945CF98

Function 05FE8230 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05FE82D4

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6d8e41650a5b54edc34f146477e910411afd3ec47d8fc37c520346e7cfead7f0
Instruction ID: 7983c71cc8a4c8353c786e9a2bfc8a8a692a4c146fae14af021d5bb5835b33e0
Opcode Fuzzy Hash: 6d8e41650a5b54edc34f146477e910411afd3ec47d8fc37c520346e7cfead7f0
Instruction Fuzzy Hash: 6331CAB5D002589FCF10DFA9D980AEEFBB1BB49310F10942AE815B7210D739A945CF58

Function 0600DA00 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0600DAA4

Memory Dump Source

Source File: 00000000.00000002.1679849378.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6000000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3d9e56845dad7a0e1a21556f36015f83d244bea56d5d17676057769cae3a9044
Instruction ID: dbddeb565152a8538dc9148d8ffaa5ffa9b9052d3295ebdd979dc3c01caa3dae
Opcode Fuzzy Hash: 3d9e56845dad7a0e1a21556f36015f83d244bea56d5d17676057769cae3a9044
Instruction Fuzzy Hash: F931A7B4D042589FDF10CFA9D980ADEFBB0BF49310F24902AE814B7250D735A945CFA8

Function 05FE7678 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05FE772F

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 08ef9a4ad9601234ee183bcc570fd1a88bcb2ec57c1b5f17044d2b07f9b852e1
Instruction ID: 7da17933804b6a5ed9647671425fe6a0f23cf02d7f8452e445a8371535b7f4e7
Opcode Fuzzy Hash: 08ef9a4ad9601234ee183bcc570fd1a88bcb2ec57c1b5f17044d2b07f9b852e1
Instruction Fuzzy Hash: D241ACB5D012589FCB10DFA9D984AEEFBF1FB49314F24842AE415B7240D738A945CF94

Function 05FE7680 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05FE772F

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 0e35a70bed66a22f8c241e31574792781065abc761e670cadf2af1cc37751a39
Instruction ID: 49fea0e29b566d398c1985611cfb71e926f9cd9479771c1f7bc8bf69911a9641
Opcode Fuzzy Hash: 0e35a70bed66a22f8c241e31574792781065abc761e670cadf2af1cc37751a39
Instruction Fuzzy Hash: 7531BBB5D012589FCB10DFA9D984AEEFBF1BB49314F24842AE415B7240D738A985CF94

Function 06151448 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000), ref: 061514A6

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 922cd0926fdbb30f2116a301a079011ba46c8d8d9b51149c6af8914ffd175afc
Instruction ID: 42165b33eaca0ef4561bef79db1daca42da8a15690337e4a9d642ccf97e48216
Opcode Fuzzy Hash: 922cd0926fdbb30f2116a301a079011ba46c8d8d9b51149c6af8914ffd175afc
Instruction Fuzzy Hash: E02114B1800349DFDB10CF99C44A79EFFF4EB09318F24845AE969A7250C779A984CFA5

Function 06151458 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000), ref: 061514A6

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: af4e17b07a53e77db3f02bad2248a6d80ff09f6d7bbf0a8a87f13606f2bd580c
Instruction ID: 09e84fabc134465f92117303d8ab29bdd8c1e00b6a4f24adfb09f511d55ba1d3
Opcode Fuzzy Hash: af4e17b07a53e77db3f02bad2248a6d80ff09f6d7bbf0a8a87f13606f2bd580c
Instruction Fuzzy Hash: 5F2104B1800349DFDB10CF99C54979EFFF4AB08318F248459D969A7350C7B9A984CFA5

Function 0603BB8D Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

zGt, xrefs: 0603B934

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: zGt
API String ID: 0-1640420941
Opcode ID: 18517f6934d93c3ea7601afae0d41453662ff2186d9d533eaee9254ac39d05f0
Instruction ID: 5632ec6c7f88ccf9076b44296782b5db4ff34c0312409efc7b4b1b019d7f8ec6
Opcode Fuzzy Hash: 18517f6934d93c3ea7601afae0d41453662ff2186d9d533eaee9254ac39d05f0
Instruction Fuzzy Hash: 2DB11870985229CFDBA4DF25D988BA9BBB5FB08309F1041EAD419A7385CB745EC5CF80

Function 06032960 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06032A72

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: d2f754a3e558dae2f944ecebb1ebd4030a4c5833b76c0dc60d34bbdadbf7bc5a
Instruction ID: 96eb3ee76cb022bb5bd718ddfb31154642b8fd3e92d4e0cb8275a77d8ba80229
Opcode Fuzzy Hash: d2f754a3e558dae2f944ecebb1ebd4030a4c5833b76c0dc60d34bbdadbf7bc5a
Instruction Fuzzy Hash: 2D714C30B40214DFDB54EF68D894BAE7BF6AF88701F108468E505AB3A5CE75ED42CB91

Function 0603D223 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

PH^q, xrefs: 0603D2F2

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: a39632cd7f35e0adddeae83a4ca8a84409a7d2a095c2c6393eed7c447a1d019c
Instruction ID: 1ff7740fa154ae3873fc384af7ca12b507fb7fa48e0ff6612da34b19a8e27d8a
Opcode Fuzzy Hash: a39632cd7f35e0adddeae83a4ca8a84409a7d2a095c2c6393eed7c447a1d019c
Instruction Fuzzy Hash: 49810674A45269CFDBA4DF1AD944B99BBB5BF48301F1091EAD50DAB380DB705E81CF80

Function 0602ADD0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

(bq, xrefs: 0602AE44

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 7d7379e37e7a6fa634065e970923a5519143692b450494dbbc01e0a0cc343e1b
Instruction ID: ce9de7564e1e68251e460954d1e0743f840b317d202612b26ed25a6ebd1f70e9
Opcode Fuzzy Hash: 7d7379e37e7a6fa634065e970923a5519143692b450494dbbc01e0a0cc343e1b
Instruction Fuzzy Hash: CE512271B40622CFCB41DF68C4809AAFFB4FF85320B15819AE915DB242DB30EC52CB90

Function 0602BCB0 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

,bq, xrefs: 0602BD13

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: b4c7c17e6f15deab7ba28f23cb287291c8447d51fd6d7087d225aa63992fbe9d
Instruction ID: 5dd41d935a4c400fb1393e30488867070e6ee0b5d7147ea4d0abb6db9c2c5641
Opcode Fuzzy Hash: b4c7c17e6f15deab7ba28f23cb287291c8447d51fd6d7087d225aa63992fbe9d
Instruction Fuzzy Hash: 2351CF35B001118FCB05DF69D890AAEBBE2FF88314B258069E905DB361DB31EC02CB91

Function 06029E20 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

pbq, xrefs: 06029ED0

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: ad39fb37156a197b7b2b11c2f7fdaa25c010770af7bd37a4a77473e13c62fe24
Instruction ID: 9e8ff27700f1a6f0736e1073f0307f925d44150dae36d5b27c351c102cf21435
Opcode Fuzzy Hash: ad39fb37156a197b7b2b11c2f7fdaa25c010770af7bd37a4a77473e13c62fe24
Instruction Fuzzy Hash: 82513C76640104AFCB459FA8D914D6A7FF7FF8C3147158498E2099B376DA32DC22EB90

Function 06034258 Relevance: 1.4, Strings: 1, Instructions: 141COMMON

Download Yara Rule

Strings

(bq, xrefs: 06034384

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 4bf2b80c9ddd1a2b6bcefca35bc290cfc855d5b62f11e8f81227e3d322a87ce5
Instruction ID: 38fac4dffd361bff9ed60b25287e1c06932dbd660562af8b91bd136384a78828
Opcode Fuzzy Hash: 4bf2b80c9ddd1a2b6bcefca35bc290cfc855d5b62f11e8f81227e3d322a87ce5
Instruction Fuzzy Hash: 6E419C32604150AFCB459F68D858E59BFFAFF89310B1A80EAE209DF272CA31DC11DB51

Function 06033208 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06033242

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: fd3b0ed7c7d928670787ace0f46dda9270199d730d16996ca621a6f6d46d7cb2
Instruction ID: c33fb66db070e0d0485582e55b053c38beb3ee9e9a90a388f4f97b1d0e8c3c23
Opcode Fuzzy Hash: fd3b0ed7c7d928670787ace0f46dda9270199d730d16996ca621a6f6d46d7cb2
Instruction Fuzzy Hash: 39416635B506548FDB04AB68D498B6EBBBBAFC8701F10441DE906DB3A4CF749C46C791

Function 0603D2D5 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

PH^q, xrefs: 0603D2F2

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: f807e2065280bb01a270979e17497c8b7916b2c640c942af9653abeb2a18680e
Instruction ID: a309f3ad42c3441d62bdf92d3de8e68d4f57a437439e1a8fba27bbdaff92c0ac
Opcode Fuzzy Hash: f807e2065280bb01a270979e17497c8b7916b2c640c942af9653abeb2a18680e
Instruction Fuzzy Hash: 8D513370A45229CFDBA4DF2AD984BD9BBF5AF49301F1085EAD40DAB280D7705E85CF80

Function 0603D23D Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

PH^q, xrefs: 0603D2F2

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 4de15500efc5a04722305a9a98188c56fd2c161a790c9a1c2ba89de621575d38
Instruction ID: 01edbef2e051b2c333a37707497e4f225297fdb6c80ac891f91123f2bfb1fbd9
Opcode Fuzzy Hash: 4de15500efc5a04722305a9a98188c56fd2c161a790c9a1c2ba89de621575d38
Instruction Fuzzy Hash: 2251F274A84229CFDBA4DF1AD984BD9BBF5AF49301F1085EAD50DAB280D7705E85CF80

Function 06032800 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

4'^q, xrefs: 060328B7

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 18d2417a2ee29bbb32b9aa981fb0983ce60490a8defaee75982ec0d75eb7b936
Instruction ID: 30a694ec0247453037eb2d8b5ab2efa953fbe928d8e3dba8954c122888a8f40a
Opcode Fuzzy Hash: 18d2417a2ee29bbb32b9aa981fb0983ce60490a8defaee75982ec0d75eb7b936
Instruction Fuzzy Hash: A9314D317806149FD348DB29D999F6A7BEAEBCC704F104568E60ACB3A5CE71EC42C790

Function 06032810 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 060328B7

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 657a878a26927f2a8605070101baae076802e6aefcee1bc0f87d5b2877df1b29
Instruction ID: eb0d2e22606fa1f8a710b949c5b9ff1c34f3b307b64fe2d457f59b31c32ca4d5
Opcode Fuzzy Hash: 657a878a26927f2a8605070101baae076802e6aefcee1bc0f87d5b2877df1b29
Instruction Fuzzy Hash: BD315C357806149FD348DB29C999B2A7BEAAFCC714F104568E60ACB3A5CE71EC42C790

Function 0600EBC8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0600EC67

Memory Dump Source

Source File: 00000000.00000002.1679849378.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6000000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cd1420b1353f16cee5459894575826ba5e312634b495350abfa23a3b4914009d
Instruction ID: 3df94cf4749b2d2a56cbc9005f0796b478cab6c1cdfbc4462a8bece624804bb4
Opcode Fuzzy Hash: cd1420b1353f16cee5459894575826ba5e312634b495350abfa23a3b4914009d
Instruction Fuzzy Hash: 273196B8D002589FDF10CFA9D980ADEFBB1AF49310F20942AE815B7250D735A945CF98

Function 060331F8 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06033242

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 430c6737288ed22d34baee171a42cf73d4e2df494e6c47c509dc71aff250c247
Instruction ID: 418cfd88191d5a9238065c66dfda7da1c3d1d64b003fd8772b35b7b5ecbd0b80
Opcode Fuzzy Hash: 430c6737288ed22d34baee171a42cf73d4e2df494e6c47c509dc71aff250c247
Instruction Fuzzy Hash: 09218231B502549BDB08AB69D8D9B6EBBBBAFC4700F10442DE506DB3A4CFB49C46C781

Function 0602E980 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 0602E9BA

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 55bf2c7241deb437e2c1bf142063e30bcc49e0977b1f94b49b530d55df7d7196
Instruction ID: 764fe8895ec74c3dea6e4462f0ad5a9898a76972c7f1b8fa075b40a5f81b0718
Opcode Fuzzy Hash: 55bf2c7241deb437e2c1bf142063e30bcc49e0977b1f94b49b530d55df7d7196
Instruction Fuzzy Hash: B6217F313801559FDB81CF2AC840AAA7FEAEF8A200B044096FD45CB3A1CA31DC51CB60

Function 0602E972 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

p<^q, xrefs: 0602E9BA

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: d2aea701aaaa14cf070e958e0f6f67a6a9002b7559c9bb565f21c57a125d07f3
Instruction ID: 44d2d9ec2842740799624244a594f6b42e92f8a39b67156f0039917eaae54b47
Opcode Fuzzy Hash: d2aea701aaaa14cf070e958e0f6f67a6a9002b7559c9bb565f21c57a125d07f3
Instruction Fuzzy Hash: 36215E717801559FDB85CF2AD844AAA3FF6FF49200B054096FD45CB3A1CA31DC51CB60

Function 01201940 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

<duq, xrefs: 01201DC9

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: <duq
API String ID: 0-2704095200
Opcode ID: ae78198602b8703c7c50f5684fc84079f732731cf7c6d44d870d2a94b9274360
Instruction ID: 5cec8afb91b3548bca450a19aa87cc6bab05d720da0c6469396b9dafababe120
Opcode Fuzzy Hash: ae78198602b8703c7c50f5684fc84079f732731cf7c6d44d870d2a94b9274360
Instruction Fuzzy Hash: 2D219734B202188FD715EB6CC448B6977E6FB88311F4482A9E1059B3A7CBB1EC91CB91

Function 01201EF1 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

8bq, xrefs: 01201F80

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 6eb6c16c47ce55d2e49c015391f0b30304d97e19037b0734c6507398d1722878
Instruction ID: 39ec131fd7005c86c996982ebbb854ac6f3df08e45e11aca1efd8f23361ae89c
Opcode Fuzzy Hash: 6eb6c16c47ce55d2e49c015391f0b30304d97e19037b0734c6507398d1722878
Instruction Fuzzy Hash: BD21B1352546018FC702EB29E588B7877E2FF89311F1482A9E109CB3AADB75DC469B81

Function 0602BCA0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

,bq, xrefs: 0602BD13

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: ec44bc22a66aac20c696baa46fa43ad21a8ec30cdc2a1bcf35c9cc94d7ce050f
Instruction ID: 699e437f413a39c7386c44d59ca38fd98c375aa9fc0951397f6e50c1d9cf3255
Opcode Fuzzy Hash: ec44bc22a66aac20c696baa46fa43ad21a8ec30cdc2a1bcf35c9cc94d7ce050f
Instruction Fuzzy Hash: 9C11BE35B40116CFCB05DF69C954AAABBF6AF89301F158066E901DF361EB30EC01CB90

Function 01201D17 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

<duq, xrefs: 01201DC9

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: <duq
API String ID: 0-2704095200
Opcode ID: c3cde0d66d647083091bdfd1db857511df54f41cfcfaf46e37fba8293a99d059
Instruction ID: 2a5fab316daac3b80bed31ff185b4bca352950c34efb0a88da1c5797ecc62ddf
Opcode Fuzzy Hash: c3cde0d66d647083091bdfd1db857511df54f41cfcfaf46e37fba8293a99d059
Instruction Fuzzy Hash: E9116D34624205CFD715EB08D488B68B7B3FB84715F5482A4E1459F297C771DC91CF41

Function 0603E84D Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

!, xrefs: 0603E840

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 6ff03f765060154bfc38a4bc6305ca92e6e82d8dc907b0ff6cc37ab4f97de672
Instruction ID: 9ef8914b495639201c9bb401bc016c5a650800f205192754206396ccc9bb5617
Opcode Fuzzy Hash: 6ff03f765060154bfc38a4bc6305ca92e6e82d8dc907b0ff6cc37ab4f97de672
Instruction Fuzzy Hash: AB217C30A45215CFDB90DB24D989ADA7BB1BF85304F1186EAD40A9B315DB706D81CF80

Function 01201F31 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

8bq, xrefs: 01201F80

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: b4f2df34f9c63d2c50b9bf3e031669a9afbb249ee9f94cbc17b0b01336ab4bc8
Instruction ID: 82307ee3aab2109483b9b6713f2b64b525cb0666ca68cafcfd354eeca4b1dc8e
Opcode Fuzzy Hash: b4f2df34f9c63d2c50b9bf3e031669a9afbb249ee9f94cbc17b0b01336ab4bc8
Instruction Fuzzy Hash: 3A11C4352546018FC302D72DE049B7577E2FB86321F1482BEE10ACB2AADB75DC868B91

Function 06023933 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

T, xrefs: 060239DD

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-3187964512
Opcode ID: 1310c0ad68425b2bac5a89f5f2e3ca54aaa2b3e8dde6d62cc8792b6b0b5053e5
Instruction ID: 2727111521f397638348414fe1d7eace77e6d09afbc20f7dfcb232b2c1600e45
Opcode Fuzzy Hash: 1310c0ad68425b2bac5a89f5f2e3ca54aaa2b3e8dde6d62cc8792b6b0b5053e5
Instruction Fuzzy Hash: F411C534A402698FCBA5DB28D854ADDBBB1BF49305F0080EAD81EA7360DB705E81CF41

Function 0603F255 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

%, xrefs: 0603F2C0

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 97f73496863a20ea83035d8d0084490f28d3cc91b0c418423df60b45c1b33e60
Instruction ID: 431efbc59c0cd5474f6a2aaec476d2fa9b6523787b4629df62c93fdbcbf7998a
Opcode Fuzzy Hash: 97f73496863a20ea83035d8d0084490f28d3cc91b0c418423df60b45c1b33e60
Instruction Fuzzy Hash: 2D115B30A45604CFCB54EF69E589A9D7FF0BF49300F21826AE40A9B354DB74A981CF80

Function 0603E7C0 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

!, xrefs: 0603E840

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 2551a180eb96ff62bc21eec1ce8ee9eaefbebe5acfa9b6293324a6c541725823
Instruction ID: ad6d2109e00005a33e7f4257e586415f0d180c61b77e1b8d68a699a070777b5e
Opcode Fuzzy Hash: 2551a180eb96ff62bc21eec1ce8ee9eaefbebe5acfa9b6293324a6c541725823
Instruction Fuzzy Hash: C0016930B06114CFDB94EB29C899A9A7BF2BF49300F11469AE40A9B354DB70AD818F81

Function 06026BAD Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06026BDF

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 0338ee2a360b1fa6b9631160c66806cf55292f6bfc65bd0d90a291f3958266c5
Instruction ID: 0f166bb20f07e019117137ebef9ecc40832c76104adf7770d727dc23de5d7af7
Opcode Fuzzy Hash: 0338ee2a360b1fa6b9631160c66806cf55292f6bfc65bd0d90a291f3958266c5
Instruction Fuzzy Hash: A2F0B274A162288FDB55DF28D954BDDBBB2BB49300F5042DAE509A7385CB305E84CF51

Function 06036720 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c8dc417cc24199acc866ff3cd088c2c59f133dd105cd1d5df77b27925dee11
Instruction ID: 65d71f3f92ff7fad3828ca4b37ce457f68c4c37a8ea8b9c72c1e73232bc076c1
Opcode Fuzzy Hash: 57c8dc417cc24199acc866ff3cd088c2c59f133dd105cd1d5df77b27925dee11
Instruction Fuzzy Hash: 31422C35A00229DFCB54DF68C984E99BBB2FF89300F1185D9E509AB261DB31ED95CF81

Function 06033448 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65b0e1082e6538dca7d0d2f14c1246731fc9fb43720a467ba070c5ca198302cf
Instruction ID: daacf70b4e41b6a03de9243fa248cbc791cb8809d336a3e86fd107d0c1b34c25
Opcode Fuzzy Hash: 65b0e1082e6538dca7d0d2f14c1246731fc9fb43720a467ba070c5ca198302cf
Instruction Fuzzy Hash: 38120B34A10218CFDB54EF68C894B9DBBB6BF89301F5085A8D94AAB355DF30ED85CB40

Function 06037450 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004b0bbb485c29277c0b2f8695e76431f8b48a4857f1aafca03288d0113e8661
Instruction ID: 75326c9eb349e99f2352d945560e27d0ec60a0e8aaa1fc5dcfca9fb5b9514412
Opcode Fuzzy Hash: 004b0bbb485c29277c0b2f8695e76431f8b48a4857f1aafca03288d0113e8661
Instruction Fuzzy Hash: 23C1BF71A506648FDBA5CF28C454A2EBFF6FF85301F28855DE4868B692CF30E841CB95

Function 0602B548 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97946358ee3a77b649b0611fa3dd2be22cb6b7dfca60f76581f85c95118f9946
Instruction ID: 1b444c106af4ddfb9c5b508305cf3f2dd5f9bac9d9bec67e100cb2c4d8fedeb7
Opcode Fuzzy Hash: 97946358ee3a77b649b0611fa3dd2be22cb6b7dfca60f76581f85c95118f9946
Instruction Fuzzy Hash: 1E919935B412268FCB45CFA4D988AADBFF6EF88315F148069E801AB390CB35DD41CB90

Function 06033438 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9953c2241b7d98fe08641e62c6dc5c0423a0db8dbe0257388d4498175c7fa745
Instruction ID: 2476428f8f1beaa2f3a7b4cc0a6f2ea2b2e0b7257f42d6be487ad01290ce4262
Opcode Fuzzy Hash: 9953c2241b7d98fe08641e62c6dc5c0423a0db8dbe0257388d4498175c7fa745
Instruction Fuzzy Hash: 89A1FA35A402148FDB54DF28C898B9DBBB6BF88301F5085A8E949AB365DF70ED85CF40

Function 060343F0 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 714a80ee3ff136c86a59a1ca74a40968fa04ed6367829427d75af7d55c53ba0e
Instruction ID: 295045dab6facc0d441be4028f148f50f96c512b2e3ea16abd02d868b091ecef
Opcode Fuzzy Hash: 714a80ee3ff136c86a59a1ca74a40968fa04ed6367829427d75af7d55c53ba0e
Instruction Fuzzy Hash: 5E811935B50214DFDB44DF68D898A6DBBF9AF89601F1440A9E906DF3A2CB70EC41CB91

Function 0120F3C8 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b82be93993ea30912b55f417e2be52c9cffd4b4ee093d8c20768e13c11496a7
Instruction ID: baf35938abf9989e6bb8520d153862599da05afcf5b88dca124287d57e8cf682
Opcode Fuzzy Hash: 0b82be93993ea30912b55f417e2be52c9cffd4b4ee093d8c20768e13c11496a7
Instruction Fuzzy Hash: 30815835A50218CFCB25DF68C58499EBBF5FF88310B158169E9169B3B1DB70ED42CB90

Function 060343E0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a2e34c45d347bca234c752da856308423b9feee1d99f948cdfc21e0c032637
Instruction ID: 385c929e3d2b930aa47eed1b78776840da920b42a75dd83a58d15fc9313907fb
Opcode Fuzzy Hash: a0a2e34c45d347bca234c752da856308423b9feee1d99f948cdfc21e0c032637
Instruction Fuzzy Hash: DB611935B50214DFDB44DF68D898A6DBBFABF89701F108169E9069B361CB70EC41CB90

Function 0603B59B Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e100951c8532dfca1e3c863d000adfcb1c86d545578fe50971288878a48bed25
Instruction ID: 3ba86a8f4e827f048ba61dd85623051861222cb47dd85883ac05fdf041c4bed9
Opcode Fuzzy Hash: e100951c8532dfca1e3c863d000adfcb1c86d545578fe50971288878a48bed25
Instruction Fuzzy Hash: 8C71F874985629CFDBA0DF15D988BE9BBB5BB08309F1041E9D419A7381CB745EC5CF80

Function 01201A57 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72421e5e815d0141914d66624e20fb27d794af2bdc48408aaeeea9b1715a3893
Instruction ID: 04feb3496badb7aad84d7d28b02b547451e23971d1258954e436d2f6cbe43b8f
Opcode Fuzzy Hash: 72421e5e815d0141914d66624e20fb27d794af2bdc48408aaeeea9b1715a3893
Instruction Fuzzy Hash: B9511834624505CFD716DF18D588BA9B7F2FF88311F2882A8E1069B2AAD770ED91CF40

Function 06027560 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a801bc99883ef74a3b1bf4c13ba50d3816972046d31d23dabd0a39671f69cdb6
Instruction ID: 208f3762c0dbe4c7a08f388a700f8d8cf52e6b097ae1a6c4c7ab5862bed617a3
Opcode Fuzzy Hash: a801bc99883ef74a3b1bf4c13ba50d3816972046d31d23dabd0a39671f69cdb6
Instruction Fuzzy Hash: D061E1B0A041288FDB54EF69D885BDDBBB1FF89300F5081AAE509A7384CB709E85CF50

Function 0603D72D Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22b00d79c7e6bf96c1b93803623727a5bb40d65681f358c6e89223cce3e24076
Instruction ID: 3b46fed493abdab7f470cede179caeba1afc70ad697f3e9c7c3f8d76e5c7b753
Opcode Fuzzy Hash: 22b00d79c7e6bf96c1b93803623727a5bb40d65681f358c6e89223cce3e24076
Instruction Fuzzy Hash: 9D5126B0A452288FDB95DF19D954B98BBF9EF49301F5091EAE009A7385DB705F80CF80

Function 06026A2A Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca208e391dd64d3ef9f8d95bbe41322b2e67fab571fbdd60daff69786101f17
Instruction ID: 157be945da0031fc58c91984d122e7b25be149c2d9967be8475aae799b8cbeac
Opcode Fuzzy Hash: 2ca208e391dd64d3ef9f8d95bbe41322b2e67fab571fbdd60daff69786101f17
Instruction Fuzzy Hash: 7B511370E451298FDB58DF69D844BEDBBB2EF89300F1085A9E509A7385CB305E85CF50

Function 060372E8 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d36059d92b12eccc894cd884a4bb5849da3908f67f6478a66266565e506f049
Instruction ID: 89a5fc0272268899f2bcd5c3643d39627bd2f3ca9c85daa8a2694cba8283f126
Opcode Fuzzy Hash: 9d36059d92b12eccc894cd884a4bb5849da3908f67f6478a66266565e506f049
Instruction Fuzzy Hash: FD41BD71F00B648FCBA0DB78D58469EBBF5EF88711B44886ED49AC7A44DB30E941CB85

Function 06026A38 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0338c47ad70663c9ab6a0c8b4d635bceddbdcfdc9f304778418c8d54bb1fdbcf
Instruction ID: b7221c643dfcdbbdb31761a5b4453ad34f02fa689d800af09effee9763cbb542
Opcode Fuzzy Hash: 0338c47ad70663c9ab6a0c8b4d635bceddbdcfdc9f304778418c8d54bb1fdbcf
Instruction Fuzzy Hash: 37511470E452298FDB58DF69D844BEDBBB2EF89300F1085A9E509A7385CB705E85CF50

Function 06027654 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e02c480d94b05ec86832efd8df464e2db2dbacfaf30cf73ac7d39f79f25d6bc
Instruction ID: b7ca5c58c7c9f3a527e6cd2cf571ae0ecd9ca87ae36da94405c81a8a7c2762a9
Opcode Fuzzy Hash: 3e02c480d94b05ec86832efd8df464e2db2dbacfaf30cf73ac7d39f79f25d6bc
Instruction Fuzzy Hash: C651D0B0E042298FDB54EF69E845B9DBBB1FF89300F5085A9E509A7385CB305E85CF50

Function 06026EBE Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203b9819e9fc4fd5f1cc2a95885ae3d8042803f132be03b310ea1b926d08b531
Instruction ID: 447b95ef431f0a781ac7b12a0efdc5b85957e1388cf0b53ef94644958c82824a
Opcode Fuzzy Hash: 203b9819e9fc4fd5f1cc2a95885ae3d8042803f132be03b310ea1b926d08b531
Instruction Fuzzy Hash: CC51E0B0A051298FDB54EF69E884BDDBBB1FF89300F5081A9E509A7385CB309E85CF50

Function 06026F30 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a09b38ba5d11ee356d564eb59cfa7c494df7173fcdd1aea5f45fbaeebdf4b854
Instruction ID: abbc92ef46b1120f6058c729bb90276cfa30f92923ee28eb246e3ef16e2c17df
Opcode Fuzzy Hash: a09b38ba5d11ee356d564eb59cfa7c494df7173fcdd1aea5f45fbaeebdf4b854
Instruction Fuzzy Hash: 3751CFB0A041298FDB54EF69E885BDDBBB1FF89300F5085A9E509A7385CB705E85CF50

Function 06026C70 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58d8bc1ffe4f91d6ad66151082c3c9d15f29a0b4cc39fbfdd1f1bab95b65a513
Instruction ID: 054140fb4ba397435d44f3ad0bfb9b344c71f50b700a3e771f8f52159b02d695
Opcode Fuzzy Hash: 58d8bc1ffe4f91d6ad66151082c3c9d15f29a0b4cc39fbfdd1f1bab95b65a513
Instruction Fuzzy Hash: 9F51F3B0E451298FDB64EF69E885BDDBBB1EF89300F5081A9E509A7385CB305E85CF50

Function 06026A9D Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57fda22aa943f11770f3a12cae9821cb225a73e115cba30d6764731c11b9980
Instruction ID: eb7c54182ec1c68fa72e8379e3898dbe02203a552f9fdf2077e037a6358b989e
Opcode Fuzzy Hash: b57fda22aa943f11770f3a12cae9821cb225a73e115cba30d6764731c11b9980
Instruction Fuzzy Hash: F951E2B0E052298FDB54EF69D845BDDBBB1EF89300F1085A9E509A7385CB709E85CF50

Function 06027001 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e0e7731ed12280b6334a76aa47176bfee133f730f86fa6b98da218918f6705b
Instruction ID: e90d8c12548ba2af37b0a45bbea26125ce0906f3bac4e037050e1b50b3c389f3
Opcode Fuzzy Hash: 3e0e7731ed12280b6334a76aa47176bfee133f730f86fa6b98da218918f6705b
Instruction Fuzzy Hash: F951C0B4A041688FDB54EF69E845BADBBB2EF89300F5085A9E509A7385CB305A85CF50

Function 06026DC8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e040ab1de83ccba16672b505efa251639d0dec53a8ac8ca9151e6da24921dd7
Instruction ID: 3e9e330af1ac3d5df588e5d797dd4b1bc7735f153c6f87724e392f7fc04b8071
Opcode Fuzzy Hash: 4e040ab1de83ccba16672b505efa251639d0dec53a8ac8ca9151e6da24921dd7
Instruction Fuzzy Hash: B7510270E541298FDB64EF29D840BADBBB1FF89300F5080A9E509A7385CB309E85CF50

Function 060276E0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4781e49891dc800e9e09fa9dba485ab27f2e4695a13ea90df617970897e176a3
Instruction ID: eaf478a48a82de2d3cc3543800d9acb2e1dbe00b7d66b4bb2ffbe0b47b778944
Opcode Fuzzy Hash: 4781e49891dc800e9e09fa9dba485ab27f2e4695a13ea90df617970897e176a3
Instruction Fuzzy Hash: 9131F875846196AFC7E6CFB4DD919EAFFF4EF06200B1884CAE8C456153E2315643CBA1

Function 01209320 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a753d57680e9ad82ab33d080e3be5700df6112131870e2e096d8b1f0441c329b
Instruction ID: f25ae70170c29a67109ed4e85e689fa0aaa602c0a7224c254ad07848e95764b4
Opcode Fuzzy Hash: a753d57680e9ad82ab33d080e3be5700df6112131870e2e096d8b1f0441c329b
Instruction Fuzzy Hash: D531BFB0D25609DFDB06EFA9D0497ADBFB0EB45308F00A26AE41A972C7DB744984CF41

Function 06026B0E Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6301c57cc2dccd08f2595dfca33b47e935db363be5ba1714c25456122afe9f61
Instruction ID: 3dc4c0fb019adf8b2748933ce96e32407b49342855444fed3a5e2bd89287625b
Opcode Fuzzy Hash: 6301c57cc2dccd08f2595dfca33b47e935db363be5ba1714c25456122afe9f61
Instruction Fuzzy Hash: EF5101B0E041288FDB54EF69E845B9DBBB1FF89300F5081A9E50AA7385CB309E85CF50

Function 0602717E Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7442840c40afb096a57e3bec692bf43741f7a3ac89674eb6b9869c45c669c4e4
Instruction ID: af22720436cc9b4c21c193f62cb908d046a2aec70900191f0d883cb8ba7e5741
Opcode Fuzzy Hash: 7442840c40afb096a57e3bec692bf43741f7a3ac89674eb6b9869c45c669c4e4
Instruction Fuzzy Hash: 9951F2B0A042298FDB54EF69E844BDDBBB1EF89300F5081A9E509A7385CB305A85CF50

Function 06027471 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d63138a7522d4650dc8d63177ec1f32cd3eb67973c88905c462187aa30d1e7
Instruction ID: d00b2633b56699d84996924511963c47507e1e193bc5ca661711b454a65b61a9
Opcode Fuzzy Hash: 86d63138a7522d4650dc8d63177ec1f32cd3eb67973c88905c462187aa30d1e7
Instruction Fuzzy Hash: FB51E1B0E542298FDB54EF69E844BEDBBB1FF89300F5081A9E509A7385CB305985CF50

Function 06027538 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1e95b6cdf7dd3fe4357c6b7d8c08f603da0e9f7d229fc96af6e2d8621f9bd66
Instruction ID: b38533876bc0ea8269da5f50ca44144dd9efbaa153521d8caca952962d79cecd
Opcode Fuzzy Hash: b1e95b6cdf7dd3fe4357c6b7d8c08f603da0e9f7d229fc96af6e2d8621f9bd66
Instruction Fuzzy Hash: 7641D0B0E451298FDB58EF69D844BDDBBB2EF89300F5085A9E509A7385CB305A85CF50

Function 0602C3B0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 824a627e8ddbb2d2032f9500d6d1d668a4eafc960ff72b892547dd0941836dae
Instruction ID: 1dcaef764f48b364265d77541bca9de1bcb141bd3fbeffd2ac1271b671cc890e
Opcode Fuzzy Hash: 824a627e8ddbb2d2032f9500d6d1d668a4eafc960ff72b892547dd0941836dae
Instruction Fuzzy Hash: 3141E475A512289FEBA4DB24C991FADBBB1BF58310F1041D5E909AB391CA31ED81CF90

Function 0603C611 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7afc75b996fbd7122fad2fa8df02fcacdb39221d54287c0ece091b0f11d2008
Instruction ID: d37319a4507ae8140389f83d3c8aee9e90ee3bbc24b6f8e97136d444264c9566
Opcode Fuzzy Hash: b7afc75b996fbd7122fad2fa8df02fcacdb39221d54287c0ece091b0f11d2008
Instruction Fuzzy Hash: 50511574A45669CFEBA4DF15D948BADBBB1FB4530AF1041E9D109A7290CB744EC8CF40

Function 0603C4B5 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99cb72022dbfa13e2a62bb1cf28c1915430e942335b023b402fe070eba535aee
Instruction ID: d075e3875c8e51135a0b07aead8fdec03a39dc10ae08c5cf2852500046323b5b
Opcode Fuzzy Hash: 99cb72022dbfa13e2a62bb1cf28c1915430e942335b023b402fe070eba535aee
Instruction Fuzzy Hash: 725104B4A45279CFEBA0DF15D948BEDBBB4AB4530AF5041EAD10DA7280CB744AC8CF45

Function 06031910 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0da0762e7521663d555591c80f28f76a411ee971435d744391194b0ff8c34f78
Instruction ID: 4b89471e70beb92d16428e5f488f8553795428352cf791f567fb526e4e61b84b
Opcode Fuzzy Hash: 0da0762e7521663d555591c80f28f76a411ee971435d744391194b0ff8c34f78
Instruction Fuzzy Hash: E031F536A50118DFCB45DF59D888EA9BBB6FF48321F0640A9E5099B372C731ED55CB40

Function 0602B9F8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6e74b7dfe366ec7a510b8f5aa5b36ce4ae69b9a9ee2cefa915d2214466daed0
Instruction ID: 8170896add30ee3bcd71db81ad7e8e3e33438bc7338425bf061e6f12fe3bdebc
Opcode Fuzzy Hash: c6e74b7dfe366ec7a510b8f5aa5b36ce4ae69b9a9ee2cefa915d2214466daed0
Instruction Fuzzy Hash: 0A419C31E402268FDB94CFA9C844AAFBBF1FF88708F008529E516E7250EB35D945CB91

Function 0603CBB2 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0aa6a0e66b595ccf2efb1ae5b51dc09d0f623d133fefb28d85b0172f85d179
Instruction ID: 97c22c25d37a3afe8e628390d22a73b7d5f3867ca2c1ed36d855558d1aa23d09
Opcode Fuzzy Hash: df0aa6a0e66b595ccf2efb1ae5b51dc09d0f623d133fefb28d85b0172f85d179
Instruction Fuzzy Hash: C84124B0A98228CFEBA5DF15D8447A9BBB9EB49306F0051E9D109BB290CB744EC5CF45

Function 0603D991 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94bc56c3013dd272c678b2e5eba9990568abd886e0fd81870cfae6036c7c73ca
Instruction ID: 14ce4f9075afb6361845aa99aea990729376e3ed033da73e2cbbdd26210043bc
Opcode Fuzzy Hash: 94bc56c3013dd272c678b2e5eba9990568abd886e0fd81870cfae6036c7c73ca
Instruction Fuzzy Hash: C651F870A45228CFDBA5DF2AD884B98BBF5AF48301F1091E9E10DA7380D7706E85CF40

Function 060278B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e5393d48b466bc3f5aa02be8aa2762fea19522f6d4cae97c42a6ae59c93e90
Instruction ID: f814e73b2c7759e561f92e01e475778021263b45f2aa9101a5d8346f8da19afb
Opcode Fuzzy Hash: 55e5393d48b466bc3f5aa02be8aa2762fea19522f6d4cae97c42a6ae59c93e90
Instruction Fuzzy Hash: A34125B0E0520A8FDB44DFAAD8446EDBBF2FF89300F10816AE405AB344DB745A46CF91

Function 0603CA5F Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f8264c1240f03e23d9890fbaab5f3db437c75c58dbb6be8ef981b70e3c8060
Instruction ID: b7bb29a9f176f3b5ca09e178096c0e8f9c7e2378e125e1937cd2498ed3b6ac2d
Opcode Fuzzy Hash: 81f8264c1240f03e23d9890fbaab5f3db437c75c58dbb6be8ef981b70e3c8060
Instruction Fuzzy Hash: D8411774A4526ACFEBA0DF14D948BEDBBB5EB4530AF0041E9D109A7280CB744AC8CF55

Function 0603C9C9 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70b022d22c1c4c856ea1fcde7c6fcde57a122e48f501003280e957d276b181b2
Instruction ID: 0b997e4f824ce59e0f2a2964781a3c980a4a4e09219e0fe87f6c1af7fc2a1e7d
Opcode Fuzzy Hash: 70b022d22c1c4c856ea1fcde7c6fcde57a122e48f501003280e957d276b181b2
Instruction Fuzzy Hash: C941D574A4526A8FEBA0DF14D948BADBBB5EB4530AF5041E9D109A7280CB745EC9CF40

Function 06026660 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197873c8251c8ee4bf4572f019d24dec46323bdaf2b49fb5cd6cdcef705e6940
Instruction ID: b86c69825e73c57e47bb17d5dac1e75d17e37f1e08ee99680164eb7acd75371f
Opcode Fuzzy Hash: 197873c8251c8ee4bf4572f019d24dec46323bdaf2b49fb5cd6cdcef705e6940
Instruction Fuzzy Hash: 62311674D5522ACFDB84CFA9D9887EDBBF1BF49310F10806AE818B7250D7750A458FA1

Function 060278C8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9289565db869a4bfdd535cb24af5e85a4e3306d2539ec3f3bd71f614eee2e44f
Instruction ID: 5c917ba89b9418fa03a0f7affe9f17c6eeb6a2666dfafff09d1801bd9cb4ad6c
Opcode Fuzzy Hash: 9289565db869a4bfdd535cb24af5e85a4e3306d2539ec3f3bd71f614eee2e44f
Instruction Fuzzy Hash: 8941F1B0E4521A9FDB44DFAAD844AEEBBF2FF88300F108169E509A7344DB745A45CF90

Function 0603C43E Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a902821ce7b02231aa84afca09ef91a1d6533c4e882da904aa5566c3dd338e7
Instruction ID: f7624b73121eacabbd0818162006c8f3e6de1957d20bd2f6091479771c4c5a3e
Opcode Fuzzy Hash: 2a902821ce7b02231aa84afca09ef91a1d6533c4e882da904aa5566c3dd338e7
Instruction Fuzzy Hash: A1412474A4526ACFEB60DF14D948BEDBBB4FB4530AF4045E9D109A7280CB745AC9CF80

Function 060271C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f722136cda00ad42824589fbefc74d2003d830f7f0b77dbda982d4d3e02aa91
Instruction ID: 26caf425e764b637e6f0604a37239337c63ea0dff570a74cc6dfe4baf3a2c05f
Opcode Fuzzy Hash: 1f722136cda00ad42824589fbefc74d2003d830f7f0b77dbda982d4d3e02aa91
Instruction Fuzzy Hash: 8141F5B0A45229CFDBA4DF59D8447AEBBF1BF89300F508569E409AB344CB749D89CF41

Function 06034708 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad6d8e59ab4f98a633cf7032e4a9e293d47c10630204c040b9ee0bbf1b09ed7
Instruction ID: bf3102d01f63e5db76d57ed5fb4674d2018aa922af1424f2a31458f267fc8ae9
Opcode Fuzzy Hash: 2ad6d8e59ab4f98a633cf7032e4a9e293d47c10630204c040b9ee0bbf1b09ed7
Instruction Fuzzy Hash: 08311E35A401189BDB54DFA4D894BEEBBF5FF88311F108029D911BB360DB759D45CBA0

Function 0603F948 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82af073af31e5a568882d579d12e0d7792f970e7b9fdaae54acaba448184dc1
Instruction ID: 5aa1b1349a49dba9ad2a993730385334a33f9520f5ba620ece0b6c02585110b2
Opcode Fuzzy Hash: b82af073af31e5a568882d579d12e0d7792f970e7b9fdaae54acaba448184dc1
Instruction Fuzzy Hash: 4941F6B5E012199FDB44DF99D484AEEBBF5FF88310F10802AE905A7364DB70A941CF90

Function 0603CA89 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f59858eb739363b2ddbd275909c358502f643679ff5f02c9d12c8510b93ca8
Instruction ID: 1149cdf2b233388e65c1e7de416d64a3b0948fa39bcb0f6ce064887e1c61e891
Opcode Fuzzy Hash: 60f59858eb739363b2ddbd275909c358502f643679ff5f02c9d12c8510b93ca8
Instruction Fuzzy Hash: B8412770A45669CFEBA0DF15D948BADBBB5FB45306F5081EAD10DA7290CB744AC8CF40

Function 0603C828 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ebaca726b5d8142f4a0bc718a6a6946b4a40b02cd4d4401557fbc0d14522f31
Instruction ID: de71d98e760a9aebfdee5a5adc1c9dbafede384d92d74875c8c11310da9167e6
Opcode Fuzzy Hash: 7ebaca726b5d8142f4a0bc718a6a6946b4a40b02cd4d4401557fbc0d14522f31
Instruction Fuzzy Hash: 90411474A4526ACFEBA0DF14D948BEDBBB4EB4530AF4041EAD109A7280CB745AC8DF40

Function 0603F942 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff2436f962768eb1491dda5398e3be11b9f1c373180e2ad3f1d267c0739ac86
Instruction ID: 5c80fad124e7fa869491fb33081aba96b8744f8f58bfc1c8f2bc07dcc0471ac9
Opcode Fuzzy Hash: cff2436f962768eb1491dda5398e3be11b9f1c373180e2ad3f1d267c0739ac86
Instruction Fuzzy Hash: 593106B5E012199FDB44DF99D484AEEBBF5FF88310F10802AE905A7364DB70A941CF90

Function 0602DC50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6cff44d808364f551d73a833174137bb08858285948607804dbf5ae0007043d
Instruction ID: 2a7b6049535b383cc7d7e56d1061d17fbd3c9077ed0ae7574f65e2b5198cded4
Opcode Fuzzy Hash: a6cff44d808364f551d73a833174137bb08858285948607804dbf5ae0007043d
Instruction Fuzzy Hash: DD316A35B006118FC765AF24D84956ABBB6FF89305B14886DE8068B3A5DB32EC46CB90

Function 0603D447 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0fa90c91c422dd022e32709fd4a6c21f02884312b0e62046501fe14e3b504a9
Instruction ID: 4d4e94107846eea2928115a82f0a2f86e7291caa217e77e56f0bc34a846ba614
Opcode Fuzzy Hash: a0fa90c91c422dd022e32709fd4a6c21f02884312b0e62046501fe14e3b504a9
Instruction Fuzzy Hash: B341C470A45229CFDBA5DF2AD984B99BBF5AF48301F1091EAE10DA7280D7746E85CF40

Function 0603C4B0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb427ec330574f9f2c94f235c176d4acc3f2445ef513d4f0a39d96beb8d436a
Instruction ID: bc2cee2346b6e06c7b0deeafcc083a0d710f7b17a30602e25fe1d21594b7740b
Opcode Fuzzy Hash: ceb427ec330574f9f2c94f235c176d4acc3f2445ef513d4f0a39d96beb8d436a
Instruction Fuzzy Hash: B64103B4A45269CFEBA0DF15D948BEDBBB4FB4530AF5041EAD109A7280CB744AC8CF40

Function 0603D4F8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9357d45fd5a3e80e1cd740f6782332a843653e82e5390adc71a8be3d8caab77
Instruction ID: 53129bb9d3285d2687c8ccf21f7b48001fd21e44f5426f653de9dc0ffe528e35
Opcode Fuzzy Hash: c9357d45fd5a3e80e1cd740f6782332a843653e82e5390adc71a8be3d8caab77
Instruction Fuzzy Hash: AA41D970A45229CFDBA5DF2AD984B98BBF5AF48301F1051EAE50DA7290D7706EC5CF40

Function 0603C984 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f719bcd5e93722c782f242eeb517dae3db52661a50fe25880cbc86625c4f1fe
Instruction ID: 8cb9c34caf8655dae1e7af82f65ff179c385ee7c30569ac543a9b0cea01ac3b0
Opcode Fuzzy Hash: 0f719bcd5e93722c782f242eeb517dae3db52661a50fe25880cbc86625c4f1fe
Instruction Fuzzy Hash: CE41F4B4A4526ACFEBA0DF14D948BADBBB4FB4530AF4041E9D109A7280CB745AC9CF40

Function 0603FD07 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c130b27b078019e273997668f0b62041858c5c2dd5e8376d331d101bc3936b90
Instruction ID: b9d115cd50d51b87f64b41ffc731383d9047eb75e197e6f20904d276408ec9e2
Opcode Fuzzy Hash: c130b27b078019e273997668f0b62041858c5c2dd5e8376d331d101bc3936b90
Instruction Fuzzy Hash: BB3148B5E4411A9FDB44DFAAD844AEEBBF6FB89301F10802AE508B7344DB345A45CB90

Function 06026350 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f17d7ae3989238f5eefdfdaf41c332d78c6041d44fd4435c14727f78a69255e
Instruction ID: 8c7ff3db5b4801d06350a23db5b54d05e90de6ec8d953287d86f74a8a735a4a0
Opcode Fuzzy Hash: 7f17d7ae3989238f5eefdfdaf41c332d78c6041d44fd4435c14727f78a69255e
Instruction Fuzzy Hash: E8312A75E012089FCB09DFA8D4946EEBBF2FF88310F04846AE816A7364DB355946CF60

Function 06026872 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efab1230c831871de1885cfe58570399326d9bc30640cff737d1683ff317e5cf
Instruction ID: 485ca392ec3bf328f1bbfac7682e9083233b4d6c287fa27d5bde0b3ba2254ef7
Opcode Fuzzy Hash: efab1230c831871de1885cfe58570399326d9bc30640cff737d1683ff317e5cf
Instruction Fuzzy Hash: 8C315570D5421ACFDB88CFA9D8446EEBBF1BF49300F10856AE414A7250DBB14985CBA0

Function 06026880 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdce89731cee6778c72e16e18bf90b3f05cfa067965fbdef0e57f0bb59b1c45f
Instruction ID: 10131640da158f697d8737a4d88fc33ff415832cee18a8d0b1ede6db15138ceb
Opcode Fuzzy Hash: fdce89731cee6778c72e16e18bf90b3f05cfa067965fbdef0e57f0bb59b1c45f
Instruction Fuzzy Hash: 7C312670D5122ACFDB48CFA9D8447EEBBF1BF49310F10962AE414B3250DBB24984CBA0

Function 0603C78F Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d05de413c4c2b569d1a21d109988622a05e4fa5d07480d8d89a2dd9fe1d572
Instruction ID: 522c743d3f649c11f153860a25da21f8ea933fc4a20633f6ad3935ffdb3bd934
Opcode Fuzzy Hash: 18d05de413c4c2b569d1a21d109988622a05e4fa5d07480d8d89a2dd9fe1d572
Instruction Fuzzy Hash: A5410474A4526ACFEBA0DF14D948BEDBBB5FB4530AF4041E9D109A7280CB745AC8CF41

Function 0603FD18 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36ec674b37230ef1efa852278c2648993638feadf4f459d5071390143eb00a59
Instruction ID: eb6ae2c127e10314a7f6d49db0ff9e92ab8a64976e553bb8b7990259d981477b
Opcode Fuzzy Hash: 36ec674b37230ef1efa852278c2648993638feadf4f459d5071390143eb00a59
Instruction Fuzzy Hash: D5312774E4411A8FDB44DF9AD848AEEBBFAFB89301F10802AE509B7354DB345A45CB90

Function 0603D41A Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8dfa0546d2034a9bfcd5685814085a74fb3f4499cab6abd9ddc63f965073ee5
Instruction ID: 4e85041a2851363bc9b1f0435b200afea75a611132e4089da5aa79b342da3f95
Opcode Fuzzy Hash: c8dfa0546d2034a9bfcd5685814085a74fb3f4499cab6abd9ddc63f965073ee5
Instruction Fuzzy Hash: 1E41D870E45229CFDBA5DF2AD984B99BBF5AF48301F1091EAD10DA7280D7706E85CF40

Function 06293CC9 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a3ea91dd960973f9fef09defb71d1855e1246a64e82984cd1ea0d792467932
Instruction ID: dca6e5d2ba84282bb094726e5ee2205ac42db7c1b91cf692677d95ed3e53cfb0
Opcode Fuzzy Hash: 97a3ea91dd960973f9fef09defb71d1855e1246a64e82984cd1ea0d792467932
Instruction Fuzzy Hash: 58410974E54219CFDB64EF28D898A9DBBB1EB4A300F1081E6E509A7395CB349EC5CF50

Function 060354C0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462308f9257a6662b003982f02dfe09b68e7e5b6fe297162f4236fcb576088d1
Instruction ID: 55e8b3ee10be97aa4e400883afc25b8dc13e01b13482cc80a8fdedfbca78df86
Opcode Fuzzy Hash: 462308f9257a6662b003982f02dfe09b68e7e5b6fe297162f4236fcb576088d1
Instruction Fuzzy Hash: 75217635B106098FCB00EF68C5945AEB7BAFF89700B104569D506D7360EF70AD46CBE2

Function 0603C48B Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b39927192a1ab7fe4c1f5a984795354fa86ccdf6b8df3e0b5970b09e4e28c2
Instruction ID: 903a827b0cd7e19826bdb05d46b8c1828ac2cfa754790cea456b7620912df3e0
Opcode Fuzzy Hash: a7b39927192a1ab7fe4c1f5a984795354fa86ccdf6b8df3e0b5970b09e4e28c2
Instruction Fuzzy Hash: D441F274A4526ACFEBA0DF14D948BEDBBB5FB4530AF4041EAD109A7280CB745AC9CF40

Function 0603C58A Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a01bc7724071628e00d11943484c87f9f16d63394007117c3457f26bb65c20c
Instruction ID: dd86e9b4b09711e12ab23f43c4323e23abb35747ca10675de22385b742c9941d
Opcode Fuzzy Hash: 2a01bc7724071628e00d11943484c87f9f16d63394007117c3457f26bb65c20c
Instruction Fuzzy Hash: C7310474A4526ACFEBA0DF14D948BEDBBB5FB4530AF4041EAD109A7280CB745AC9CF40

Function 0120D198 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c31a3c815d71ec0cf7814b777c31cd015edfa51b3788bf38a361797e39ebc6
Instruction ID: 3fdec003f79d5bcb29b00a4cbfb6933ce3e9794a439f8603e6ac69b4d2e28f6b
Opcode Fuzzy Hash: 69c31a3c815d71ec0cf7814b777c31cd015edfa51b3788bf38a361797e39ebc6
Instruction Fuzzy Hash: 6F2157B0E1520DCFDB44DFE9C8453EEBBF2BB89300F008529D515A3281DBB44A418B91

Function 01209390 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bceccae03c546e0cba74485f82865be65f52ace91407caf7052cf267acfdcadd
Instruction ID: a20d5c01fdc8d913c6cec7123a512498d39b7e28e564ebe2989b26fbf8a63983
Opcode Fuzzy Hash: bceccae03c546e0cba74485f82865be65f52ace91407caf7052cf267acfdcadd
Instruction Fuzzy Hash: 663189B0D15609DFDB05EFA9D04979DBBF1EB48308F10A269E51AA73C2DBB44A84CF40

Function 06031901 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6260f07d23d0d0f101aeab288952c550a6819c4352fca72a525c6be67c03ad5c
Instruction ID: 5241bc75c847871f05339d3b96c3f6da3fcbfb3ac1de5ebba67af4cb4b0fdf50
Opcode Fuzzy Hash: 6260f07d23d0d0f101aeab288952c550a6819c4352fca72a525c6be67c03ad5c
Instruction Fuzzy Hash: 34211836650114EFCB45CF99E888E99BBB6FF4D320F0640A9F6099B272C771E811DB50

Function 06027A30 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46588fac2a9cd8a5120a848471141074b0ccbb1136497c1e4ac315843e80705
Instruction ID: a1940c6a23ba9dbedfe79d2958d742a1400556ed4660aa554369a571da2b9805
Opcode Fuzzy Hash: c46588fac2a9cd8a5120a848471141074b0ccbb1136497c1e4ac315843e80705
Instruction Fuzzy Hash: 2D3115B4E0520A8FDB44DFAAD8446EEBBF1FB88300F148169E519A7384DB749955CF90

Function 0602DA80 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117863ad1d5bcaf2dfc7af33031d37ee6f49e7ee32375ea51290209b744463f6
Instruction ID: 0152166694a7f85dc3ab2eb2b5762462610f50fd02fa3b6307b425952d8f89e0
Opcode Fuzzy Hash: 117863ad1d5bcaf2dfc7af33031d37ee6f49e7ee32375ea51290209b744463f6
Instruction Fuzzy Hash: DB215931E4422ADFEB80DFB8C414BAEBBF4AF44340F108066D519DB290E634CE41CB91

Function 00CDD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1657217664.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cdd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80a179cbacb5bbf02619436821ab3e8dbc3b6640f271cb43fee5aaf9017ca08
Instruction ID: e5e7a6b86968852542e07ad8be3a1a63d0566eef90215253ee74f63318b00868
Opcode Fuzzy Hash: b80a179cbacb5bbf02619436821ab3e8dbc3b6640f271cb43fee5aaf9017ca08
Instruction Fuzzy Hash: AF21F571904244DFCB15DF14DAC4B26BFA5FBC4314F24C56AEA0A4B356C336E85AC7A2

Function 0602B9E7 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9a111635d5cb3d422b527c9aaee574f5c92e87480a0b5e07518760f7a91442e
Instruction ID: abbd7e362322462b2feee6f853c84339f9b938042e9af1a06dba28756532f9cd
Opcode Fuzzy Hash: b9a111635d5cb3d422b527c9aaee574f5c92e87480a0b5e07518760f7a91442e
Instruction Fuzzy Hash: 9921B030B002268FCB54DF68C8546AFBFF1FF88758F008469D90697315E7309805CB90

Function 0602A5CD Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0449a276c7c904eb91ea95e4f888a242335a8a5c09e2ebec175b4f1e85099ef5
Instruction ID: be09ae8a5e9fbcb11300b2b5bf13ebbbd3922ed427b56852047efffc28393840
Opcode Fuzzy Hash: 0449a276c7c904eb91ea95e4f888a242335a8a5c09e2ebec175b4f1e85099ef5
Instruction Fuzzy Hash: 85214C75A001199FCB058FA8C4999EDBFF6EF8C320F149129E411AB394CF719C42CB50

Function 06029B51 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f682b9220f796a6be9afbd7a3e40ee64bd891612af39b0a32ecc5ffe8466e24c
Instruction ID: 9afeaceb87ce785592504742173e8be66c18683fedc1cb3b0321c3bc017228b7
Opcode Fuzzy Hash: f682b9220f796a6be9afbd7a3e40ee64bd891612af39b0a32ecc5ffe8466e24c
Instruction Fuzzy Hash: 6721D430A102019FD704DB68E8467AEBBEAEF84304F00C53CE00AEB349DFB1A90547E1

Function 060354B0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5927f900c5c18365959be9667abc2a3cbddcea3d4b9908e4869fe36ea9215c35
Instruction ID: 59f8378de7e6a15d749f3c7b2657ea528cd277ddea922e3ef8a89f2970d8029b
Opcode Fuzzy Hash: 5927f900c5c18365959be9667abc2a3cbddcea3d4b9908e4869fe36ea9215c35
Instruction Fuzzy Hash: 87216535B006098FDB00EF68D59499EBBB5FF89700F104569D545DB360DB70AD06CBD2

Function 06035E98 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ebce8dc4c34e59c8ea771575f12111dfc1b7f3ac982af5d2feb3d1aa495a6a
Instruction ID: ce6d0b17d4395bcce96bde0be8be55f31c7126764401a5ee1e56398585bbc5bb
Opcode Fuzzy Hash: 06ebce8dc4c34e59c8ea771575f12111dfc1b7f3ac982af5d2feb3d1aa495a6a
Instruction Fuzzy Hash: A111E7332443109BC7569B18DC867B97FE9EB81751F284056D884CB262DB39EC46C7D1

Function 0602A5D8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44000b7ef388db803e5ba457c60d328417a34775b3cdc7d16f0abe16f9b1cbc6
Instruction ID: 917da0de134ffb6fde06e45bed37ee2db6f0c974bef5cf004bed356a54e7dd28
Opcode Fuzzy Hash: 44000b7ef388db803e5ba457c60d328417a34775b3cdc7d16f0abe16f9b1cbc6
Instruction Fuzzy Hash: BE213A35A002199FCB159FA8C4989DEBFB6EF8C320F149129E811AB394CF719C41CF90

Function 00CDD005 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1657217664.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cdd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6fdf851f8f959fc19cd9b3dc37d421d1a3bdbb7421f5619ba388c45bd29ec4
Instruction ID: 571d9ef750ecf72b7b744e404aa0e775e275f9dc0d2381c94df896134a73ea8d
Opcode Fuzzy Hash: 3e6fdf851f8f959fc19cd9b3dc37d421d1a3bdbb7421f5619ba388c45bd29ec4
Instruction Fuzzy Hash: B021B0714093C08FCB02CF24D994716BF71EB86314F2981EBD9458B653C33AD91ACB62

Function 06029B60 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 982cf14fbaf009334a3349f4a2d1cee7a13c82bd40970f85a82a8650921bf3b6
Instruction ID: e821dbd2e048e335c6ff8d8915cdcb72aed8554c1d21b912e06f3deb7697d65a
Opcode Fuzzy Hash: 982cf14fbaf009334a3349f4a2d1cee7a13c82bd40970f85a82a8650921bf3b6
Instruction Fuzzy Hash: 9C2160306102059FD714EB69E8497AEBBEAEFC4300F50C53CE10AEB649DFB5A94987D1

Function 06036610 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f66dcb07557f667ae0ed686dacbf8b10187913394e195678ef2e72b7f86d827
Instruction ID: d155fe1754c1cc8ad54a029382ad97a6baa216fc85006d5dda51d6dcf1b84add
Opcode Fuzzy Hash: 1f66dcb07557f667ae0ed686dacbf8b10187913394e195678ef2e72b7f86d827
Instruction Fuzzy Hash: 781104B5694260CFD386D734D814B9A3FA5EF96306F1444AEE1058F2A2CA37D843C395

Function 06030EB8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aa41ae9dacc67fa2193ca36fcae1688fcc191d8d7e6f8b879d962f551fc39f
Instruction ID: cb3a84c7e8c9a42cac05ce628778fc5b208518346c3c6050f1c7f07211ef7a2d
Opcode Fuzzy Hash: c3aa41ae9dacc67fa2193ca36fcae1688fcc191d8d7e6f8b879d962f551fc39f
Instruction Fuzzy Hash: 1D1104316452949FC741DF2DEC90A9A7FF9EF8A204F0880BEF885C7262DA34D819C794

Function 06034010 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ace66e4e0b852f9c9dceafdede7da62e9fee6442a083d28cb56bba7870fd170
Instruction ID: 10a8e2f0bcd7d86bfcc276f0a5324332f93b417cb28e043238632e2408fd1da5
Opcode Fuzzy Hash: 8ace66e4e0b852f9c9dceafdede7da62e9fee6442a083d28cb56bba7870fd170
Instruction Fuzzy Hash: 21215C35B106048FCB14EF68D888A6EBBFAEF89311F144569E9069B361DB70ED05CB61

Function 06034020 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8799d1942bd81642c36fe2f7cbb0d599e51b0c8459ea5b40f2f92b47895d65
Instruction ID: e95ebe2908db5c33bcccace067ab81744faa95404010425a625348638e726a4c
Opcode Fuzzy Hash: cc8799d1942bd81642c36fe2f7cbb0d599e51b0c8459ea5b40f2f92b47895d65
Instruction Fuzzy Hash: 63118E35B106048FCB14EF68D888A6EB7FAEF89300F144529E9029B361DB70ED05CBA1

Function 0120E578 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69a52450f2564455b5f7680159d7192e6e110a2ba19b2446662b0e3d59b759b1
Instruction ID: af98cfcf7450e18658ed7155fd70142d77bb1d77e7e0eb4b0f6718b1db0b1ba3
Opcode Fuzzy Hash: 69a52450f2564455b5f7680159d7192e6e110a2ba19b2446662b0e3d59b759b1
Instruction Fuzzy Hash: 1B1126B0D1410ACFDB05CF99E4456EEFFB5FB88310F14892AE504B3291EB755A85CBA1

Function 0602AF70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62251636a2dea7c5c517cb98379879c6e76956f4aefc284c82686ef071d2e071
Instruction ID: 65ab3365c1484dc3def10c0eb57cabb0ceed56756f809085789ddab9a9357562
Opcode Fuzzy Hash: 62251636a2dea7c5c517cb98379879c6e76956f4aefc284c82686ef071d2e071
Instruction Fuzzy Hash: 2D118275B401119FDBA59F6898457AE7FF5AF88710F14442AE915DB280EB358901CBA0

Function 06296B08 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be1d728e18340b6c434ab3f503ace0939bf96d1386e52c161675e388927a1083
Instruction ID: 0d0c1dfad95b503123f03fd4354482846e25e4e966af82d2d80eddd6bf26378b
Opcode Fuzzy Hash: be1d728e18340b6c434ab3f503ace0939bf96d1386e52c161675e388927a1083
Instruction Fuzzy Hash: BC212B74E20268CFCB64DF14D884A9DB7B1FB88305F5141EAE90AA7384CB705E80CF50

Function 0602AF80 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222049fd68f83e61bd44a94257f72e446c377d825054907caec3885b922e0bd7
Instruction ID: 777104dedbd9c950028678cc862ebc768943001129c46a4c604306dcfc17f7af
Opcode Fuzzy Hash: 222049fd68f83e61bd44a94257f72e446c377d825054907caec3885b922e0bd7
Instruction Fuzzy Hash: EB11A074B402159FCB919BA89845BAE7FF6AF88300F04842AE519DB384EF35C801CBA0

Function 0602ACE9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc41e482c2cec41a76d23fb83ab861f1cb3fb003ca5bb6e658578bfdb36e86e5
Instruction ID: 2a07744aef38b615b5baffe0a2152fa031e3e9c8138a5ebadb903447d6414e05
Opcode Fuzzy Hash: cc41e482c2cec41a76d23fb83ab861f1cb3fb003ca5bb6e658578bfdb36e86e5
Instruction Fuzzy Hash: C0217F79B42219AFCB44DF68D594AADBBF2BF49301F204498F802AB360CB34AD41CB50

Function 01201861 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28589cd8d75c22242299649b4585cc49620cda612adfb5ef030807fb7a300b04
Instruction ID: 2e16076155f285ccc38ce97ed708bbe8c0939ad528a7c8ccc2a1bfa289997f63
Opcode Fuzzy Hash: 28589cd8d75c22242299649b4585cc49620cda612adfb5ef030807fb7a300b04
Instruction Fuzzy Hash: 0E1104312142019FD3079B28D4407AA77E6EF82360B184669E1098F6DADB74EF45CBD1

Function 06034839 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f364fa51c514bc05bff566792fd5030bfca0526b5fc540505285177d46ff40
Instruction ID: fb267eb5eb94bc7468f751bfa91e088b75d1af950b105f766cc811b41d1fbd62
Opcode Fuzzy Hash: b0f364fa51c514bc05bff566792fd5030bfca0526b5fc540505285177d46ff40
Instruction Fuzzy Hash: 1011C2317406949FD3649B24D880B6A3FEAAF85311F04456DD9564FB91CBB6E882CBC1

Function 01201870 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79f147edef9b1a053956ad9072a43a23bf44a518669c0d0c95ddba7d0984564
Instruction ID: 10e71dcd324c932e56f1f6ff7635816056b9e0740cff9f6afa1225d8f9c65aa8
Opcode Fuzzy Hash: e79f147edef9b1a053956ad9072a43a23bf44a518669c0d0c95ddba7d0984564
Instruction Fuzzy Hash: CF11AD316245018FE716DA2DE44076AB6D6FFC0360F188739E1098B29ADBB0EE568BC0

Function 0602ABC8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d0e4944b3798b6c3521d1baf3bd93cd733fb73a4381276ab34470289eb218b0
Instruction ID: 4b37d287266de0f4f142079068ba587a57dd48b004e4b862c8a0695f99ab62d6
Opcode Fuzzy Hash: 1d0e4944b3798b6c3521d1baf3bd93cd733fb73a4381276ab34470289eb218b0
Instruction Fuzzy Hash: 28014436350215AFDB108E59DC85FAA7BA9FF89B21F10806AFA15CB290CAB1D810CB50

Function 060333AA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95909c5e9baaba15ae6111f375442f2b267711c6a4e3fe32a9a4851a36ba8fa6
Instruction ID: 95cc4499b610345d18206dd221e0e83caf967433b7673d34a02e9b3fb39648f2
Opcode Fuzzy Hash: 95909c5e9baaba15ae6111f375442f2b267711c6a4e3fe32a9a4851a36ba8fa6
Instruction Fuzzy Hash: 6801083AA40514DFCB46DF94D984C58BBB2FF4931070681E5EB069F236D632EC66DB50

Function 062AEDD0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cc7007c85a909a6985e8164e9ecf1424db2eeb7e828c9ac8be124a2dd83648
Instruction ID: 1169b3c04ca5a822b711cc5bdb781abb0c63f40a81fd348508231af3867d193e
Opcode Fuzzy Hash: f8cc7007c85a909a6985e8164e9ecf1424db2eeb7e828c9ac8be124a2dd83648
Instruction Fuzzy Hash: 2711F7B0E0020A9FCB48DFA9D9457AEBBF5BF88300F10856A9418B7354EA319A419B91

Function 06036712 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae6775309761866d813df173305e9786f182ebf43c4827ef78f5283122046f4
Instruction ID: 2c9ef12380ac65fe9725aed1bf0debd4d8254a04ca4597acc7644043b33147f3
Opcode Fuzzy Hash: cae6775309761866d813df173305e9786f182ebf43c4827ef78f5283122046f4
Instruction Fuzzy Hash: F001B531B001189FCB44DB58D985B9ABBF6EB88304F1040B8E509EB391CE32ED59CB51

Function 06034848 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99032059267397c0f284f6547785cf412a9ac3fb18574f0a5b36b3d2368b028b
Instruction ID: 7ce333c6928b51c83f62b8183105ff55325743fe1bcf4cd9b8a82603c59fd0e6
Opcode Fuzzy Hash: 99032059267397c0f284f6547785cf412a9ac3fb18574f0a5b36b3d2368b028b
Instruction Fuzzy Hash: 3A01B130B402549FC364AB24D444A3F7BE6ABC9315F14866CE5564F790CBB5EC42CBC0

Function 0603BA5C Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6426a352328708b647d962c3cc9459e5b5dfc845ae0dc369ef61c7b953a2b4
Instruction ID: 6f0c391202c236f1a4d929d84c1e83939f07f274d00a2ecc69de086229cad957
Opcode Fuzzy Hash: 5e6426a352328708b647d962c3cc9459e5b5dfc845ae0dc369ef61c7b953a2b4
Instruction Fuzzy Hash: 8F1119B4A042188FDB94EF25D895BAEBBB1FB49304F5081EAE54997384DF305E85CF80

Function 0603B6E2 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ef3b4eebac5fc2211c60fe7ccffd8c177582745dd21bba286161ac0f3f5c4a
Instruction ID: e560de530a70298f715da1f95205600a3d0821efb9002009277d7a2003270eff
Opcode Fuzzy Hash: 15ef3b4eebac5fc2211c60fe7ccffd8c177582745dd21bba286161ac0f3f5c4a
Instruction Fuzzy Hash: A8112BB4A042188FCB55EF25DC85B9A7BF1EB48305F1081A99609A7385DF306E808F40

Function 0603F37E Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ab0e40e7b14257e4fee8801147f08445e8daae23d8fe1dc415ca28564d8a86
Instruction ID: 0d6921e39994fab583082b7fa0c43ee850c7ea30b9b20be87e80ed08957e2504
Opcode Fuzzy Hash: 70ab0e40e7b14257e4fee8801147f08445e8daae23d8fe1dc415ca28564d8a86
Instruction Fuzzy Hash: 50112A70E44505DFCB88DF6AD4859AEBBF1BF48304B10826AE40AEB354EB74AD41CF90

Function 0603785F Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2312d0c3a1c22d35cf4dc49e31a3f4cf3c2a8e824ad1d518d8949ef96c6dffff
Instruction ID: a6499f47a5af635248cfb7ba9cace5cd8bf471de6760aa30602f77d28ac5ea37
Opcode Fuzzy Hash: 2312d0c3a1c22d35cf4dc49e31a3f4cf3c2a8e824ad1d518d8949ef96c6dffff
Instruction Fuzzy Hash: EE017175E40A18DFCB41DFA8D544ADEBBF4EF48301F1085AAD559A7310EB30AA05CF61

Function 06032341 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155078a1b1f37c847f0f175127b93eeeddc3b802d7fa46eb42467eb083ed46f3
Instruction ID: ea89a8a1e438a9b4a2720e1c3543700085e1ea02d8e8654c560316428890ddfd
Opcode Fuzzy Hash: 155078a1b1f37c847f0f175127b93eeeddc3b802d7fa46eb42467eb083ed46f3
Instruction Fuzzy Hash: BB017C39300610DFC349DB28D099A6E7BA2EF8C711F108569EA468B7A0DF35EC42CB81

Function 06029FF9 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2dd34d6ad39d18d37b6835a053159547b626673e565735f96d79c1cf70503cf
Instruction ID: 22fa433b7aa2c6a3b0a7105d951453a94fe977f27a5907b10f5393d0705494ad
Opcode Fuzzy Hash: d2dd34d6ad39d18d37b6835a053159547b626673e565735f96d79c1cf70503cf
Instruction Fuzzy Hash: 2CF04C71F893111FE3555624A814B6ABFA5EFCC320F04406AD9449B351CE729C41C7C4

Function 0602C2B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17826fa81b548f45a358ce40cacd02998e26a527895e9ba379b520a0afa763a
Instruction ID: 5734785e595216590d23e561156824b7fa7660fa9c775350b64c4d6907acfdfa
Opcode Fuzzy Hash: e17826fa81b548f45a358ce40cacd02998e26a527895e9ba379b520a0afa763a
Instruction Fuzzy Hash: FB0186B2E442589FDB46CBD8E9456DCBFB6EF84315F14C0AAD009EB251DB314945C740

Function 06029B2A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c528ba40248f7431a264635d45b53000c30b8e940e871c58373ad59bde6ad66
Instruction ID: bf6a631116cb6cfa494d40a6aef588a1f40ad37a66c548b91c044524dec73b75
Opcode Fuzzy Hash: 5c528ba40248f7431a264635d45b53000c30b8e940e871c58373ad59bde6ad66
Instruction Fuzzy Hash: F101A4B2D0E3849FD786CBB4DD526997FB0EF52300B0480DAD444DB156D6318E07D752

Function 06032350 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e624be86fae1637521fd68f6718a4f0d57a2f624e49d823d4345123f0e7779
Instruction ID: 1b8258b199e3921bca506bccd4ca39825da40ed68c481e42a67a880d777364b8
Opcode Fuzzy Hash: 74e624be86fae1637521fd68f6718a4f0d57a2f624e49d823d4345123f0e7779
Instruction Fuzzy Hash: 91016D39300614DFC3459B24D45892EBBA2EFCC751B108169EA068B790CF31EC42CBD1

Function 06290F82 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d651d52be225cf3bfde9edc981bd40045f7d87163c369250367ba4010d471c0
Instruction ID: 5e319a82598806394de7991717366882174d2d4d31dee7e2bd9847baf7c4dcc4
Opcode Fuzzy Hash: 7d651d52be225cf3bfde9edc981bd40045f7d87163c369250367ba4010d471c0
Instruction Fuzzy Hash: 6A114570D6422ACFEFA0DB14D848BEDB6B1AB86304F1040E8D84967680CBB44EC8CF21

Function 0603EC68 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb564e5c17542bc2a952ab9cce82c63ed81ea7cc3dafcfa178b60ddbf43c2b5
Instruction ID: ac6f210806669e1e0ff2bb0df36bae9ff5e5ae11af011974bea3fecf84cc896f
Opcode Fuzzy Hash: 7eb564e5c17542bc2a952ab9cce82c63ed81ea7cc3dafcfa178b60ddbf43c2b5
Instruction Fuzzy Hash: FB112A70A40114DFCB94DF25D885B997BF1BF48300F1182A6E4099B314DF746E81CF80

Function 060320C8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ef994d71118365688aac655db3b87eb74cbd17bf88b512cf0437cddbe0508f
Instruction ID: c497a8f56aba658a225d6256ee12b7a0fad3dfe8cec5646ed28ddddebff12ea9
Opcode Fuzzy Hash: 18ef994d71118365688aac655db3b87eb74cbd17bf88b512cf0437cddbe0508f
Instruction Fuzzy Hash: BFF0F976320600DFD304DB59E899E2ABBEAFB8D721F104469F946CB360CA71EC42CB50

Function 0602A060 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d9853d6274be7a3bb095d712928794bab9234821484d8f6c2bae011532457c9
Instruction ID: 7f70515b6a6bc55314f6c58839a8b5621830a11abee1a6f8b7a5de96e01a5c0d
Opcode Fuzzy Hash: 9d9853d6274be7a3bb095d712928794bab9234821484d8f6c2bae011532457c9
Instruction Fuzzy Hash: 98F0BB62F8D2A25FE36207385C54329BFD19FD9300F19449AD5858F2A6DD979C46C390

Function 0603FE78 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ff7a5cefb656811ed96dd6e25afdfed604500984adfc0975a169820fcbcaf9c
Instruction ID: e23d3bf95290fc38900624da36e7e08d72de3bdc9d8ba67ace54b6834efacaa1
Opcode Fuzzy Hash: 7ff7a5cefb656811ed96dd6e25afdfed604500984adfc0975a169820fcbcaf9c
Instruction Fuzzy Hash: F4F04F70D8520DEFCB80DFE8E58179DBBB9EB49301F108199E80857351EB35AE51DB91

Function 0603F701 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c3e4b16a0158073ab50c878ea0d24f4e3a2142f60f239031a238a7f1498d7f
Instruction ID: d18bb9cb91b4686a20f5f7c6f78c522a9253f6ede0f26e4618abff660a6479d0
Opcode Fuzzy Hash: 79c3e4b16a0158073ab50c878ea0d24f4e3a2142f60f239031a238a7f1498d7f
Instruction Fuzzy Hash: DB11FA34A45114CFCB94DF29D999B9A7BF1BF48304F1045AAE4199B354DB74AE80CF90

Function 06032950 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86b760f6e6e96ba41ce13a69e45a8d753cb4c6321dbb2340c185ab14a9d5309
Instruction ID: ad1840e0964a5e8c2ab8d595191a3fcb0325c29ccec37fbc7ec5ad4ab5912116
Opcode Fuzzy Hash: b86b760f6e6e96ba41ce13a69e45a8d753cb4c6321dbb2340c185ab14a9d5309
Instruction Fuzzy Hash: 4FF0B432B101149BDB418A6DE8444DEFFFCEB8C261B004177ED04D3300DA31A8118BA0

Function 0602A008 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c166460da3a48874e798534da7d5fcff67da976a0c09d99b218d1354b6d2fd40
Instruction ID: 2a33cd5ade36db39aeaac899d48910aa0a498f388bf49b62b7be4eadec24de6e
Opcode Fuzzy Hash: c166460da3a48874e798534da7d5fcff67da976a0c09d99b218d1354b6d2fd40
Instruction Fuzzy Hash: 93F0B472F846225FE3554619A854B2AFBE9EFCC720F144029E9059B354CEB6AC41C7C4

Function 062964FA Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ab77cc731c4c376135b4b977d6913a3e4c29ae57a2020a6893e0f095f1354a
Instruction ID: 9a34fc5c1089c814191bdbd9a784124fb11b5b56c7b314c1aa97bdcf4c446bf8
Opcode Fuzzy Hash: 67ab77cc731c4c376135b4b977d6913a3e4c29ae57a2020a6893e0f095f1354a
Instruction Fuzzy Hash: BF110CB4A04218CFCB54DF14D898AD9BBB1FF89300F1055EAE619A7385CB349F849F51

Function 060320D8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b397c2bbed7991f313f0fcb0340040697ceb9fe2cc81699095ac0c32aab7d29
Instruction ID: da9324339d98e33c55c8e3884d7f94132eafb49b3aeec6b07bd1e7d6dc2e121e
Opcode Fuzzy Hash: 7b397c2bbed7991f313f0fcb0340040697ceb9fe2cc81699095ac0c32aab7d29
Instruction Fuzzy Hash: B5F05E36320200DFC304DB19D458D2A7BAAEFC9721B104469F946CB360CA71EC42CB90

Function 0602DEA0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347d1320df478b71bf09a17df9fa68fab7cf3b9d2374984a9dba819fccf15de4
Instruction ID: b5977b20e7cff5c0ade9489ef3afc6675c3b65072fb7972fb1d74e952d673d30
Opcode Fuzzy Hash: 347d1320df478b71bf09a17df9fa68fab7cf3b9d2374984a9dba819fccf15de4
Instruction Fuzzy Hash: 14F05476D40229CBDF88DB94C9557DFBBB6AF58300F104529D10177785DB751E058FA0

Function 0602ABC2 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b91d042b97c9f74a47c89bc4bffe45bc21b0f4c111673a07d337d3cda7ebd68
Instruction ID: 9d3df672cce7f9967b8d6784d1e1bedf75b6582c592871a616b6123939052bd9
Opcode Fuzzy Hash: 9b91d042b97c9f74a47c89bc4bffe45bc21b0f4c111673a07d337d3cda7ebd68
Instruction Fuzzy Hash: 82F0A97A310211DF8744CF69E8C4D9A7BEAFF8DA21320846AF905CB320CB30D801CB10

Function 06035F28 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dfae6115433786f114e5d3c13ce6674e93b69503477c3bd7908eba2e98bde5
Instruction ID: f98798d2da6d065f1b1c263748008e5e7f070691151cf430e2c824e28e6adfbe
Opcode Fuzzy Hash: a4dfae6115433786f114e5d3c13ce6674e93b69503477c3bd7908eba2e98bde5
Instruction Fuzzy Hash: 6AF0E533B842729BEBC6212CDC2537E2F998781243F04056AD942CB3E2EA24C85247C2

Function 0603FAA8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222ca5490cf5eaf5f7bec47383dee72ceed18d70790f231f22d0cc8936004d69
Instruction ID: 3033f4abee2612f8dc290a72c17721c16cd5a85644ac1dce0b4fa62e3c447708
Opcode Fuzzy Hash: 222ca5490cf5eaf5f7bec47383dee72ceed18d70790f231f22d0cc8936004d69
Instruction Fuzzy Hash: B3F03474905148EFCB80CF98D850BADBBF8FB48310F14809AFC5893250D6359A62DFA0

Function 06029AD5 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d6c747d999d608e14a209475d240d91f1ac65730917b22597e6256075f2ca6
Instruction ID: beab95862713ee434431f165677f532a3836a23704a88471ae74efe047471a6f
Opcode Fuzzy Hash: a9d6c747d999d608e14a209475d240d91f1ac65730917b22597e6256075f2ca6
Instruction Fuzzy Hash: AAF0E571A0A684AFD782D778DE527AC7FB0EF86200F0580EAD804DB291D5304E079752

Function 0603EA98 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec53c452199dbb5cf96d7a6089934991017e4e0446f83c04e9e872881c57ed99
Instruction ID: 00e88f74817e51f924348732606f5818c7caaed86283c049444e6725868181e2
Opcode Fuzzy Hash: ec53c452199dbb5cf96d7a6089934991017e4e0446f83c04e9e872881c57ed99
Instruction Fuzzy Hash: 42016D30A41115CFDB94DB25D996AD97BF0FF48300F1181AAE80A9B354DB70AC81CF80

Function 0603A0F9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3608505aa63a110bd0d37c046c8db323ff9cc4907ddb9748d6e7a8b6fbbaca16
Instruction ID: cb2513393116f2a93cec7875614fd2867fd87f802beb8238638ead63eb08a361
Opcode Fuzzy Hash: 3608505aa63a110bd0d37c046c8db323ff9cc4907ddb9748d6e7a8b6fbbaca16
Instruction Fuzzy Hash: E8F0DA34E45108DFCB44CF98E5817ACBBF8EB48315F1085DAAC4857351D6359E11DB91

Function 060270DF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3626e8e121638d9061c697bc74e0b22d3bb8c7360f9ac2b30d21c219f6b6460d
Instruction ID: 3ebab4eb970698339293f8bd818ff1e7062da49c9f5bce73ab8cfbdd04be4006
Opcode Fuzzy Hash: 3626e8e121638d9061c697bc74e0b22d3bb8c7360f9ac2b30d21c219f6b6460d
Instruction Fuzzy Hash: F801D6B4A05119CFDB54EF65EC54B9DBBB1FB88301F1082AAD50DAB384DB345E898F60

Function 0603F5CE Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba4c51c40f46f1a8eb09d4fdd2afed74702df9811d12d4bfe4b910931cc60dbb
Instruction ID: b764560fb0953e743c40ae933fa56e74f48ca0d4fe6aeca7ab755868cef35523
Opcode Fuzzy Hash: ba4c51c40f46f1a8eb09d4fdd2afed74702df9811d12d4bfe4b910931cc60dbb
Instruction Fuzzy Hash: 99F0EC34A4421ACFCB84EF65E99A9AE7BB1BF48304F11562AD4069B354EB706940CBD1

Function 061E04A9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680252355.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9166a1292a584c18c9e09ebf8ae37acec1a8ffb640b362789f370e96cc5debfd
Instruction ID: c50e2b12c7901c0a022e41908b9727a19b23079064ec4064f5f0d016ed1ed98a
Opcode Fuzzy Hash: 9166a1292a584c18c9e09ebf8ae37acec1a8ffb640b362789f370e96cc5debfd
Instruction Fuzzy Hash: B2E0ED3090E2449FC704CBE0AA015FCBF30EB06220F1081DBE848A7252C6314A52CB91

Function 06026589 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950707505badea35a17b028e0034558b3738715e16355f4eae71852b652dddae
Instruction ID: 66e09e6ad0e0e5a7195bf25801f582b5a44d861424729ea19eb4ef7539b3dd63
Opcode Fuzzy Hash: 950707505badea35a17b028e0034558b3738715e16355f4eae71852b652dddae
Instruction Fuzzy Hash: D4F085B0D0A218EFCB81CFA4D9402DDBFB1EF49304F0080AAE808A2215E2358B56CB91

Function 0603EE32 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 779ee8244bb52fcc02e3aa5d5d9cc6f54315b0cd546f6bce8edf69a0429cd436
Instruction ID: 871ed86f3bf4c00b711eb46a6dfa29fe010a8e10c196f86245c9cd4563b39ec3
Opcode Fuzzy Hash: 779ee8244bb52fcc02e3aa5d5d9cc6f54315b0cd546f6bce8edf69a0429cd436
Instruction Fuzzy Hash: D5F0EC30A48104CFCB94EF79D995AAE7FB1BF48604B21426AD4169B355DF746840CF80

Function 0603EEAB Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9386c2566168c744694b68b46d23d812362dc0d3a5116249bfa9bff6808a23
Instruction ID: a559893f2be916ebcf2fe0834f676a76ba5267a78035007431aa88b39a268530
Opcode Fuzzy Hash: ef9386c2566168c744694b68b46d23d812362dc0d3a5116249bfa9bff6808a23
Instruction Fuzzy Hash: 58F01930A451148FCBA4DB25D945BEA7BF1AF48304F118AAAA40E9B364DF70AD858FC0

Function 0603E735 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e05376e0431df4dbebacf2d7fcce7d8c74adfb1489c360dc37dfd20a65fa06
Instruction ID: 36a0bd28300c25b1a87d375bb9c8a69e21a34ded6ec863c6f3d6be606c57948b
Opcode Fuzzy Hash: 24e05376e0431df4dbebacf2d7fcce7d8c74adfb1489c360dc37dfd20a65fa06
Instruction Fuzzy Hash: 6DF0AF30B44214CFCB94DB25D996BAA7BB0BF4A300F1182E9E40ACB354DBB06D818FC1

Function 0603F546 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0795742944fdd0ec14aec01bce7def27678ebdb12cd3f2802defd0d786b10afb
Instruction ID: 015d5b3e904b8ddb7acd9dcfe5630ed3b163eb793078e930a971362c85ae1c22
Opcode Fuzzy Hash: 0795742944fdd0ec14aec01bce7def27678ebdb12cd3f2802defd0d786b10afb
Instruction Fuzzy Hash: C8F03C30A492148FC7D4DB25D956AEA7BF1BF48704F1146AAD40A9B354EF74AD84CF80

Function 06027E18 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea0fbebf889518188175aaf9fd97af174637f338265b31805b429d9990a2834
Instruction ID: d74517234480fb073c081a09a0fdbe68639c9124def305aab48432f75021804a
Opcode Fuzzy Hash: 1ea0fbebf889518188175aaf9fd97af174637f338265b31805b429d9990a2834
Instruction Fuzzy Hash: F7F05E71D092499FC785CBA8C8506DCBFF0EF49214F1481DAD85897251E2314B02DB51

Function 0602DE51 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd19a71663c57f8f80a4284c6ee557982bd34ee0ad72c6224dc60bf604bf473
Instruction ID: 96bcf127b1675bff2db482f37357ea6f4e6ff7419d6d9e1233a70e514fbdcd5d
Opcode Fuzzy Hash: fdd19a71663c57f8f80a4284c6ee557982bd34ee0ad72c6224dc60bf604bf473
Instruction Fuzzy Hash: 11E0DF32A853A28FEBE62B305C907E57FA09F22304F1544DAD1559F1E1E522DC43C311

Function 0602DEB0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fa1b540106444a38eb01c06e6c988e097a6d164941fbaffce3fd5426feecbf4
Instruction ID: 9503074eaf291ffad932c9f56cbf920eec366764496408c2c04114168b9a7f4a
Opcode Fuzzy Hash: 4fa1b540106444a38eb01c06e6c988e097a6d164941fbaffce3fd5426feecbf4
Instruction Fuzzy Hash: D4F01C359402299BDF44DF94C915ADFBBF6AF88300F204429D40177785DB751D048BE5

Function 0602C2C0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c792eb9e13461a5926760ba338fe6645a0838e2524aa79c5dd51f0d5cecc5a
Instruction ID: 430946a6bd7b11529f5a432c57876fe7982a8934f66de8939797690bcf307193
Opcode Fuzzy Hash: 14c792eb9e13461a5926760ba338fe6645a0838e2524aa79c5dd51f0d5cecc5a
Instruction Fuzzy Hash: B6F03971E04218ABDB4ADBE8D0486DDBFFAAB84210F14C099E009A7640DF741A85CB84

Function 0603B330 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd075658b0f254a280b378ab8b412a33fe9c4a9fb66c6a58330afd143a41dcac
Instruction ID: b3c1caf139092b5b5436ee0dc859ac4d079fc492af809b6cc741ba70eba224c3
Opcode Fuzzy Hash: fd075658b0f254a280b378ab8b412a33fe9c4a9fb66c6a58330afd143a41dcac
Instruction Fuzzy Hash: 2FF06D74949198DFCB84CB94D9007ECBFB4EB4A315F0892DAE86953301C6354A02EFA0

Function 06028E91 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3b538b4e3774f08838624506da03fda1a330d25b89b4e2a204e4b66814c232
Instruction ID: fce0ba003c75e3fc9444b6d63d5d37e5d115ec15ded2fabff38a1d21e08306ee
Opcode Fuzzy Hash: cf3b538b4e3774f08838624506da03fda1a330d25b89b4e2a204e4b66814c232
Instruction Fuzzy Hash: EFF01574E89218DFCB80CFA8DA4069CBBF1AF88304F14C49AA858D3351E7319A55CB41

Function 060277A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d45b556178765994e5bfe3475768cbc79be5d116e62f09493207233cba54c5
Instruction ID: 77cf3ca953dc40642adfc6aabd8002bdb2d3ac1c29e24ebf3ad71d93df819541
Opcode Fuzzy Hash: 42d45b556178765994e5bfe3475768cbc79be5d116e62f09493207233cba54c5
Instruction Fuzzy Hash: 4CF03974D4A2859FC785CBB8D98469CBFB0EF05214F1480EED848D7652E6319A4ACB91

Function 0120E358 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d02505e12e889421199a6fecf841f0ecc1b90ad85b7810babd6909f460eb949
Instruction ID: 7fa7face84526a1ec1a78bf32b6a15dba37b0c9b758a61077b6b9d841ac8a4a1
Opcode Fuzzy Hash: 5d02505e12e889421199a6fecf841f0ecc1b90ad85b7810babd6909f460eb949
Instruction Fuzzy Hash: BDF0AE74E05208EFCB95DFA8D941AACBBB5FB48310F10C5AAAC58A3351D6329A51DF81

Function 06026620 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f02b4afeca0b49a7ea336ecf12ebcecdf23c65879e24728ddc8e6538cf27a1
Instruction ID: 76c8b8f434c9e431715912803b4868ecffb46496ba6282043d9d9216b50fa72b
Opcode Fuzzy Hash: b6f02b4afeca0b49a7ea336ecf12ebcecdf23c65879e24728ddc8e6538cf27a1
Instruction Fuzzy Hash: 21E0DFB2C4A245DFCB85CBA4D9886AC7F70EF03311F1440DAE40513152DA310A0ACB62

Function 01200879 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d007ab5e7a3001428c8a712962e9a26f7f07bf3f7e1d37dd42ed1cd7f1c388a7
Instruction ID: 28527146dee28de4c3f843a1ce0da375289d9fc8c6d1b5b2b439b8a996f02038
Opcode Fuzzy Hash: d007ab5e7a3001428c8a712962e9a26f7f07bf3f7e1d37dd42ed1cd7f1c388a7
Instruction Fuzzy Hash: 2DE0D8B0955248AFCB01DF74EC4195DBBF8FF4230971001EED408D7251E6351E049792

Function 0603AF82 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e7226d66646d5b5b5770683fa73852eb38b8cac25aaf53b4e75e61fd6c8576a
Instruction ID: 1ef8f86b53ca0d10da1c2833daf312f72703feec7dc77c1b94e1bb3245ce5bde
Opcode Fuzzy Hash: 9e7226d66646d5b5b5770683fa73852eb38b8cac25aaf53b4e75e61fd6c8576a
Instruction Fuzzy Hash: 0FE01A74A49108EFC744DFD8E941BACBFB8FB89315F148199E84853350DA71AE42CB91

Function 0603FC78 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7027c4e688d96e00bbc70e92a4ad7c060d99c2105c65bbb8eeeeef2977e89273
Instruction ID: bdcb3b021c646bc54afa3c1b4a8077f1bc9da7c0002629d8536075a20b3afd3b
Opcode Fuzzy Hash: 7027c4e688d96e00bbc70e92a4ad7c060d99c2105c65bbb8eeeeef2977e89273
Instruction Fuzzy Hash: 57E0DF3198610CEFD740EFF8DA0079E7BF8EB04300F1008A5E54487110EE396A01CB92

Function 06039DA1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0be7172b2047386fa0eeb2b1fb2ee808b617b464e72bd80f2284fd1749cf31e
Instruction ID: df5c341833dae674a3a9a347faecb5636d75d037e74de66e45d520efd3d3680f
Opcode Fuzzy Hash: e0be7172b2047386fa0eeb2b1fb2ee808b617b464e72bd80f2284fd1749cf31e
Instruction Fuzzy Hash: 1EF0A030A441489FC790CFA8C540BACBFF0AB05310F1081C99C5887391D2355A42CB40

Function 062AA208 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bdccbad081137abb6396712a34087cbbdcea4b64be9725fac637215897e1918
Instruction ID: 60c95c2b6649baa03d4506557a776fa8f758a1c1305e4bef9d3e23a9c27ca25c
Opcode Fuzzy Hash: 5bdccbad081137abb6396712a34087cbbdcea4b64be9725fac637215897e1918
Instruction Fuzzy Hash: 58E0C974E05208EFCB84DFA9D54069CFBF4EB48310F10C1AAAC0893350D6729A55DF81

Function 062A5BF0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bdccbad081137abb6396712a34087cbbdcea4b64be9725fac637215897e1918
Instruction ID: 2c40d8fdc1e7bd6610fa4786fd1879d0d788d0abc6b31c72d586c74f4e7ac2e6
Opcode Fuzzy Hash: 5bdccbad081137abb6396712a34087cbbdcea4b64be9725fac637215897e1918
Instruction Fuzzy Hash: A5E0C974E15208EFCB84DFA8D54069DBBF5EB48310F10C1AAAC18A3355D6719A51DF81

Function 01201986 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3a505c1915cbfa5988d7bd9598d2d08c067ae559cf97935657a7d61e5adaaa
Instruction ID: 2721944d0799829de8ea4e0b022e4109904f39f4291d5ee2e85484611356a7d6
Opcode Fuzzy Hash: be3a505c1915cbfa5988d7bd9598d2d08c067ae559cf97935657a7d61e5adaaa
Instruction Fuzzy Hash: 17F0F234625005CFD706CB58D088B68B3B3FB44311F5582A4E1059B3A7C370EC94CF00

Function 06039DB0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5fd3f8dd501aec5a8d6f19e5ef13d63428f8b07aa04114bea0dd0e51eef0a7
Instruction ID: 514d6a67447777cfc1ce8483ef437a2dfbb23e78d967871befc53e2880cf7581
Opcode Fuzzy Hash: af5fd3f8dd501aec5a8d6f19e5ef13d63428f8b07aa04114bea0dd0e51eef0a7
Instruction Fuzzy Hash: DAE01A74E49208EFCB84DFA8D5416ACFBF8FB48300F10C1EA981893340E6719A41CF81

Function 062AEEB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2fe3f7c9402a495e1f1cf8d2528850e8a4f7a4e2a408776cea1442dff24f58
Instruction ID: fc5ebf75549d56d812ade8470c22c6f92ffba1d297bc0089376e8f3e9b735221
Opcode Fuzzy Hash: 2d2fe3f7c9402a495e1f1cf8d2528850e8a4f7a4e2a408776cea1442dff24f58
Instruction Fuzzy Hash: 71E0E574E05208EFCB84DFA8D5806ACBBF4EB48310F10C1AA9C48A3340D671AA02DF81

Function 062AD518 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2fe3f7c9402a495e1f1cf8d2528850e8a4f7a4e2a408776cea1442dff24f58
Instruction ID: 04b77b206b6c94d19bef86b07e0120868fbfbcdf297c6e69e2eb1e60b7d3ab90
Opcode Fuzzy Hash: 2d2fe3f7c9402a495e1f1cf8d2528850e8a4f7a4e2a408776cea1442dff24f58
Instruction Fuzzy Hash: 8FE0E574E05208EFCB84DFA8E5506ACBBF4EF48314F10C5EA9C0893340D6719A02CF81

Function 06027E28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b7f76f51242658ba559281abe36b2bfc6810b0d86560ccd135bab09229da8d
Instruction ID: ba2f2a1a9d6012901715132561b64bd8c2d94412f8623dbc03795e4fb66c7711
Opcode Fuzzy Hash: 44b7f76f51242658ba559281abe36b2bfc6810b0d86560ccd135bab09229da8d
Instruction Fuzzy Hash: A6E0E574E45209EFCB84DFA8D5556ACBBF4EB48310F10C1AA980893340E6319E42DF91

Function 06028EA0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b7f76f51242658ba559281abe36b2bfc6810b0d86560ccd135bab09229da8d
Instruction ID: 70db419325ad33cd3b50fdde7914ff66a8dc148105cc4efd8cab577907b73f7c
Opcode Fuzzy Hash: 44b7f76f51242658ba559281abe36b2bfc6810b0d86560ccd135bab09229da8d
Instruction Fuzzy Hash: F0E0E574E45218EFCB84DFA8D5406ACBBF4FB48304F10C5AA981893340E7319A45CF81

Function 06026598 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b514a414d513e485f1cade8b2371115008e42b0f19810d4363e8e41fc74d5fd
Instruction ID: 77d7470d3d269da8758c43fa8235bb013f5dace58fa983c512ee95bb5ea47a7b
Opcode Fuzzy Hash: 3b514a414d513e485f1cade8b2371115008e42b0f19810d4363e8e41fc74d5fd
Instruction Fuzzy Hash: 73E0E5B0D45219EFCB84DFA8D40069DBBF5EF48304F1081AAA808A2314D6355A51DF91

Function 060262D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f8685e7a28e30ff2339c4c101bcfc1750fbd9f8826b49a19363a53eef186038
Instruction ID: a3cbeb3dc9729bb47cfa95454c5fadf62bc0bd38b3d5ce7c11586f601a7481d1
Opcode Fuzzy Hash: 8f8685e7a28e30ff2339c4c101bcfc1750fbd9f8826b49a19363a53eef186038
Instruction Fuzzy Hash: 3CE092705992C6CFCBA2D778D5452AC7FF0AB07220F1842DA98949B293DA360646C342

Function 0603ED34 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4543602784f7f79836dd459ec8b6ab2df4f4130e02f69c6a9ab674668534fb7f
Instruction ID: 8cb27bf0f8552a675e9f73b225bacec04a9b91b5ef77e07f7b605e891d3a3fcd
Opcode Fuzzy Hash: 4543602784f7f79836dd459ec8b6ab2df4f4130e02f69c6a9ab674668534fb7f
Instruction Fuzzy Hash: 53F01570C84128DFDB90DF59D884B9CBBF5AB40306F10C6B6D008A7214EB749AC58F80

Function 062AFC98 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0cf0f291253f583028275a82cc416a970f9531ec34099dee36ddf1fb362a121
Instruction ID: f67ea1a0af43afcddb3df2fdb2dc07e1e5a542fae4013b402964108e408eb358
Opcode Fuzzy Hash: f0cf0f291253f583028275a82cc416a970f9531ec34099dee36ddf1fb362a121
Instruction Fuzzy Hash: 42E02678909208EFC740CF94D900AACBFB8AB45300F10C09AEC4853380CA719B41DBD0

Function 06029690 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5ce6b4db880adf62987df6ccbab1a1cac65df5ff63f8d27113b36210799c9a
Instruction ID: 5e5e798f08aa5b0b67569bb1e146a64dd1703e647ab9c4e893c831ef2f1e9718
Opcode Fuzzy Hash: bb5ce6b4db880adf62987df6ccbab1a1cac65df5ff63f8d27113b36210799c9a
Instruction Fuzzy Hash: D1E0D8B2A09285DFC741DBB4EA0169CBF70EF86300B24C1DEC809DB346D6315F059B92

Function 0603A108 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0936ef84c3ebbee33efabf35a0a35b9764dda45ce658856ddbd591d7abace486
Instruction ID: 3a8e1792868dc4a95d812f2ff811649b5dc71d9b732d639dc93a898959d81dfa
Opcode Fuzzy Hash: 0936ef84c3ebbee33efabf35a0a35b9764dda45ce658856ddbd591d7abace486
Instruction Fuzzy Hash: 07E01A34E49108EFCB84DF98D5406ACFBB8AB48311F1085EA984853341DA359A41DB81

Function 062A8688 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e92a06e9116b956978741e2bfa8bb12a16af37eff921bbacb770055246921d71
Instruction ID: b6f414032185949496fd53dc677d56fa1c142a878762780a6f203218fed8f255
Opcode Fuzzy Hash: e92a06e9116b956978741e2bfa8bb12a16af37eff921bbacb770055246921d71
Instruction Fuzzy Hash: 27E01A74D19209EFD744DF98D9406ACFBB4AB88304F1081EA9C4853341DA759A41DB81

Function 0602DE60 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12de7c8819f5fc4ea2192f2fab2d1c62ec0a52014a921e3410b6b61846b6ad23
Instruction ID: fee93fd31224852982ce45fe76ed4ed932bec485ff5a2ae6afe2922a3cb20e72
Opcode Fuzzy Hash: 12de7c8819f5fc4ea2192f2fab2d1c62ec0a52014a921e3410b6b61846b6ad23
Instruction Fuzzy Hash: EDD0C2316C13369BDFE036608C00B95B7A89F15610F100469D6155F1D0EA62EC418251

Function 060277B8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58bc5f548ad18293f474f90ea5f09cf38c67d87bab2b9542ce549c02710c11b9
Instruction ID: 0d1f1e39f87b6ca6f3aa6244587bb1178eda873789aabb2002ad109f77923fe1
Opcode Fuzzy Hash: 58bc5f548ad18293f474f90ea5f09cf38c67d87bab2b9542ce549c02710c11b9
Instruction Fuzzy Hash: F9E04634A45209EFCB84DFA8D9406ACBBF4EF08314F2080EA9C0893340EB319A41CB81

Function 06027076 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3738b215ff39161724eb56c8a19c8fbb191cd1cc4b8ccb6ddea77543983a4ce
Instruction ID: 908b515b23b334276081b8f83b75ada5918a24afa99352c38edb7dc1702cf10d
Opcode Fuzzy Hash: b3738b215ff39161724eb56c8a19c8fbb191cd1cc4b8ccb6ddea77543983a4ce
Instruction Fuzzy Hash: 22F0FE74A452188FDB94EF15D840BDDBBB2EB48300F1081A9D50DA7354DF345D858F51

Function 060221A4 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3567c32c76baa07c66e6fb22c3e6c2fb6d40d72bbeaae66476db984165051a
Instruction ID: 601f3dc29c1229a0785652a2a35fe7f789d31d46a3c002f4ba45397786d392fe
Opcode Fuzzy Hash: 8e3567c32c76baa07c66e6fb22c3e6c2fb6d40d72bbeaae66476db984165051a
Instruction Fuzzy Hash: F8F0B7B4A4122A8FCB609F14D88478EBBB0BF45325F0441E5D54DA6250DB745AC8CF06

Function 0120D2F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89fcabf250fc698696811b0922f6e8f71c273a656a47bc5f8ad6bea89e202802
Instruction ID: 22fc7a2633e109b7626597b6a0cbd20da68bb04f457b8b229f8ddd2e5fa19f20
Opcode Fuzzy Hash: 89fcabf250fc698696811b0922f6e8f71c273a656a47bc5f8ad6bea89e202802
Instruction Fuzzy Hash: B7E0C27084310CDFC740EFF8D90478E7FB8EB45300F0045A6A60993160EE354A009BA2

Function 060366F2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c9c670563811454e6833bc570778626e1e03d7c7e3763bdf0730b5695e775
Instruction ID: 3cc25b8549b06804700fc44b3c0adbf04535a9566f7cc802f46444a67cd1f6e0
Opcode Fuzzy Hash: 2f9c9c670563811454e6833bc570778626e1e03d7c7e3763bdf0730b5695e775
Instruction Fuzzy Hash: 4FE0C235311000CBCB00DB65F8877CEBBB0F788395F004039E5118B145CA32B8028B90

Function 0603AF90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260b3e2ef4d182b9ef70b2f07e785060830d2c4719cc4798dcd1fa0b39fc0e0d
Instruction ID: 802ee41140d4aef9f1f9d13a748f45bd8d077d5fa8833a000ba9abe5bc4fea6d
Opcode Fuzzy Hash: 260b3e2ef4d182b9ef70b2f07e785060830d2c4719cc4798dcd1fa0b39fc0e0d
Instruction Fuzzy Hash: EAE0C274A89108DFC744DFD4E9406ACBFB8EB85301F2082D9EC4C13340CA315E42CB81

Function 0603FC88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965bc1928f9311c8e2ca23715bc95c08cb6a33e154c1406e77341ade99207ff6
Instruction ID: 3d0c3c479557469eada7cbe53f33a42a93666b727d78d09bc71f8858e861f513
Opcode Fuzzy Hash: 965bc1928f9311c8e2ca23715bc95c08cb6a33e154c1406e77341ade99207ff6
Instruction Fuzzy Hash: E4E0127198610DDBD781EFF4DA0079E7BFD9B45300F1045A6D90593150EE755A00D7A2

Function 061E04B8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680252355.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a81d208c38f496a5818fc2814c04722c28185882389ad6595636251c5d69f93c
Instruction ID: 3874a9e72a6613a8f01920003c0aad183e460b93e3b56b732eceef02401ca912
Opcode Fuzzy Hash: a81d208c38f496a5818fc2814c04722c28185882389ad6595636251c5d69f93c
Instruction Fuzzy Hash: 12E0C234909108DBC744DF94EA406ACBBB8EB59311F1081DEDC0823341CB719E12CB81

Function 062ADC30 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ac35510bb785a18d63f9af3aa5d0c82aca16e85166018794e72815947ee3d6
Instruction ID: ff6f5060530c2758766578bdbb7ee0693dcecd0df647aec3c472f52ab2471f80
Opcode Fuzzy Hash: e8ac35510bb785a18d63f9af3aa5d0c82aca16e85166018794e72815947ee3d6
Instruction Fuzzy Hash: 3DE0C274909208DBC748DF94E9456ACBBB5EF85304F1085D9DC0813380CAB16F42CB81

Function 060262E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a97cac7d2c9caaee5d233c745012a66342c22faccc7ccae889f3e23ad58cf80
Instruction ID: 02df90ab3507fa66e25cb59564a0aab3262e3b8cfb7569f5c9c9310009083cb5
Opcode Fuzzy Hash: 3a97cac7d2c9caaee5d233c745012a66342c22faccc7ccae889f3e23ad58cf80
Instruction Fuzzy Hash: BAE0EC70D56219DFCB80DFA8D54579CBFF4AB04211F1041A9AC08A3250EA715B44CB91

Function 06026630 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeedb6a9a4759e83e922c90283ac4dc01b9b5b6588142d533a7358ca7e15f31b
Instruction ID: 5eaef0a979944c3e12e34bba4f4e87d2b04f7ed538c2b7d06ddc83e626dd18af
Opcode Fuzzy Hash: eeedb6a9a4759e83e922c90283ac4dc01b9b5b6588142d533a7358ca7e15f31b
Instruction Fuzzy Hash: 8AD0C730C8A209EFC740DFA4E8496ADBFB8AB02301F0041A9A80823240CA311A40DAA1

Function 06029AF0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b776494507c1172585287cceccdbb26a89803d97780082cbfa664430f2f17b
Instruction ID: ea143440eb560e196b08401ee03a4d93a751cb59db1b9985b2c86a3ef703877b
Opcode Fuzzy Hash: 34b776494507c1172585287cceccdbb26a89803d97780082cbfa664430f2f17b
Instruction Fuzzy Hash: 28E01230E55248EFCB01EFB4E945B6DBBF9EB85300F50C5ADE809AB244DA315F05AB81

Function 06036598 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9831fcbb6865c645b199c5d45d6fd976586e2d728635a080c64ddfd5e3476bd5
Instruction ID: ea73c46c79d7bb1d0a1fc2a339d922a079cc04eb0f443b75caa40de611ee50f1
Opcode Fuzzy Hash: 9831fcbb6865c645b199c5d45d6fd976586e2d728635a080c64ddfd5e3476bd5
Instruction Fuzzy Hash: 87D05E73540208BBC3D2AB64ED51B577FA9E7A8706F588438D5008A116D733E862C780

Function 060296A0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba7a4739b5939987f324a597be1f36eb6b0d136cc4acac55dd0953c1c01a519
Instruction ID: 4c47d78c8223f6a6b4ba0e0b29552da66c29c6f1cacae31333634d78d83c86fb
Opcode Fuzzy Hash: dba7a4739b5939987f324a597be1f36eb6b0d136cc4acac55dd0953c1c01a519
Instruction Fuzzy Hash: C5E01270A05108EFCB00EFA4E94165DBBB9EB85300F20C1ADD809E7305DA316F009B91

Function 060274E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513f709f1d544be484a0ca2cb5f5a3168469ed071a6a5d3b4f68c1fabad0211f
Instruction ID: f65df10d71f3575bac1645b6c770f0f646b8d38f30454b1b8f18671a9483479d
Opcode Fuzzy Hash: 513f709f1d544be484a0ca2cb5f5a3168469ed071a6a5d3b4f68c1fabad0211f
Instruction Fuzzy Hash: E1E0C2B4A04228CFCB14DFA4D95AB9C7BB1FF49301F4040AAE50AA7344CB345A85CF50

Function 0602359F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfda61e1c08e1565a30835e3ddd923cdbd7c9e86bb5868cac3c211b1896326c
Instruction ID: afd89437b1378280ff80f602d41a85c45e21a1810d6eda4d353684d497e2528c
Opcode Fuzzy Hash: 0dfda61e1c08e1565a30835e3ddd923cdbd7c9e86bb5868cac3c211b1896326c
Instruction Fuzzy Hash: E1E046B458932E8FCB45AF26E89439D3FF0AF05300F108692C909AB354CA745A8A8F95

Function 01200888 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e10e48fe89fe70968d1d7da4840c30021fb1deea72166f5991a65abbda228de
Instruction ID: e211ecf21df9c368b997300ae47f54b0aa42a90029bcc5a465fe9b5cbeaacc9f
Opcode Fuzzy Hash: 8e10e48fe89fe70968d1d7da4840c30021fb1deea72166f5991a65abbda228de
Instruction Fuzzy Hash: 96D01770A01208EFCB00EFA8E941A5DBBB9EB44206B5042ADD40CD7310EA316F00AB82

Function 012019AB Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f44ce0c5b9f138e9e2e5844dca8a3e089ce0585d676168376fbd1e175c55b77
Instruction ID: aa67b811232ccd7385fe7e745e6feda59e8a535542db0ffe72d6d9f7225fdf48
Opcode Fuzzy Hash: 3f44ce0c5b9f138e9e2e5844dca8a3e089ce0585d676168376fbd1e175c55b77
Instruction Fuzzy Hash: 3DE0BF74A19505CFD716DF0DD0887A976F2EB44311F584376D149561D7C374D8D1CB01

Function 06026E12 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e22b02609e8b3a9f19e06a4d5a39200f6913b51efa829d2971e0dd682f9ee8
Instruction ID: 9fa560b5966bc06c92333f6022ee4b651f54f55dfbab9a5af67c10e9640e1a38
Opcode Fuzzy Hash: 53e22b02609e8b3a9f19e06a4d5a39200f6913b51efa829d2971e0dd682f9ee8
Instruction Fuzzy Hash: 4EE01A70A012568FC764EF24E894BECBBB1FB44301F0080A8E40963784DF345E8ADF50

Function 06026FAB Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41c099fa53e8edcf274006addc9e2690d6fe1bb80ea4749e9d1343ede9b49d7
Instruction ID: be7a5f061b0d468fe8515aa20cc753662431a0a9efe7d46d02ff3d5538ea6aa9
Opcode Fuzzy Hash: f41c099fa53e8edcf274006addc9e2690d6fe1bb80ea4749e9d1343ede9b49d7
Instruction Fuzzy Hash: 5CE01A70A0012ACFC728EF14E945BEEBBB1EF44311F0040A9AA0A63345DF345E81DF10

Function 06026C1A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3129c660aa4d5552adc6746ac09e6552b9679988a7eb68ff67cc19d354d6d29
Instruction ID: 80080e3c3cc78fb65e46cd38d3c42f6ff1edd0a47ccc0437b4abe3b7b15a4851
Opcode Fuzzy Hash: b3129c660aa4d5552adc6746ac09e6552b9679988a7eb68ff67cc19d354d6d29
Instruction Fuzzy Hash: 62E0E570A00259CFDB54EB94E844B9D7BB1EB89310F10809AE40977380CE305E85DF31

Function 06024C2F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ad07c501cbe7795881522e6e22fbf0e257ffe7efa0af7c16626a7f4d9b0974
Instruction ID: 8abf857200f01f14eeb8807b5c5034d9b2947cadf18119448959ab6056d34a0a
Opcode Fuzzy Hash: e3ad07c501cbe7795881522e6e22fbf0e257ffe7efa0af7c16626a7f4d9b0974
Instruction Fuzzy Hash: 31E04FB094A39D8FDB01DB20DC8428D7FB0AF01304F1442E584059B256DA78198A8F44

Function 06026CE2 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac46d71071affd9acca6f7589ebf85005f76721d6b2130a78a35a969e4c217b
Instruction ID: 30a00234cd5ad83e254e1a310b40e7f1c0c8dbb66ea477b97f6b8c9df99df864
Opcode Fuzzy Hash: 6ac46d71071affd9acca6f7589ebf85005f76721d6b2130a78a35a969e4c217b
Instruction Fuzzy Hash: A9E0E570A1411ACBC724EF64E844BACBBB2FB49300F0080A9E50963741DF345D819F91

Function 06026B53 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a2498e1f61bcbfa9ee760554966cdee44989bcb88d231578db9c1ada53c35c
Instruction ID: 329485d5d11995c8b978d70bea57f4a5595d05680a9f8b8f478aca38c548836f
Opcode Fuzzy Hash: f1a2498e1f61bcbfa9ee760554966cdee44989bcb88d231578db9c1ada53c35c
Instruction Fuzzy Hash: 05E0E570A102588BCB54EB64E8457DCBB71FB89341F00C999E50A63384CF705E85CFA0

Function 01201F00 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774652f11a7de1058facffa05472e93264444f9706659cac39df08a351fb3d45
Instruction ID: bce05ad760d5fb98d6d32bba93c2f7797ff1241acf3c85bb45ae64c5f78815f6
Opcode Fuzzy Hash: 774652f11a7de1058facffa05472e93264444f9706659cac39df08a351fb3d45
Instruction Fuzzy Hash: 8CD09E382449048F8748AF68E58492577E6BB48A153104595E94DCB369DA31DC159B94

Function 0603C706 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b78d3aa9ce0ebfd91d00e6d5d25cd1d7183501a2a6fa6458120f7edd9f53607b
Instruction ID: 1c895732525736b4d3d82cadb0af8077c48325e38948f8c5b51db2b825e51908
Opcode Fuzzy Hash: b78d3aa9ce0ebfd91d00e6d5d25cd1d7183501a2a6fa6458120f7edd9f53607b
Instruction Fuzzy Hash: 9CE0B6B4A0422A8FDF60EF24D94879ABBB1FB44305F0051E9950DA3384DB705EC5CF44

Function 06023915 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb108c8df1081a9ff5aefa330dbb4ffbc216553a96625fa294c14babe8abf10a
Instruction ID: 1b9749299a9be38ff77f687dd3424a5616193efdcc4e5c6d79dc76cbe8a58f4a
Opcode Fuzzy Hash: bb108c8df1081a9ff5aefa330dbb4ffbc216553a96625fa294c14babe8abf10a
Instruction Fuzzy Hash: B0D012B055532D8FCB44AF26E88479D7EF1BF44300F10869584095B304DA7059CA4F85

Function 060343B8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 121f2bbc20f232d3f4ebba197f7f964629a519b797d8518640d6b50dc0d55db0
Instruction ID: 4d219af121db6b82c127b169a66016b9341fbffc3797dbea2806b08356eef7c8
Opcode Fuzzy Hash: 121f2bbc20f232d3f4ebba197f7f964629a519b797d8518640d6b50dc0d55db0
Instruction Fuzzy Hash: 97D0C936210A04AFC700DF68E480E407BA8FB08B98F019054F5058B232C735E8129B50

Function 060320A0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc93ceb2ba8865bb9754c567d3e4d30a4336f4211ddd730e91a96b9a4c2456f1
Instruction ID: 56fbfa83358630837dcb43a63345fed5257e8b275ad256e685422679ed2d41a7
Opcode Fuzzy Hash: bc93ceb2ba8865bb9754c567d3e4d30a4336f4211ddd730e91a96b9a4c2456f1
Instruction Fuzzy Hash: 30D0C935101504DFC300DB6CF485E847FA8EB08B60F018450F5498F231C631E852CB48

Function 062AE060 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df891bae911f808669ca6c2232bb4c8f061b827a531eaef685caff07f0e99e08
Instruction ID: 9b387fd761436f3b89bac9af5cf73f3da690f33a462b9be72d4ed81cadafbe36
Opcode Fuzzy Hash: df891bae911f808669ca6c2232bb4c8f061b827a531eaef685caff07f0e99e08
Instruction Fuzzy Hash: 14C08C300AFB07CBC2801284650A37836AC6702311F0029017E8C100652EE00245E1E2

Function 01200D21 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0162b2d237eb365b631aaa726dbef6e8a7648e6b803a94fbb10a008d4302477f
Instruction ID: 1b02b35a804321918f6e1f93e09b208bd0d4df9bc44b772e3fb38450baaa85ad
Opcode Fuzzy Hash: 0162b2d237eb365b631aaa726dbef6e8a7648e6b803a94fbb10a008d4302477f
Instruction Fuzzy Hash: C5D0A931924021CFF7268F099C806A9B3A8BA097923964A25E64A63023C330ED028B48

Function 0120D0E0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaaa617c41e97db7bd9e7accd35bb5e5b9461440f6e70a7014d0e6bda2a47b16
Instruction ID: 867061a15c8dd0f01ea09c4e81bb7a75705f391f21dec533bc39881d00331584
Opcode Fuzzy Hash: eaaa617c41e97db7bd9e7accd35bb5e5b9461440f6e70a7014d0e6bda2a47b16
Instruction Fuzzy Hash: 4AC08C300A7309CBEA80BBF8B80E37C7F686B04322F001512FB0E204A1CE780082C6B7

Function 01200901 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2d344f6fe27e40c79a9dbf6416560cfc5eab5efef3f7a91f02354a499404dd
Instruction ID: f2c6c95cae8c2ba84364a38a4da316eaf11191e9cfe79f7c0d7539893d817e0a
Opcode Fuzzy Hash: 4f2d344f6fe27e40c79a9dbf6416560cfc5eab5efef3f7a91f02354a499404dd
Instruction Fuzzy Hash: 2EC04C7619E3C18FDF038B7599541687F75AD9332631782D7C0458A567C15C084AD732

Function 01201FE1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b58d50efe0ffabb8db003e68ef1776e92884e366d3c9b6cb8602edb5599b41c
Instruction ID: c35681f86f397d2a53f8e14484296db7350ced3d4cc80495fc27b83a1218d9ff
Opcode Fuzzy Hash: 0b58d50efe0ffabb8db003e68ef1776e92884e366d3c9b6cb8602edb5599b41c
Instruction Fuzzy Hash: EAC08CB109C3814FC7026B3044554203F74AD8321674600C9C0408B072E61A0425CB62

Function 06035E70 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ae6d2a2b937c5bed56ee010e2742ed8ac2870d77d93281992a87afb5b327ec
Instruction ID: 98c9064e521ba253800f7e246a1bd26bc761913be0b2b95184455bc198a5bfca
Opcode Fuzzy Hash: 64ae6d2a2b937c5bed56ee010e2742ed8ac2870d77d93281992a87afb5b327ec
Instruction Fuzzy Hash: 0FD012B0200100DFC744CB14D185A1A7F62F785385F128514F40647324CB39AC53CB01

Function 0602AF50 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d864c76c5d3209df452159f161095fdb38f487881e06e57fd66a5a23c85231
Instruction ID: ff70853a5d8de915ca4a2c90ae03adfc3e85107b5e330703ad7e6dad80ab05e4
Opcode Fuzzy Hash: f4d864c76c5d3209df452159f161095fdb38f487881e06e57fd66a5a23c85231
Instruction Fuzzy Hash: C5C0022185E781DFC7234710551A0A1BF745F532107858DCAE88697557D5151815CB63

Function 01201A41 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ae03f09c59f9367ecd73bacf89e900bb8fcf7f2ed8b52ddfb3b3c551400ea6c
Instruction ID: 236dee2a76de8ca6cecc139ccc5541da6294fc49ead9d188f54ae5512aeff9e1
Opcode Fuzzy Hash: 4ae03f09c59f9367ecd73bacf89e900bb8fcf7f2ed8b52ddfb3b3c551400ea6c
Instruction Fuzzy Hash: 7FC08C34E16204CFCB02DF68E54835C33B2B749302FA44262E042A2387CA30CDA1CB01

Function 060320B0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 060365A8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab58b50e18873920c402de4ceac74bbc4c1b5b4d35489dc4fd2ac7bcc1533cb
Instruction ID: 1773254355b2a5b2a8379fe2d5ce88f5f86ff0d3c5c508e5f26998552a178128
Opcode Fuzzy Hash: 6ab58b50e18873920c402de4ceac74bbc4c1b5b4d35489dc4fd2ac7bcc1533cb
Instruction Fuzzy Hash: D6B0923200420CEB87019B84EC4495ABB69AB58700B148029A6090A1218B72A862DAD4

Non-executed Functions

Function 012094C1 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

4'^q, xrefs: 012095B2
4'^q, xrefs: 01209587

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: c528bffeecd8f19d29c951a03dfeb70e6c112f348fc25782262e6aa46cc193ea
Instruction ID: 594ffd9320ee7ccf57437651d83b11fa3f2d1742d78db4b032e5512338c31e53
Opcode Fuzzy Hash: c528bffeecd8f19d29c951a03dfeb70e6c112f348fc25782262e6aa46cc193ea
Instruction Fuzzy Hash: EB71FAB1A056059FDB48EF6BED5179EBBF2BF88300F14C12AD0049B369DF74594A8B90

Function 012094D0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 012095B2
4'^q, xrefs: 01209587

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: daa4962efed7d01d3ca84c03a5ac22ae9232d2c9fb4d36b90431c5fc4f3b9d5b
Instruction ID: 5ccfb859552c567303407b98f9e590ea7abe78ff21147fd58866326074529255
Opcode Fuzzy Hash: daa4962efed7d01d3ca84c03a5ac22ae9232d2c9fb4d36b90431c5fc4f3b9d5b
Instruction Fuzzy Hash: 24710CB1A056059FD748EF6BED5179EBBF2BF88300F14C12AD0049B369DF74594A8B80

Function 0603A860 Relevance: 1.5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

Strings

dbq, xrefs: 0603AA0A

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: d14e84d36dd4b8c4d5c37cd344279bbc9ad02e23d8851fa03016d2cea7ee15d0
Instruction ID: ef72a5fd89db7977bfece94f104a438fa55f399c51a5429f4cdc6f8eca4eb476
Opcode Fuzzy Hash: d14e84d36dd4b8c4d5c37cd344279bbc9ad02e23d8851fa03016d2cea7ee15d0
Instruction Fuzzy Hash: EF913470E04218CFEB54EFA9D844BADBBB6FB4A301F10816AE149A7384DBB45985CF41

Function 0603A850 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

dbq, xrefs: 0603AA0A

Memory Dump Source

Source File: 00000000.00000002.1679928945.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6030000_file.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: c5771dfbc3952b068bb6e157aecc8b902bc731e3bc0724f3b2a7c1f1f0325372
Instruction ID: aa58a091b62723bbdd401d78b173cc44f92f44deadae4e0f271384411631b217
Opcode Fuzzy Hash: c5771dfbc3952b068bb6e157aecc8b902bc731e3bc0724f3b2a7c1f1f0325372
Instruction Fuzzy Hash: B7913370E44218CFEB54EFA9E844BADBBF6FB4A301F10816AE149A7394DB745985CF40

Function 06000040 Relevance: 1.4, Strings: 1, Instructions: 126COMMON

Download Yara Rule

Strings

s, xrefs: 06004296

Memory Dump Source

Source File: 00000000.00000002.1679849378.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6000000_file.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 12599c0ba0a0f992bfd2685edf5080819cb158af43aa24c43a3f0fbb6d3eb7f7
Instruction ID: 82f1c017bd70e895be6aff0024bc650b9fc5002d92552a9f958ed33a747ba861
Opcode Fuzzy Hash: 12599c0ba0a0f992bfd2685edf5080819cb158af43aa24c43a3f0fbb6d3eb7f7
Instruction Fuzzy Hash: C2512B71D056598BEB68CF2B8D447DAFAF3AFC9300F04C1FA994CA6255EB700AC58E51

Function 06020006 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

W, xrefs: 06020130

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: a18c239635babda21feeee8e778a4b319e683ba550456e957e5700d6700112a6
Instruction ID: 5b661e70cb76c9d4934d4bd3501fdf49d719db80ca207f9f353010c1375d24a2
Opcode Fuzzy Hash: a18c239635babda21feeee8e778a4b319e683ba550456e957e5700d6700112a6
Instruction Fuzzy Hash: 91415C71D05A548FE759CF6B9D5029AFFF3AFC9201F18C4BAC44CAA265EB3409868F11

Function 06020040 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

W, xrefs: 06020130

Memory Dump Source

Source File: 00000000.00000002.1679889794.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6020000_file.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 9bbc7776a08a78ba92c4d37102baba8eb4de4c368b4251e5f55967154cdc9b61
Instruction ID: d51511ad25f5f998804df4944ea4a776cf682c75a233ba59a4b3db1868ee788d
Opcode Fuzzy Hash: 9bbc7776a08a78ba92c4d37102baba8eb4de4c368b4251e5f55967154cdc9b61
Instruction Fuzzy Hash: 66414D71E05A588BEB58CF6BDD4479EFAF3AFC8305F14C1B9940DA6254DB3409868F11

Function 05FED768 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e27110f8d63d53a94382d743d92f1b7ed56b4d56fde098ddf8e2e5989a16497
Instruction ID: 735280d06bb9126467c605f6b70ab2644ee1a3728bf89c883a1f97a905cdd7c8
Opcode Fuzzy Hash: 8e27110f8d63d53a94382d743d92f1b7ed56b4d56fde098ddf8e2e5989a16497
Instruction Fuzzy Hash: 0BE1D470D0421CCFDB24DFA9C885B9DBBB2BF49304F1481AAD819B7290EB749A85CF55

Function 06153AD1 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7cec631fbdcbd5c77fad805fb31e2e45f1d7c9819dd748f9664052218c90b8
Instruction ID: ce639fd1cb6b0a34d2db553a01717b05c71d1c3ed6fb1f2577452c088fd581fe
Opcode Fuzzy Hash: 7f7cec631fbdcbd5c77fad805fb31e2e45f1d7c9819dd748f9664052218c90b8
Instruction Fuzzy Hash: F2913570E05618CFDB58EF6AD484BADBBF1BF49300F11856AE829A7391EB705945CF80

Function 06153AE0 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fdb046935545ee86a30a1210d74fa16b6642a4c3d4fa8dbbf5ef34088033211
Instruction ID: f78e0855c85925ad712ccc1711552e9c0f4d947d69a5d9737f5ac61720b4097c
Opcode Fuzzy Hash: 6fdb046935545ee86a30a1210d74fa16b6642a4c3d4fa8dbbf5ef34088033211
Instruction Fuzzy Hash: 51913670E05618CFDB58EF69D484BADBBF1BF49300F12856AE829A7394EB705945CF80

Function 06153BDD Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edb7a53a351e74989fde006976962a6f13495ccfbe80823f2993dcd88cb9be0
Instruction ID: c767f90835aa6f4f9daf8fd4a10593c6373339745ca0662dd287ab5a0bc99ee1
Opcode Fuzzy Hash: 6edb7a53a351e74989fde006976962a6f13495ccfbe80823f2993dcd88cb9be0
Instruction Fuzzy Hash: AF912470E04618CFDB58EF6AD484BADBBF1BF49340F12856AD429A7394EB709981CF40

Function 062ADC70 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d36814901e27ce825e5e759649df8f5444781ede66e81b30fda2666824f2c6b
Instruction ID: 068ca5e52dab27557d64e1be0ea8b74e862888193a0c26bf0ac483ab94ea6b20
Opcode Fuzzy Hash: 3d36814901e27ce825e5e759649df8f5444781ede66e81b30fda2666824f2c6b
Instruction Fuzzy Hash: 1D810770E24318CFEBA4DF69C844B9DBBB2BF49300F5088A9D909AB651DBF05985CF51

Function 06152E90 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f62f83552bcf1a5fc5ab94c3a137a62c4552d96fc1c4e81e212e87fbf07baebd
Instruction ID: d872056bbcbb13b1054168d76069f4216996b0277233f330bdef5a13eb086c13
Opcode Fuzzy Hash: f62f83552bcf1a5fc5ab94c3a137a62c4552d96fc1c4e81e212e87fbf07baebd
Instruction Fuzzy Hash: 24514A71E05218DFDB48DFAAD8446EEBBF1BF49300F118529D429A7354D7745A41CF90

Function 06152E83 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680032564.0000000006150000.00000040.00000800.00020000.00000000.sdmp, Offset: 06150000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6150000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcbbb34e6f1b577c0ddf9b6bf4db66acf0af6c5427e64a3db2f47fa9dd492f74
Instruction ID: 9f19c584b9e7fa28755d0c0b61a6ad83742cc7bd701ff1d117b313e7386a48a6
Opcode Fuzzy Hash: bcbbb34e6f1b577c0ddf9b6bf4db66acf0af6c5427e64a3db2f47fa9dd492f74
Instruction Fuzzy Hash: D7514971E45218CFDB88DFAAD8446EEBBF2BF48300F11852AD429A7354DB745A41CF90

Function 01209AF8 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e1e4d4524cc125ee794abb5a579a9bc4d1e2bf41b8ceee3d4a3cffa97efbe7
Instruction ID: ca14ac66322da6b3f3faca7cf526f1d7a19c96a38cc9a3964ec6a1c4d773ecec
Opcode Fuzzy Hash: f4e1e4d4524cc125ee794abb5a579a9bc4d1e2bf41b8ceee3d4a3cffa97efbe7
Instruction Fuzzy Hash: 3F51BAB0D156288BEB65CF2ACD48799FAF2BB88305F14C2E9D40DA6295DB740AC5CF00

Function 06000028 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679849378.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6000000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ee7790003006efe3a95628642b4f9454f434ad5e0d7bc7b70fd3915a41d725
Instruction ID: dc2559a64ddea74f7f3f0896b112d0457981ab8fa402936041d171e8d3a1d497
Opcode Fuzzy Hash: 57ee7790003006efe3a95628642b4f9454f434ad5e0d7bc7b70fd3915a41d725
Instruction Fuzzy Hash: 25513F71D056598BE76DCF2B8D512CAFAF3BFC9300F04C1FA994CA6265EB7009858E51

Function 0600D848 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679849378.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6000000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63d90c202ef24935efe23ed1c1f2b6b52bc640347837a753f81a9a49590b0ad
Instruction ID: c8177f12d77223e58fbf2715a2655b1a77730343016b0d9ba1dc9c107f4c0b1e
Opcode Fuzzy Hash: d63d90c202ef24935efe23ed1c1f2b6b52bc640347837a753f81a9a49590b0ad
Instruction Fuzzy Hash: 0141DCB0D002489FEB54CFE9D984B9DBFF1AF09314F20902AE818BB290D7749885CF95

Function 05FE9948 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f325125bdd0762f2a231e3893b2db949150b64d93d1627cea612780982f2098
Instruction ID: a516f90e31d300f3093320bd5bb5539e84c1417a17d600143f95e594279d0ad5
Opcode Fuzzy Hash: 0f325125bdd0762f2a231e3893b2db949150b64d93d1627cea612780982f2098
Instruction Fuzzy Hash: A441FFB5D04258DFCB00CFA9D580AEEFBF5AF49310F14902AE455B7240C778AA85CFA4

Function 05FE9950 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2653fbec84a52547b5fccf7ca2c5086fcfb546f2446bc7353950bdebded5b249
Instruction ID: 5e5711f57cae840c60c3ed39405be417e56ef26e923969fc03cf0ea0e0aeb98f
Opcode Fuzzy Hash: 2653fbec84a52547b5fccf7ca2c5086fcfb546f2446bc7353950bdebded5b249
Instruction Fuzzy Hash: 3F41EEB5D04258DFCB00CFA9D584AEEFBF5AF49310F14902AE455B7240C778AA85CFA4

Function 01209AE8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658000306.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1200000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a90186f18eea3b400966a04d04df13b9910590187d5e9bc4ac15aa49ec431249
Instruction ID: f130b6fe6936e208d0be7151c5ac48a433b258c4f15c8c9eeef652aa50d21834
Opcode Fuzzy Hash: a90186f18eea3b400966a04d04df13b9910590187d5e9bc4ac15aa49ec431249
Instruction Fuzzy Hash: C931AAB1D016188BEB68CF6BCD5578EFAF3AFC8304F14C1A9D40CA6265EB700A858F51

Function 0629001D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a450b9033a71c5fe872c1652b8b24d12e0ff99f0d1fa939e722e019d78239f
Instruction ID: e58020f91d58dc8ad9d801f63bf255c69f96ba828c9d6b047b14ac4232733509
Opcode Fuzzy Hash: d9a450b9033a71c5fe872c1652b8b24d12e0ff99f0d1fa939e722e019d78239f
Instruction Fuzzy Hash: 6D31F971D087598FEB69CF6B8C58299BBF3AFC9300F04C0EAD44CAA255D7740A868F11

Function 05FE4B40 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7249500525c930e855dc7b632e182a83dd15c7c7f71f0d93ce4725358cc1179d
Instruction ID: 7e36fa02cbbf9c53441d86668dbd0dd71fcf4205171494618cc551a6733fc018
Opcode Fuzzy Hash: 7249500525c930e855dc7b632e182a83dd15c7c7f71f0d93ce4725358cc1179d
Instruction Fuzzy Hash: 1421DEB5D042189FCB14CFA9D985AEEFBF5BB49320F14902AE815B7210C735A945CFA4

Function 06290040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50df5b21c5c91d5eae2d47bb725449e443cdcd1c08857dda632d7d54bc4bb373
Instruction ID: 767d87e0485ceb724408f348e5635531f6ff3ca36b032a2d6d193f4cef9c35c3
Opcode Fuzzy Hash: 50df5b21c5c91d5eae2d47bb725449e443cdcd1c08857dda632d7d54bc4bb373
Instruction Fuzzy Hash: C021BC71D146198BEB68CF5B9C4479AF6F7BFC9300F04D0BAD90CA6254DBB40A858F51

Function 05FE4B48 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679769828.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af9166d7aceefd863c1ef2f6251a42cc045ab10763db1de2d951be556e76d2ae
Instruction ID: b7e60101c19f6ec9dea9ebd2e7f657bd4e6ee70cdb3538ae979c8aac01ecf99e
Opcode Fuzzy Hash: af9166d7aceefd863c1ef2f6251a42cc045ab10763db1de2d951be556e76d2ae
Instruction Fuzzy Hash: 7221CEB5D042189FCB14DFA9D984AEEFBF5FB49320F10902AE815B7210C739A945CFA4

Function 062AA258 Relevance: 6.3, Strings: 5, Instructions: 77COMMON

Download Yara Rule

Strings

(o^q, xrefs: 062AAD96
-, xrefs: 062AA2A8
\s^q, xrefs: 062AADF6
(o^q, xrefs: 062AADAC
, xrefs: 062AAE55

Memory Dump Source

Source File: 00000000.00000002.1680313405.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6290000_file.jbxd

Similarity

API ID:
String ID: $(o^q$(o^q$-$\s^q
API String ID: 0-598160602
Opcode ID: ae2ab687960638ace6007623598d882d3d45f2ff6f64c488a2e4d3144b30f33b
Instruction ID: c26053752fa6c6f3b265855408abc1866a8ed980fa5a77d9a6f7d4e72014be7f
Opcode Fuzzy Hash: ae2ab687960638ace6007623598d882d3d45f2ff6f64c488a2e4d3144b30f33b
Instruction Fuzzy Hash: 5D31D570E14229CFEB64CF69C844BEDB7B6BF49301F4081AAD919A7254DBB05A84CF91

Analysis Process: InstallUtil.exePID: 6392, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	20.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	4
Total number of Limit Nodes:	0

Executed Functions

Function 02B52CF8 Relevance: 1.9, APIs: 1, Instructions: 424
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 02B52DB7

Memory Dump Source

Source File: 00000001.00000002.2892214151.0000000002B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b50000_InstallUtil.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 5f6ffb1167d836dcbd1038792153a7b13e004f4763e201248349cccab6df3251
Instruction ID: 855f09ec93d7985c08e067ed4d7858b0d4c2864370eef91c1327b1d09c2bdda3
Opcode Fuzzy Hash: 5f6ffb1167d836dcbd1038792153a7b13e004f4763e201248349cccab6df3251
Instruction Fuzzy Hash: E3025674D01229CFDB24EF64D998BAEBBF2FB4A304F1094A9D409A7394DB744A85CF50

Function 02B52CE8 Relevance: 1.9, APIs: 1, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 02B52DB7

Memory Dump Source

Source File: 00000001.00000002.2892214151.0000000002B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b50000_InstallUtil.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8e2878ac9a79cb234d58b41ed98cb417dcb15ebef74cc506c2a0e65d9668fc3d
Instruction ID: 6481a5a689096a9a1ff00fdfbf8a89eea402557825dbed80adf75093ae138672
Opcode Fuzzy Hash: 8e2878ac9a79cb234d58b41ed98cb417dcb15ebef74cc506c2a0e65d9668fc3d
Instruction Fuzzy Hash: 3CF15774D01229CFDB24DF64D9587AEBBF2FB4A304F1084A9D419AB394DB744A85CF50

Function 02B539E9 Relevance: .1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2892214151.0000000002B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a520672439474056c85073ca80b365134c29a529af4bb5ad6da4f8e6926ea021
Instruction ID: 6afee4b0d23cc31eca265d33b68abbccd7fbb6d63c17ea0dc14d25c2680ef18e
Opcode Fuzzy Hash: a520672439474056c85073ca80b365134c29a529af4bb5ad6da4f8e6926ea021
Instruction Fuzzy Hash: 4241D2B4D01218DFCB08DFAAD5846DDBBF2AF49304F1094A9E819BB354DB359946CF50

Function 0101D4C8 Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2891825478.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_101d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea56337968ca534a8d0b192a2c293230ab3879dc4d11e9a78cc2c7eb466a09c
Instruction ID: b11c4a160b6922b59c57e18cef09fcd59a95b60f1bb670ce334b1cef741b2797
Opcode Fuzzy Hash: 9ea56337968ca534a8d0b192a2c293230ab3879dc4d11e9a78cc2c7eb466a09c
Instruction Fuzzy Hash: 46213771540200DFDB15DF58D9C8B2BBFA5FB88318F20C5ADE9490B25AC33AD456C7A1

Function 0101D3DC Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2891825478.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_101d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b7019e85d6c263038e78acf7861511574ac693db432213626b3773aa7a9b8f
Instruction ID: 269a8ee5200e0099dd75895a51c2a51d9078df722b3b0bb2c97b3b305c775f4d
Opcode Fuzzy Hash: b7b7019e85d6c263038e78acf7861511574ac693db432213626b3773aa7a9b8f
Instruction Fuzzy Hash: 6B216A71580204DFDB05DF98D9C8B5BBFA6FB88314F20C1A9E9490B25AC73EE446C7A1

Function 0101D4C3 Relevance: .1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2891825478.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_101d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 77ee2ee9aff5d8ca0c0dd27d4d23d2c5158c38be4fa9371d0842dfa60592a4cd
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 4611B176504240CFDB16CF54D5C8B16BFB2FB94318F24C6A9D9490B25AC33AD45ACBA1

Function 0101D3D7 Relevance: .1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2891825478.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_101d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 22b0d748d786fdf781164db05e1361ee069f9f850fdead88c1e2f233bff779a3
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 0D110372444240CFDB06CF44D5C4B56BFB2FB94324F24C2A9D9490B65BC33AE45ACBA2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\helloworld.txt

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: file.exePID: 6280, Parent PID: 2580

Windows Analysis Report
file.exe

Function 0120D348 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 05FE2DF8 Relevance: 3.1, Strings: 2, Instructions: 637
COMMON

Function 06027F40 Relevance: 3.0, Strings: 2, Instructions: 458
COMMON

Function 06027F30 Relevance: 2.9, Strings: 2, Instructions: 449
COMMON

Function 0602D5C8 Relevance: 2.9, Strings: 2, Instructions: 403
COMMON

Function 0602806B Relevance: 2.9, Strings: 2, Instructions: 365
COMMON

Function 0120EEF8 Relevance: 6.6, Strings: 5, Instructions: 337
COMMON

Function 060355B0 Relevance: 5.2, Strings: 4, Instructions: 204
COMMON

Function 06033B40 Relevance: 4.1, Strings: 3, Instructions: 356
COMMON

Function 0602EA99 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Function 0602DC60 Relevance: 2.7, Strings: 2, Instructions: 179
COMMON