Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1561634
MD5:2699448f43fe2a97c2cf07bf56fe92f3
SHA1:672e4bdd08082c99ed7adba3799288c22f50338e
SHA256:a4ac352fe49d6162961007d64b2ac23413cc5575ea17b61a91f6d808795e994b
Tags:exeuser-Bitsight
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4252 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2699448F43FE2A97C2CF07BF56FE92F3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h]0_2_00CBE0D8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax0_2_00CEF8D0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, eax0_2_00CEF8D0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h0_2_00CEBCE0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, eax0_2_00CEB8E0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00CEB8E0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+14h]0_2_00CB98F0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00CBBC9D
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, ebp0_2_00CB5C90
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, ebp0_2_00CB5C90
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00CD8CB0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh0_2_00CEC040
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh0_2_00CEC040
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h0_2_00CEC040
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh0_2_00CEC040
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax0_2_00CEB860
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00CD0870
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_00CBC02B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+14h]0_2_00CBE970
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]0_2_00CBAD00
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [edi]0_2_00CD5E90
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], cx0_2_00CBEA38
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h]0_2_00CB77D0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax0_2_00CB77D0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-65h]0_2_00CBE35B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch]0_2_00CF0F60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], bl0_2_00CBCF05
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE4470 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00CE4470
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE4470 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00CE4470
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB89A00_2_00CB89A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB6CC00_2_00CB6CC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBE0D80_2_00CBE0D8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB94D00_2_00CB94D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEF8D00_2_00CEF8D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE24E00_2_00CE24E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEB8E00_2_00CEB8E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB98F00_2_00CB98F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF0C800_2_00CF0C80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB5C900_2_00CB5C90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD8CB00_2_00CD8CB0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB68400_2_00CB6840
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB40400_2_00CB4040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEC0400_2_00CEC040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD08700_2_00CD0870
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB542C0_2_00CB542C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE90300_2_00CE9030
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE41D00_2_00CE41D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB35800_2_00CB3580
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF15800_2_00CF1580
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB61A00_2_00CB61A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBE9700_2_00CBE970
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD3D700_2_00CD3D70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBAD000_2_00CBAD00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC95300_2_00CC9530
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB5AC90_2_00CB5AC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB4AC00_2_00CB4AC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD5E900_2_00CD5E90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD06500_2_00CD0650
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB92100_2_00CB9210
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBB2100_2_00CBB210
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD7E200_2_00CD7E20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB77D00_2_00CB77D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB27D00_2_00CB27D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB2B800_2_00CB2B80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEC7800_2_00CEC780
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD17900_2_00CD1790
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE87B00_2_00CE87B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCFB600_2_00CCFB60
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF0F600_2_00CF0F60
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD87700_2_00CD8770
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBCF050_2_00CBCF05
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCDB300_2_00CCDB30
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: sus24.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE9030 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,0_2_00CE9030
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC5057 push eax; iretd 0_2_00CC5058
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC8028 push esp; ret 0_2_00CC802B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC642B push esp; ret 0_2_00CC6438
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC81DA push eax; iretd 0_2_00CC81DB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC8100 push esp; iretd 0_2_00CC8102
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC811F push esp; iretd 0_2_00CC8135
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4BB8 push esp; iretd 0_2_00CC4BD4
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-6212
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEDF70 LdrInitializeThunk,0_2_00CEDF70
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping2
System Information Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop Protocol2
Clipboard Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1561634
Start date and time:2024-11-24 02:22:04 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:SUS
Classification:sus24.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.844134547555611
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:file.exe
File size:314'368 bytes
MD5:2699448f43fe2a97c2cf07bf56fe92f3
SHA1:672e4bdd08082c99ed7adba3799288c22f50338e
SHA256:a4ac352fe49d6162961007d64b2ac23413cc5575ea17b61a91f6d808795e994b
SHA512:8cb00120efae52c666235edbc33412cbac8e731fd247340ed76b4ca10602532bbf97bb9b81e8af7d348e65598f4847dc59db761afc470c0ee10f1426a564aa9d
SSDEEP:6144:uo4HXvnCuQlBHyS0zIrm09/67XQIPwES4J3PjYTMMA:p4HXvA7HyYyK/QCEtJfjYTM
TLSH:0C649D0ADB3395A1D987547862CEB33F9D341B0153348EE7DBC4DEC66823EE19936A06
File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...Q<?g..........................................@.......................................@..................................;.....

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x4089a0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0x673F3C51 [Thu Nov 21 13:57:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:efd5a1321fb3549606827ae52de6c65d

Entrypoint Preview

Instruction
push ebp
push ebx
push edi
push esi
sub esp, 00000234h
call 00007F0158852F26h
test al, al
je 00007F015881F062h
lea eax, dword ptr [esp+2Ch]
push 00000000h
push 00000010h
push eax
push 00000000h
call dword ptr [00443D20h]
call 00007F015884C9B8h
test al, al
je 00007F015881F03Fh
call dword ptr [00443D38h]
mov ebx, eax
call dword ptr [00443D34h]
mov edx, 92A9E86Dh
mov esi, A1396FFBh
mov ecx, ebx
shrd esi, edx, cl
mov dword ptr [esp+14h], eax
shr edx, cl
test bl, 00000020h
je 00007F015881ED66h
mov esi, edx
xor edx, edx
mov eax, esi
xor eax, A1396FFBh
mov dword ptr [esp], eax
mov dword ptr [esp+10h], esi
mov ecx, esi
mov edi, esi
xor ecx, 5EC69004h
mov dword ptr [esp+0Ch], ecx
and ecx, 0C9A8831h
and eax, F36577CEh
or eax, ecx
mov ebp, edx
xor ebp, 92A9E86Dh
mov esi, edx
mov ebx, edx
xor edx, 6D561792h
mov dword ptr [esp+20h], edx
and edx, B02F9AF5h
mov ecx, ebp
mov dword ptr [esp+1Ch], ebp
and ecx, 4FD0650Ah
or ecx, edx
xor edi, 01004349h
xor eax, 095ACB78h
and edi, 05C04349h
or edi, eax

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x43bcd0x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x3e34.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x43d180xbc.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x408a90x40a008a46d6ae9b5b01b1dd90720ae7d64007False0.5540906068665378data6.7016028228100835IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x420000x20a70x220024a8f09a7e46ddc621819240dcf1e29dFalse0.4619715073529412data6.51463268349717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x450000x1008c0x5a0090ce7b6f17ea05d1c477c34c603dec62False0.5654079861111111data6.6085821044949355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT0x560000x40x200ccfa490aa10bd5cdb00c372c749d720eFalse0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x570000x3e340x4000dff6c95eed4f601e4410770cdd6d5904False0.4940185546875data6.427756711499859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
SHELL32.dllSHEmptyRecycleBinW, SHGetFileInfoW, SHGetSpecialFolderPathW
KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
USER32.dllCloseClipboard, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, OpenClipboard, ReleaseDC
GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, GetPixel, SelectObject, StretchBlt
ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:20:22:56
Start date:23/11/2024
Path:C:\Users\user\Desktop\file.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\file.exe"
Imagebase:0xcb0000
File size:314'368 bytes
MD5 hash:2699448F43FE2A97C2CF07BF56FE92F3
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:1.4%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:71.1%
    Total number of Nodes:225
    Total number of Limit Nodes:15
    execution_graph 6478 cbdd68 6483 cb1ba0 6478->6483 6484 cb1bae 6483->6484 6437 cbe88f 6438 cbe88e 6437->6438 6438->6437 6440 cbe89c 6438->6440 6443 cedf70 LdrInitializeThunk 6438->6443 6442 cbe948 6440->6442 6444 cedf70 LdrInitializeThunk 6440->6444 6443->6440 6444->6442 6467 cbd7e2 GetSystemDirectoryW 6468 cbd81d 6467->6468 6210 cb89a0 6211 cb89af 6210->6211 6212 cb8cb3 ExitProcess 6211->6212 6213 cb89b7 SHGetSpecialFolderPathW 6211->6213 6214 cb89cd 6213->6214 6215 cb8ca9 6214->6215 6216 cb89d5 GetCurrentThreadId GetCurrentProcessId 6214->6216 6215->6212 6217 cb89fd 6216->6217 6218 cb8a01 GetForegroundWindow 6216->6218 6217->6218 6219 cb8be0 6218->6219 6219->6215 6221 cbce80 CoInitializeEx 6219->6221 6446 cbce60 GetPixel 6222 cd1960 6223 cd19d8 6222->6223 6228 cc9530 6223->6228 6225 cd1a84 6226 cc9530 LdrInitializeThunk 6225->6226 6227 cd1b29 6226->6227 6229 cc9560 6228->6229 6240 cf0480 6229->6240 6231 cc9756 6237 cc9783 6231->6237 6239 cc96ca 6231->6239 6244 cf0880 6231->6244 6232 cc974b 6250 cf07b0 6232->6250 6233 cc962e 6233->6231 6233->6232 6234 cf0480 LdrInitializeThunk 6233->6234 6233->6237 6233->6239 6234->6233 6237->6239 6254 cedf70 LdrInitializeThunk 6237->6254 6239->6225 6239->6239 6242 cf04a0 6240->6242 6241 cf05be 6241->6233 6242->6241 6255 cedf70 LdrInitializeThunk 6242->6255 6246 cf08b0 6244->6246 6245 cf09ae 6245->6237 6248 cf08fe 6246->6248 6256 cedf70 LdrInitializeThunk 6246->6256 6248->6245 6257 cedf70 LdrInitializeThunk 6248->6257 6251 cf07e0 6250->6251 6251->6251 6252 cf082e 6251->6252 6258 cedf70 LdrInitializeThunk 6251->6258 6252->6231 6254->6239 6255->6241 6256->6248 6257->6245 6258->6252 6421 cebce0 6422 cebd5a 6421->6422 6423 cebcf2 6421->6423 6423->6422 6424 cebd52 6423->6424 6429 cedf70 LdrInitializeThunk 6423->6429 6424->6424 6425 cebede 6424->6425 6430 cedf70 LdrInitializeThunk 6424->6430 6425->6422 6431 cedf70 LdrInitializeThunk 6425->6431 6429->6424 6430->6425 6431->6422 6490 cbcf05 6491 cbcf20 6490->6491 6496 ce9030 6491->6496 6493 cbcf7a 6494 ce9030 10 API calls 6493->6494 6495 cbd3ca 6494->6495 6497 ce9090 CoCreateInstance 6496->6497 6499 ce9145 SysAllocString 6497->6499 6501 ce9688 6497->6501 6502 ce91df 6499->6502 6501->6493 6503 ce91ea CoSetProxyBlanket 6502->6503 6504 ce9674 SysFreeString 6502->6504 6505 ce966a 6503->6505 6506 ce920a SysAllocString 6503->6506 6504->6501 6505->6504 6508 ce92e0 6506->6508 6508->6508 6509 ce930d SysAllocString 6508->6509 6511 ce9334 6509->6511 6510 ce9658 SysFreeString SysFreeString 6510->6505 6511->6510 6512 ce9647 6511->6512 6513 ce937f VariantInit 6511->6513 6512->6510 6515 ce93d0 6513->6515 6514 ce9636 VariantClear 6514->6512 6515->6514 6259 cf02c0 6261 cf02e0 6259->6261 6260 cf041e 6261->6260 6263 cedf70 LdrInitializeThunk 6261->6263 6263->6260 6452 cf0a00 6454 cf0a30 6452->6454 6453 cf0b2e 6456 cf0a7e 6454->6456 6458 cedf70 LdrInitializeThunk 6454->6458 6456->6453 6459 cedf70 LdrInitializeThunk 6456->6459 6458->6456 6459->6453 6474 cbe35b 6475 cbe361 6474->6475 6476 cbe370 CoUninitialize 6475->6476 6477 cbe3a0 6476->6477 6264 cbe0d8 6265 cbe100 6264->6265 6267 cbe16e 6265->6267 6282 cedf70 LdrInitializeThunk 6265->6282 6269 cbe22e 6267->6269 6283 cedf70 LdrInitializeThunk 6267->6283 6284 cd5e90 6269->6284 6271 cbe29d 6292 cd6190 6271->6292 6273 cbe2bd 6302 cd7e20 6273->6302 6277 cbe2e6 6318 cd8c90 6277->6318 6279 cbe2ef 6321 ce4470 OpenClipboard 6279->6321 6282->6267 6283->6269 6291 cd5f30 6284->6291 6285 cd6026 6329 cd1790 6285->6329 6286 cd60b5 6290 cd1790 LdrInitializeThunk 6286->6290 6288 cd6020 6288->6271 6290->6288 6291->6285 6291->6286 6291->6288 6335 cf0f60 6291->6335 6293 cd619e 6292->6293 6360 cf0b70 6293->6360 6295 cf0f60 LdrInitializeThunk 6298 cd5fe0 6295->6298 6296 cd6026 6300 cd1790 LdrInitializeThunk 6296->6300 6297 cd60b5 6301 cd1790 LdrInitializeThunk 6297->6301 6298->6295 6298->6296 6298->6297 6299 cd6020 6298->6299 6299->6273 6300->6297 6301->6299 6303 cd7e4c 6302->6303 6309 cbe2dd 6302->6309 6310 cd80a0 6302->6310 6303->6303 6304 cf0f60 LdrInitializeThunk 6303->6304 6305 cf0b70 LdrInitializeThunk 6303->6305 6303->6309 6303->6310 6304->6303 6305->6303 6306 cf0b70 LdrInitializeThunk 6306->6310 6312 cd8770 6309->6312 6310->6306 6310->6309 6311 cedf70 LdrInitializeThunk 6310->6311 6365 cf0c80 6310->6365 6371 cf1580 6310->6371 6311->6310 6313 cd87a0 6312->6313 6315 cd882e 6313->6315 6381 cedf70 LdrInitializeThunk 6313->6381 6317 cd895e 6315->6317 6382 cedf70 LdrInitializeThunk 6315->6382 6317->6277 6383 cd8cb0 6318->6383 6320 cd8c99 6320->6279 6322 ce4494 GetWindowLongW GetClipboardData 6321->6322 6323 cbe341 6321->6323 6324 ce44cc 6322->6324 6325 ce44d1 GlobalLock 6322->6325 6326 ce45db CloseClipboard 6324->6326 6328 ce44e7 6325->6328 6326->6323 6327 ce45cf GlobalUnlock 6327->6326 6328->6327 6330 cd17a0 6329->6330 6330->6330 6331 cd183e 6330->6331 6333 cd1861 6330->6333 6341 cf0610 6330->6341 6331->6286 6333->6331 6333->6333 6345 cd3d70 6333->6345 6336 cf0f90 6335->6336 6338 cf0fde 6336->6338 6358 cedf70 LdrInitializeThunk 6336->6358 6340 cf10ae 6338->6340 6359 cedf70 LdrInitializeThunk 6338->6359 6340->6291 6342 cf0630 6341->6342 6344 cf075e 6342->6344 6354 cedf70 LdrInitializeThunk 6342->6354 6344->6333 6346 cf0480 LdrInitializeThunk 6345->6346 6348 cd3db0 6346->6348 6347 cd44c3 6347->6331 6348->6347 6351 cd3e7c 6348->6351 6355 cedf70 LdrInitializeThunk 6348->6355 6350 cd4427 6350->6347 6357 cedf70 LdrInitializeThunk 6350->6357 6351->6350 6356 cedf70 LdrInitializeThunk 6351->6356 6354->6344 6355->6348 6356->6351 6357->6350 6358->6338 6359->6340 6362 cf0b90 6360->6362 6361 cf0c4f 6361->6298 6362->6361 6364 cedf70 LdrInitializeThunk 6362->6364 6364->6361 6366 cf0cb0 6365->6366 6368 cf0cfe 6366->6368 6377 cedf70 LdrInitializeThunk 6366->6377 6370 cf0e0f 6368->6370 6378 cedf70 LdrInitializeThunk 6368->6378 6370->6310 6372 cf1591 6371->6372 6374 cf163e 6372->6374 6379 cedf70 LdrInitializeThunk 6372->6379 6375 cf17de 6374->6375 6380 cedf70 LdrInitializeThunk 6374->6380 6375->6310 6377->6368 6378->6370 6379->6374 6380->6375 6381->6315 6382->6317 6384 cd8d10 6383->6384 6384->6384 6393 ceb8e0 6384->6393 6386 cd8d6d 6386->6320 6388 cd8d45 6388->6386 6391 cd8e66 6388->6391 6399 cebb20 6388->6399 6403 cec040 6388->6403 6392 cd8ece 6391->6392 6411 cebfa0 6391->6411 6392->6320 6394 ceb900 6393->6394 6396 ceb93e 6394->6396 6415 cedf70 LdrInitializeThunk 6394->6415 6398 ceba1f 6396->6398 6416 cedf70 LdrInitializeThunk 6396->6416 6398->6388 6400 cebbce 6399->6400 6401 cebb31 6399->6401 6400->6388 6401->6400 6417 cedf70 LdrInitializeThunk 6401->6417 6404 cec090 6403->6404 6410 cec0d8 6404->6410 6418 cedf70 LdrInitializeThunk 6404->6418 6405 cec73e 6405->6388 6407 cec6cf 6407->6405 6419 cedf70 LdrInitializeThunk 6407->6419 6409 cedf70 LdrInitializeThunk 6409->6410 6410->6405 6410->6407 6410->6409 6412 cebfc0 6411->6412 6414 cec00e 6412->6414 6420 cedf70 LdrInitializeThunk 6412->6420 6414->6391 6415->6396 6416->6398 6417->6400 6418->6410 6419->6405 6420->6414 6445 cbceb3 CoInitializeSecurity 6460 cbdc33 6462 cbdcd0 6460->6462 6461 cbdd4e 6462->6461 6464 cedf70 LdrInitializeThunk 6462->6464 6464->6461 6465 cbd7d2 CoUninitialize 6466 cbd7da 6465->6466 6485 cbe970 6486 cbe8b8 6485->6486 6486->6486 6488 cbe948 6486->6488 6489 cedf70 LdrInitializeThunk 6486->6489 6488->6488 6489->6488 6516 cc9130 6517 ceb8e0 LdrInitializeThunk 6516->6517 6518 cc9158 6517->6518

    Executed Functions

    Function 00CB89A0 Relevance: 7.7, APIs: 5, Instructions: 242threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00CB89C2
    • GetCurrentThreadId.KERNEL32 ref: 00CB89D5
    • GetCurrentProcessId.KERNEL32 ref: 00CB89DD
    • GetForegroundWindow.USER32 ref: 00CB8BD2
    • ExitProcess.KERNEL32 ref: 00CB8CB5
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
    • String ID:
    • API String ID: 4063528623-0
    • Opcode ID: 359d6d40205048e01980a1c311d19e7ebc4771d9b262e89572fc583ab9453551
    • Instruction ID: d8ca448c5b12c7e9ac2802e1430eadf24a0ab469cd5eb71f6b717fcb718b4834
    • Opcode Fuzzy Hash: 359d6d40205048e01980a1c311d19e7ebc4771d9b262e89572fc583ab9453551
    • Instruction Fuzzy Hash: F971F673B547044BC708DFBADC9236AFAD6ABC8710F09D43DA899D7390EA78DC058685
    Function 00CEDF70 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 46 cedf70-cedfa2 LdrInitializeThunk
    APIs
    • LdrInitializeThunk.NTDLL(00CEBA46,?,00000010,00000005,00000000,?,00000000,?,?,00CC9158,?,?,00CC19B4), ref: 00CEDF9E
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID:
    • API String ID: 2994545307-0
    • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
    • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
    • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
    • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

    Non-executed Functions

    Function 00CE9030 Relevance: 30.4, APIs: 10, Strings: 7, Instructions: 621memorycomCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 77 ce9030-ce9089 78 ce9090-ce90c6 77->78 78->78 79 ce90c8-ce90e4 78->79 81 ce90e6 79->81 82 ce90f1-ce913f CoCreateInstance 79->82 81->82 83 ce968c-ce96b8 call cef9a0 82->83 84 ce9145-ce9177 82->84 91 ce96bc-ce96df call cd0650 83->91 92 ce96ba 83->92 86 ce9180-ce91af 84->86 86->86 88 ce91b1-ce91e4 SysAllocString 86->88 93 ce91ea-ce9204 CoSetProxyBlanket 88->93 94 ce9674-ce9688 SysFreeString 88->94 101 ce96e0-ce96e8 91->101 92->91 96 ce966a-ce9670 93->96 97 ce920a-ce9225 93->97 94->83 96->94 100 ce9230-ce9262 97->100 100->100 102 ce9264-ce92df SysAllocString 100->102 101->101 103 ce96ea-ce96ec 101->103 104 ce92e0-ce930b 102->104 105 ce96fe-ce972d call cd0650 103->105 106 ce96ee-ce96fb call cb8330 103->106 104->104 107 ce930d-ce933d SysAllocString 104->107 115 ce9730-ce9738 105->115 106->105 113 ce9658-ce9668 SysFreeString * 2 107->113 114 ce9343-ce9365 107->114 113->96 120 ce964b-ce9655 114->120 121 ce936b-ce936e 114->121 115->115 116 ce973a-ce973c 115->116 118 ce974e-ce977d call cd0650 116->118 119 ce973e-ce974b call cb8330 116->119 129 ce9780-ce9788 118->129 119->118 120->113 121->120 124 ce9374-ce9379 121->124 124->120 127 ce937f-ce93cf VariantInit 124->127 130 ce93d0-ce9416 127->130 129->129 131 ce978a-ce978c 129->131 130->130 132 ce9418-ce9433 130->132 133 ce979e-ce97cb call cd0650 131->133 134 ce978e-ce979b call cb8330 131->134 141 ce9439-ce943f 132->141 142 ce9636-ce9647 VariantClear 132->142 140 ce97d0-ce97d8 133->140 134->133 140->140 143 ce97da-ce97dc 140->143 141->142 144 ce9445-ce9452 141->144 142->120 145 ce97ee-ce97f5 143->145 146 ce97de-ce97eb call cb8330 143->146 148 ce948d 144->148 149 ce9454-ce9459 144->149 146->145 151 ce948f-ce94b7 call cb82b0 148->151 152 ce946c-ce9470 149->152 162 ce94bd-ce94cb 151->162 163 ce95e8-ce95f9 151->163 153 ce9472-ce947b 152->153 154 ce9460 152->154 158 ce947d-ce9480 153->158 159 ce9482-ce9486 153->159 157 ce9461-ce946a 154->157 157->151 157->152 158->157 159->157 161 ce9488-ce948b 159->161 161->157 162->163 164 ce94d1-ce94d5 162->164 165 ce95fb 163->165 166 ce9600-ce960c 163->166 169 ce94e0-ce94ea 164->169 165->166 167 ce960e 166->167 168 ce9613-ce9633 call cb82e0 call cb82c0 166->168 167->168 168->142 171 ce94ec-ce94f1 169->171 172 ce9500-ce9506 169->172 174 ce9590-ce9596 171->174 175 ce9508-ce950b 172->175 176 ce9525-ce9533 172->176 181 ce9598-ce959e 174->181 175->176 177 ce950d-ce9523 175->177 178 ce95aa-ce95b3 176->178 179 ce9535-ce9538 176->179 177->174 185 ce95b9-ce95bc 178->185 186 ce95b5-ce95b7 178->186 179->178 182 ce953a-ce9581 179->182 181->163 184 ce95a0-ce95a2 181->184 182->174 184->169 187 ce95a8 184->187 188 ce95be-ce95e2 185->188 189 ce95e4-ce95e6 185->189 186->181 187->163 188->174 189->174
    APIs
    • CoCreateInstance.OLE32(00CF3678,00000000,00000001,00CF3668,00000000), ref: 00CE9137
    • SysAllocString.OLEAUT32(13C511C2), ref: 00CE91B6
    • CoSetProxyBlanket.OLE32(0000FDFC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00CE91FC
    • SysAllocString.OLEAUT32(13C511C2), ref: 00CE9265
    • SysAllocString.OLEAUT32(13C511C2), ref: 00CE930E
    • VariantInit.OLEAUT32(?), ref: 00CE9384
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
    • String ID: =3$C$E!q#$E!q#$Lgfe$\$IK
    • API String ID: 65563702-4011188741
    • Opcode ID: efa1b2e2de4769d926661d6ee31c7803253bafd51d6777dee2eeec961efd90ea
    • Instruction ID: d4df9219ff2152a8f4e7a6664389f42e7b66af2028b942506782f137111c824d
    • Opcode Fuzzy Hash: efa1b2e2de4769d926661d6ee31c7803253bafd51d6777dee2eeec961efd90ea
    • Instruction Fuzzy Hash: 9A2241B1508380ABE324CF21CC45B6BBBAAEF85354F148A1CF5959B2D1D774DA05CB92
    Function 00CD3D70 Relevance: 24.3, Strings: 19, Instructions: 515COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 190 cd3d70-cd3db5 call cf0480 193 cd3dbb-cd3e24 call cc9500 call ceb7e0 190->193 194 cd451a-cd452a 190->194 199 cd3e29-cd3e37 193->199 199->199 200 cd3e39 199->200 201 cd3e3b-cd3e3e 200->201 202 cd3e66-cd3e6d 201->202 203 cd3e40-cd3e64 201->203 204 cd3e6f-cd3e7a 202->204 203->201 205 cd3e7c 204->205 206 cd3e81-cd3e98 204->206 207 cd3f3b-cd3f3e 205->207 208 cd3e9f-cd3eaa 206->208 209 cd3e9a-cd3f28 206->209 213 cd3f40 207->213 214 cd3f42-cd3f47 207->214 211 cd3eac-cd3f26 call cedf70 208->211 212 cd3f2a-cd3f2f 208->212 209->212 211->212 216 cd3f31 212->216 217 cd3f33-cd3f36 212->217 213->214 218 cd3f4d-cd3f5d 214->218 219 cd442b-cd4470 call ceb860 214->219 216->207 217->204 222 cd3f5f-cd3f7c 218->222 226 cd4475-cd4483 219->226 224 cd4134 222->224 225 cd3f82-cd3fa1 222->225 227 cd4138-cd413b 224->227 228 cd3fa3-cd3fa6 225->228 226->226 229 cd4485 226->229 230 cd413d-cd4141 227->230 231 cd4143-cd4154 call ceb7e0 227->231 232 cd3fbf-cd3fdd call cd4530 228->232 233 cd3fa8-cd3fbd 228->233 235 cd4487-cd448a 229->235 236 cd416a-cd416c 230->236 247 cd4166-cd4168 231->247 248 cd4156-cd4161 231->248 232->224 245 cd3fe3-cd401e 232->245 233->228 241 cd448c-cd44b0 235->241 242 cd44b2-cd44b9 235->242 238 cd4404-cd4409 236->238 239 cd4172-cd4191 236->239 249 cd440b-cd4413 238->249 250 cd4415-cd4419 238->250 244 cd4196-cd41a1 239->244 241->235 246 cd44bb-cd44c1 242->246 244->244 252 cd41a3-cd41ab 244->252 253 cd4023-cd4031 245->253 254 cd44c5-cd44d9 246->254 255 cd44c3 246->255 247->236 256 cd441d-cd4421 248->256 251 cd441b 249->251 250->251 251->256 259 cd41ad-cd41b0 252->259 253->253 261 cd4033-cd4037 253->261 257 cd44dd-cd44e3 254->257 258 cd44db 254->258 255->194 256->222 260 cd4427-cd4429 256->260 262 cd450a-cd450d 257->262 263 cd44e5-cd4505 call cedf70 257->263 258->262 264 cd41e2-cd4217 259->264 265 cd41b2-cd41e0 259->265 260->219 267 cd4039-cd403c 261->267 269 cd450f-cd4511 262->269 270 cd4513-cd4518 262->270 263->262 271 cd421c-cd4227 264->271 265->259 272 cd403e-cd4062 267->272 273 cd4064-cd4082 call cd4530 267->273 269->194 270->246 271->271 274 cd4229-cd422b 271->274 272->267 280 cd408d-cd40ad 273->280 281 cd4084-cd4088 273->281 276 cd422f-cd4232 274->276 278 cd4254-cd4258 276->278 279 cd4234-cd4252 276->279 282 cd425a-cd4265 278->282 279->276 283 cd40af 280->283 284 cd40b1-cd4132 call cb82b0 call cc9160 call cb82c0 280->284 281->227 285 cd426c-cd4283 282->285 286 cd4267 282->286 283->284 284->227 290 cd428a-cd4295 285->290 291 cd4285-cd4321 285->291 289 cd4334-cd4337 286->289 295 cd4339 289->295 296 cd433b-cd435c 289->296 292 cd429b-cd431f call cedf70 290->292 293 cd4323-cd4328 290->293 291->293 292->293 300 cd432c-cd432f 293->300 301 cd432a 293->301 295->296 304 cd4361-cd436c 296->304 300->282 301->289 304->304 306 cd436e 304->306 308 cd4370-cd4373 306->308 310 cd4399-cd439f 308->310 311 cd4375-cd4397 308->311 312 cd43d5-cd43d8 310->312 313 cd43a1-cd43a5 310->313 311->308 315 cd43ed-cd43f3 312->315 316 cd43da-cd43eb call ceb860 312->316 314 cd43a7-cd43ae 313->314 317 cd43be-cd43c7 314->317 318 cd43b0-cd43bc 314->318 320 cd43f5-cd43f8 315->320 316->320 321 cd43c9 317->321 322 cd43cb 317->322 318->314 320->238 324 cd43fa-cd4402 320->324 325 cd43d1-cd43d3 321->325 322->325 324->256 325->312
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: $!@$,$9$:$;$`$`$`$e$e$e$f$f$f$g$g$g$n
    • API String ID: 0-1524723224
    • Opcode ID: 6cd92a185c6350022b9980838ff75742bbc4fd67034ab84ac86756baef9f11d6
    • Instruction ID: 96b48a56f05923a48f37751ce6723988a1f9854c1e009ffc20d6bb34c7eee996
    • Opcode Fuzzy Hash: 6cd92a185c6350022b9980838ff75742bbc4fd67034ab84ac86756baef9f11d6
    • Instruction Fuzzy Hash: F3228BB150C3808FD3298F28C4943AFBBE1AB95314F18496EE6D987392D7768985CB53
    Function 00CE4470 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 111clipboardCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 326 ce4470-ce448e OpenClipboard 327 ce4494-ce44ca GetWindowLongW GetClipboardData 326->327 328 ce45e3-ce45f0 326->328 329 ce44cc 327->329 330 ce44d1-ce44f3 GlobalLock call ce0040 327->330 331 ce45db-ce45e1 CloseClipboard 329->331 334 ce44fa-ce4570 call cb82b0 call ce00b0 330->334 335 ce44f5 330->335 331->328 342 ce4574-ce457f 334->342 337 ce45cf-ce45d8 GlobalUnlock 335->337 337->331 342->342 343 ce4581 342->343 344 ce4583-ce4586 343->344 345 ce459f-ce45cd call cb9190 call cb82c0 344->345 346 ce4588-ce459d 344->346 345->337 346->344
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
    • String ID: <$F$G$]$c
    • API String ID: 2832541153-1818401840
    • Opcode ID: d92e83f781ef11759ab670f41bb1d6bce3e3c8c3a529b9aefc8b32ce75ba0c4f
    • Instruction ID: 5af543fbd750e9a47a1458bc0c11a15d3380860f3433b7bd6ee5165334b65f00
    • Opcode Fuzzy Hash: d92e83f781ef11759ab670f41bb1d6bce3e3c8c3a529b9aefc8b32ce75ba0c4f
    • Instruction Fuzzy Hash: F1418D7140D7C18FD301AF7A948836EBFE0AB92324F044E2DE4D986292C6798649DB93
    Function 00CB94D0 Relevance: 17.9, Strings: 14, Instructions: 385COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 354 cb94d0-cb9547 355 cb9550-cb958c 354->355 355->355 356 cb958e-cb959b 355->356 357 cb95a0-cb95d6 356->357 357->357 358 cb95d8-cb965a 357->358 359 cb9660-cb968e 358->359 359->359 360 cb9690-cb96bf 359->360 361 cb96c0-cb96d9 360->361 361->361 362 cb96db-cb96e8 361->362 363 cb96fb-cb9704 362->363 364 cb96ea-cb96ee 362->364 366 cb971b-cb9725 363->366 367 cb9706-cb9709 363->367 365 cb96f0-cb96f9 364->365 365->363 365->365 369 cb973b-cb9743 366->369 370 cb9727-cb972b 366->370 368 cb9710-cb9719 367->368 368->366 368->368 372 cb975b-cb9765 369->372 373 cb9745-cb9746 369->373 371 cb9730-cb9739 370->371 371->369 371->371 375 cb977b-cb9788 372->375 376 cb9767-cb976b 372->376 374 cb9750-cb9759 373->374 374->372 374->374 377 cb979b-cb97de 375->377 378 cb978a-cb978f 375->378 379 cb9770-cb9779 376->379 381 cb97e8-cb9806 377->381 382 cb97e0-cb97e7 377->382 380 cb9790-cb9799 378->380 379->375 379->379 380->377 380->380 383 cb9810-cb982e 381->383 382->381 383->383 384 cb9830-cb984f 383->384 385 cb9850-cb9875 384->385 385->385 386 cb9877-cb987e 385->386 387 cb989b-cb98a4 386->387 388 cb9880-cb9884 386->388 390 cb98bb-cb98c5 387->390 391 cb98a6-cb98a9 387->391 389 cb9890-cb9899 388->389 389->387 389->389 393 cb98db-cb98ed 390->393 394 cb98c7-cb98cb 390->394 392 cb98b0-cb98b9 391->392 392->390 392->392 395 cb98d0-cb98d9 394->395 395->393 395->395
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: n[$8$=86o$BDZF$N$RHL9$SD]z$ZS$_CYG$f)2s$mmi.$p8Bb$txfF$u{{h
    • API String ID: 0-1787199350
    • Opcode ID: 4f528f0c90cc623b71a293a4037b626f3364ba5f16f27244a2274f38ff2d6f74
    • Instruction ID: 9930601ac79cf38fc9a39c169a24e2847aad8b0b506e6fe804658472bfcb6789
    • Opcode Fuzzy Hash: 4f528f0c90cc623b71a293a4037b626f3364ba5f16f27244a2274f38ff2d6f74
    • Instruction Fuzzy Hash: 83B1D37010C3918FD3158F2980607ABBFE1EF97344F1849ACE5E59B392D739890ACB92
    Function 00CBCF05 Relevance: 15.6, Strings: 12, Instructions: 574COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 396 cbcf05-cbcf12 397 cbcf20-cbcf5c 396->397 397->397 398 cbcf5e-cbcf70 call cb8930 397->398 401 cbcf75 call ce9030 398->401 402 cbcf7a-cbcfa5 401->402 403 cbcfb0-cbcffc 402->403 403->403 404 cbcffe-cbd06b 403->404 405 cbd070-cbd097 404->405 405->405 406 cbd099-cbd0aa 405->406 407 cbd0cb-cbd0d3 406->407 408 cbd0ac-cbd0b3 406->408 409 cbd0eb-cbd0f8 407->409 410 cbd0d5-cbd0d6 407->410 411 cbd0c0-cbd0c9 408->411 413 cbd11b-cbd123 409->413 414 cbd0fa-cbd101 409->414 412 cbd0e0-cbd0e9 410->412 411->407 411->411 412->409 412->412 416 cbd13b-cbd266 413->416 417 cbd125-cbd126 413->417 415 cbd110-cbd119 414->415 415->413 415->415 419 cbd270-cbd2ce 416->419 418 cbd130-cbd139 417->418 418->416 418->418 419->419 420 cbd2d0-cbd2ff 419->420 421 cbd300-cbd31a 420->421 421->421 422 cbd31c-cbd36b call cbb960 421->422 425 cbd370-cbd3ac 422->425 425->425 426 cbd3ae-cbd3c0 call cb8930 425->426 429 cbd3c5 call ce9030 426->429 430 cbd3ca-cbd3eb 429->430 431 cbd3f0-cbd43c 430->431 431->431 432 cbd43e-cbd4ab 431->432 433 cbd4b0-cbd4d7 432->433 433->433 434 cbd4d9-cbd4ea 433->434 435 cbd4fb-cbd503 434->435 436 cbd4ec-cbd4ef 434->436 438 cbd51b-cbd528 435->438 439 cbd505-cbd506 435->439 437 cbd4f0-cbd4f9 436->437 437->435 437->437 441 cbd54b-cbd557 438->441 442 cbd52a-cbd531 438->442 440 cbd510-cbd519 439->440 440->438 440->440 444 cbd56b-cbd696 441->444 445 cbd559-cbd55a 441->445 443 cbd540-cbd549 442->443 443->441 443->443 447 cbd6a0-cbd6fe 444->447 446 cbd560-cbd569 445->446 446->444 446->446 447->447 448 cbd700-cbd72f 447->448 449 cbd730-cbd74a 448->449 449->449 450 cbd74c-cbd791 call cbb960 449->450
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: ()$+S7U$,_"Q$0C%E$7W"i$;[*]$<KuM$N3F5$S7HI$y?O1$c]e$gy
    • API String ID: 0-3422605938
    • Opcode ID: 89a698f223cfcdc77f53b5ad67671f102f0398a35f5e53c2d7e6a46a13a1dc27
    • Instruction ID: e07bb0ec0c637db7a16ff0690833c7007f090fb01a5b867134712806e16aacb0
    • Opcode Fuzzy Hash: 89a698f223cfcdc77f53b5ad67671f102f0398a35f5e53c2d7e6a46a13a1dc27
    • Instruction Fuzzy Hash: 6812FEB15483C18ED3358F25D495BEFBBE1ABD2304F18896CC4DA5B256D7710A0ACB93
    Function 00CB98F0 Relevance: 10.4, Strings: 8, Instructions: 428COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 458 cb98f0-cb98fe 459 cb9e75 458->459 460 cb9904-cb997f call cb61a0 call cb82b0 458->460 461 cb9e77-cb9e83 459->461 466 cb9980-cb99b5 460->466 466->466 467 cb99b7-cb99df call cb9210 466->467 470 cb99e0-cb9a5b 467->470 470->470 471 cb9a5d-cb9a99 call cb9210 470->471 474 cb9aa0-cb9ae1 471->474 474->474 475 cb9ae3-cb9b2f call cb9210 474->475 478 cb9b30-cb9b56 475->478 478->478 479 cb9b58-cb9b6f 478->479 480 cb9b70-cb9bdc 479->480 480->480 481 cb9bde-cb9c0e call cb9210 480->481 484 cb9c10-cb9c6e 481->484 484->484 485 cb9c70-cb9d4b call cb94d0 484->485 488 cb9d50-cb9d7e 485->488 488->488 489 cb9d80-cb9d88 488->489 490 cb9d8a-cb9d92 489->490 491 cb9db1-cb9dbc 489->491 492 cb9da0-cb9daf 490->492 493 cb9dbe-cb9dc1 491->493 494 cb9de1-cb9e0b 491->494 492->491 492->492 495 cb9dd0-cb9ddf 493->495 496 cb9e10-cb9e36 494->496 495->494 495->495 496->496 497 cb9e38-cb9e73 call cbc570 call cb82c0 496->497 497->461
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: DG$Ohs,$chs,$fhnf$fhnf$xy$su${}
    • API String ID: 0-2124332573
    • Opcode ID: 0c5ffe4c961a319cc9e9ebb4cb9618b367a19347897b73002b4014efa07dfa42
    • Instruction ID: dd76ed3fc54396a69717adfc79b93c17d0ecd5840afc1101526b2569b31b8a3b
    • Opcode Fuzzy Hash: 0c5ffe4c961a319cc9e9ebb4cb9618b367a19347897b73002b4014efa07dfa42
    • Instruction Fuzzy Hash: BBE15C72A483504BD328CF35C8513ABBBE6EBD1314F198A2DE5E58B395D738C905CB42
    Function 00CCDB30 Relevance: 9.0, Strings: 7, Instructions: 235COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 502 ccdb30-ccdb68 503 ccdb70-ccdbc0 502->503 503->503 504 ccdbc2-ccdc14 503->504 505 ccdc20-ccdc68 504->505 505->505 506 ccdc6a-ccdc79 505->506 507 ccdc7b-ccdc82 506->507 508 ccdca3 506->508 509 ccdc90-ccdc9f 507->509 510 ccdca6-ccdcb1 508->510 509->509 511 ccdca1 509->511 512 ccdcd1-ccdcde 510->512 513 ccdcb3-ccdcb6 510->513 511->510 515 ccdce0-ccdce4 512->515 516 ccdd01-ccdd2b 512->516 514 ccdcc0-ccdccf 513->514 514->512 514->514 517 ccdcf0-ccdcff 515->517 518 ccdd30-ccdd62 516->518 517->516 517->517 518->518 519 ccdd64-ccdd6b 518->519 520 ccdd6d-ccdd71 519->520 521 ccdd8b-ccddc2 call cbb210 519->521 522 ccdd80-ccdd89 520->522 522->521 522->522
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 5[Y$8$CN$Lw$}~$SRQ$_]
    • API String ID: 0-3274379026
    • Opcode ID: 05133a7a6455b0eb0ed43e64cfdf721678e01155e917667bb399a6cbeb525aeb
    • Instruction ID: c6a51c7df4f15e116a7ee285fa3132fd58534a91125df90de36bd68c8ea45c44
    • Opcode Fuzzy Hash: 05133a7a6455b0eb0ed43e64cfdf721678e01155e917667bb399a6cbeb525aeb
    • Instruction Fuzzy Hash: 845157729183518BD324CF25C8906ABB7F2FFD2345F18995CE8D28B255EB748A06C792
    Function 00CBE35B Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 294COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 525 cbe35b-cbe393 call ce4600 call cb98f0 CoUninitialize 530 cbe3a0-cbe3d2 525->530 530->530 531 cbe3d4-cbe3ef 530->531 532 cbe3f0-cbe428 531->532 532->532 533 cbe42a-cbe499 532->533 534 cbe4a0-cbe4ba 533->534 534->534 535 cbe4bc-cbe4cd 534->535 536 cbe4eb-cbe4f3 535->536 537 cbe4cf-cbe4df 535->537 539 cbe50b-cbe515 536->539 540 cbe4f5-cbe4f6 536->540 538 cbe4e0-cbe4e9 537->538 538->536 538->538 542 cbe52b-cbe533 539->542 543 cbe517-cbe51b 539->543 541 cbe500-cbe509 540->541 541->539 541->541 545 cbe54b-cbe555 542->545 546 cbe535-cbe536 542->546 544 cbe520-cbe529 543->544 544->542 544->544 548 cbe56b-cbe577 545->548 549 cbe557-cbe55b 545->549 547 cbe540-cbe549 546->547 547->545 547->547 551 cbe579-cbe57b 548->551 552 cbe591-cbe6b3 548->552 550 cbe560-cbe569 549->550 550->548 550->550 553 cbe580-cbe58d 551->553 554 cbe6c0-cbe6da 552->554 553->553 555 cbe58f 553->555 554->554 556 cbe6dc-cbe70f 554->556 555->552 557 cbe710-cbe72b 556->557 557->557 558 cbe72d-cbe77d call cbb960 557->558
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: Uninitialize
    • String ID: Lk$U\$Zb$r
    • API String ID: 3861434553-3997483426
    • Opcode ID: fabf7ec9695a98ffa76373be1fc9702898f61fae2a8b782e18b86a5689aefb1a
    • Instruction ID: ff3c3d0bffcd380fbd912a4586a1a18b975d9ddfc04cf72f4a36a1113c7a6dfa
    • Opcode Fuzzy Hash: fabf7ec9695a98ffa76373be1fc9702898f61fae2a8b782e18b86a5689aefb1a
    • Instruction Fuzzy Hash: 30A19CB010C3D18AD7758F25C4947EFBBE1AB93304F18895CD0EA5B296DB39460ACB57
    Function 00CB9210 Relevance: 6.5, Strings: 5, Instructions: 269COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 561 cb9210-cb9245 562 cb9250-cb9282 561->562 562->562 563 cb9284-cb92a2 562->563 564 cb92b0-cb92c2 563->564 564->564 565 cb92c4-cb932b 564->565 566 cb9330-cb938d 565->566 566->566 567 cb938f-cb939e 566->567 568 cb93a0-cb93d7 567->568 568->568 569 cb93d9-cb93e5 568->569 570 cb93fb-cb9408 569->570 571 cb93e7-cb93ef 569->571 572 cb941b-cb9425 570->572 573 cb940a-cb940f 570->573 574 cb93f0-cb93f9 571->574 576 cb943b-cb9443 572->576 577 cb9427-cb942b 572->577 575 cb9410-cb9419 573->575 574->570 574->574 575->572 575->575 579 cb945b-cb9465 576->579 580 cb9445-cb9446 576->580 578 cb9430-cb9439 577->578 578->576 578->578 582 cb947b-cb9483 579->582 583 cb9467-cb946b 579->583 581 cb9450-cb9459 580->581 581->579 581->581 585 cb949b-cb94a5 582->585 586 cb9485-cb9486 582->586 584 cb9470-cb9479 583->584 584->582 584->584 588 cb94bb-cb94cd 585->588 589 cb94a7-cb94ab 585->589 587 cb9490-cb9499 586->587 587->585 587->587 590 cb94b0-cb94b9 589->590 590->588 590->590
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: )=+4$57$7514$84*6$N
    • API String ID: 0-4020838272
    • Opcode ID: be85e90a30f89c364b58cec467ad0dcda84538ec37489d1a8be0575a1ed0ed84
    • Instruction ID: 25186fff323860ee4dab73599446bb6772957c55a41d11864ed725e7d70a7927
    • Opcode Fuzzy Hash: be85e90a30f89c364b58cec467ad0dcda84538ec37489d1a8be0575a1ed0ed84
    • Instruction Fuzzy Hash: 2071A46110C3C58BD315CB2984A07BBFFE1DFA3305F18499DE5E64B282D7798A0ACB52
    Function 00CD0870 Relevance: 5.9, Strings: 4, Instructions: 861COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 591 cd0870-cd08fb call cef9a0 595 cd08fd-cd0900 591->595 596 cd090b-cd094f call cef9a0 * 3 591->596 597 cd09b5-cd09bf 595->597 598 cd0906 595->598 612 cd0963-cd0965 596->612 602 cd09c0-cd09cb 597->602 600 cd0eb2-cd0eb4 598->600 603 cd1284-cd128b 600->603 602->602 605 cd09cd-cd09d3 602->605 607 cd09e0-cd09e7 605->607 607->607 609 cd09e9-cd09ef 607->609 611 cd09f0-cd09f7 609->611 611->611 613 cd09f9-cd0a41 call cb8190 611->613 615 cd0994-cd09af call cef9a0 612->615 616 cd0967-cd0977 612->616 619 cd0a50-cd0a90 613->619 615->597 615->600 623 cd0979-cd0985 616->623 624 cd0960 616->624 619->619 622 cd0a92-cd0aa9 619->622 625 cd0ab0-cd0b2f 622->625 623->615 629 cd0987-cd0992 623->629 624->612 625->625 628 cd0b35-cd0b3e 625->628 630 cd0b5b-cd0b66 628->630 631 cd0b40-cd0b46 628->631 629->624 633 cd0b7d 630->633 634 cd0b68-cd0b6f 630->634 632 cd0b50-cd0b59 631->632 632->630 632->632 637 cd0b80-cd0b89 633->637 636 cd0b70-cd0b79 634->636 636->636 638 cd0b7b 636->638 639 cd0b9b-cd0ba6 637->639 640 cd0b8b-cd0b8f 637->640 638->637 641 cd0ba8-cd0ba9 639->641 642 cd0bbb-cd0cca 639->642 643 cd0b90-cd0b99 640->643 644 cd0bb0-cd0bb9 641->644 645 cd0cd0-cd0ce4 642->645 643->639 643->643 644->642 644->644 645->645 646 cd0ce6-cd0cec 645->646 647 cd0cee-cd0cef 646->647 648 cd0cfb-cd0d04 646->648 649 cd0cf0-cd0cf9 647->649 650 cd0d1b-cd0d44 call cef9a0 648->650 651 cd0d06-cd0d09 648->651 649->648 649->649 656 cd0d88-cd0d8b 650->656 657 cd0d46-cd0d49 650->657 652 cd0d10-cd0d19 651->652 652->650 652->652 656->600 659 cd0d91-cd0dbe call cb82b0 call cd1290 656->659 657->656 658 cd0d4b-cd0d83 call cef9a0 * 2 657->658 658->603 667 cd126c-cd1271 659->667 668 cd0dc4-cd0dd1 659->668 673 cd1281 667->673 674 cd1273-cd1276 667->674 670 cd0f1a-cd0f51 668->670 671 cd0dd7-cd0deb 668->671 677 cd0f60-cd0f94 670->677 675 cd0ded 671->675 676 cd0def-cd0dfc call cb82b0 671->676 673->603 674->673 678 cd1278-cd127e call cb82c0 674->678 675->676 689 cd0f0c-cd0f17 676->689 690 cd0e02-cd0e10 676->690 677->677 681 cd0f96-cd0fa5 677->681 678->673 684 cd0fa7-cd0fb2 681->684 685 cd0ff3-cd0ff7 681->685 691 cd0fca-cd0fcf 684->691 687 cd0ffd-cd1000 685->687 688 cd125b-cd1260 call cd05a0 685->688 692 cd101b-cd1022 687->692 702 cd1265 688->702 689->670 693 cd0eb9-cd0ee7 690->693 694 cd0e16-cd0e18 690->694 691->688 696 cd0fd5-cd0fe1 691->696 699 cd1045-cd1050 call cd1290 692->699 700 cd1024-cd1042 692->700 697 cd0ee9-cd0ef5 693->697 698 cd0ef8-cd0f09 call cb82c0 693->698 694->693 701 cd0e1e-cd0e20 694->701 703 cd0fea-cd0fec 696->703 704 cd0fe3-cd0fe8 696->704 697->698 698->689 699->702 714 cd1056-cd1066 699->714 700->699 701->698 709 cd0e26-cd0e38 701->709 702->667 705 cd0fee-cd0ff1 703->705 706 cd0fc0-cd0fc8 703->706 704->703 705->706 706->685 706->691 712 cd0e3a-cd0e3c 709->712 713 cd0e51-cd0e59 709->713 715 cd0e3e-cd0e48 712->715 713->698 716 cd0e5f-cd0e61 713->716 717 cd106c-cd1080 714->717 718 cd11c0-cd11f5 714->718 715->715 719 cd0e4a-cd0e4e 715->719 720 cd0e63-cd0eae 716->720 723 cd1084-cd1091 call cb82b0 717->723 724 cd1082 717->724 722 cd1200-cd1238 718->722 719->713 720->720 721 cd0eb0 720->721 721->698 722->722 725 cd123a-cd123f 722->725 729 cd1097-cd10a5 723->729 730 cd11b2-cd11bd 723->730 724->723 727 cd1240-cd124b 725->727 731 cd1251-cd1254 727->731 732 cd1010-cd1015 727->732 733 cd115f-cd118d 729->733 734 cd10ab-cd10ad 729->734 730->718 731->727 735 cd1256 731->735 732->667 732->692 737 cd118f-cd119b 733->737 738 cd119e-cd11af call cb82c0 733->738 734->733 736 cd10b3-cd10b5 734->736 735->732 736->738 739 cd10bb-cd10cd 736->739 737->738 738->730 741 cd10cf-cd10d3 739->741 742 cd10f3-cd10fb 739->742 744 cd10e0-cd10ea 741->744 742->738 745 cd1101-cd1105 742->745 744->744 746 cd10ec-cd10f0 744->746 747 cd1110-cd115b 745->747 746->742 747->747 748 cd115d 747->748 748->738
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: +2/?$=79$BBSH$GZE^
    • API String ID: 0-3392023846
    • Opcode ID: 59c65316c1ab6c104c55dcceab9da6800eb461a5c4ca2fbdad97a96dc421bb1b
    • Instruction ID: 0a98901e55cde6f8c1c2a66b3dbd8d8f3241ab039692ee2b954cace6beabaddc
    • Opcode Fuzzy Hash: 59c65316c1ab6c104c55dcceab9da6800eb461a5c4ca2fbdad97a96dc421bb1b
    • Instruction Fuzzy Hash: D9521170504B418FC735CF39C890766BBE2BF56314F288A6EC5E68BB92C735A906CB51
    Function 00CBB210 Relevance: 5.5, Strings: 4, Instructions: 464COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: H{D}$TgXy$_o]a$=>?
    • API String ID: 0-2004217480
    • Opcode ID: 653f9358cdb5e19fb2f681079eaffefe53ebfc3c7e6f4bf44c35b551e2896d6c
    • Instruction ID: a969868adb468cee216ba880bb2b00d0aa0fad9b9ccf52e93a8ee746e5bcf791
    • Opcode Fuzzy Hash: 653f9358cdb5e19fb2f681079eaffefe53ebfc3c7e6f4bf44c35b551e2896d6c
    • Instruction Fuzzy Hash: 061269B1110B01CFD3248F26D8957ABBBF5FB49314F148A1DD6AB8BAA0CB74A405CF41
    Function 00CD7E20 Relevance: 5.5, Strings: 4, Instructions: 461COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: =:;8$=:;8$a{$kp
    • API String ID: 0-2717198472
    • Opcode ID: 931cd233ab3ef1e846eaccef72d0eb9caf2254515e00c62c75d63f08c24d09d1
    • Instruction ID: 785929ac6d9885f30e94ea89ad7db5d78eb3ecab0dc6becaf72d22d1dae7b4cc
    • Opcode Fuzzy Hash: 931cd233ab3ef1e846eaccef72d0eb9caf2254515e00c62c75d63f08c24d09d1
    • Instruction Fuzzy Hash: 5BE1BBB5518341DFE320DF64D88176FBBE1FB85304F14892DE6998B2A1EB749909CB83
    Function 00CBAD00 Relevance: 5.4, Strings: 4, Instructions: 424COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: @A$lPLN$svfZ$IK
    • API String ID: 0-1806543684
    • Opcode ID: e7323e18667e14f450812d9dc03c321f5c824c035142b4597a94feb2b1aba82b
    • Instruction ID: d3d418bcb54d8a6290501a980fb89e69e2f7c86243bdea80a9ca3524ba4d9a9e
    • Opcode Fuzzy Hash: e7323e18667e14f450812d9dc03c321f5c824c035142b4597a94feb2b1aba82b
    • Instruction Fuzzy Hash: E2C1297164C3849FD324CE6994A13AFBBE2EBD2700F18C92CE4E54B345D7B58D099B82
    Function 00CB4040 Relevance: 4.2, Strings: 3, Instructions: 428COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: )$)$IEND
    • API String ID: 0-588110143
    • Opcode ID: 627258113f7bfeefa5d1505cbc8a6a4d56565198cc96d4da4431c30baae4d66e
    • Instruction ID: 3776a22b8f574be6d2a5193b4224981002df2c630aba9b308d1b6da162dbd6a7
    • Opcode Fuzzy Hash: 627258113f7bfeefa5d1505cbc8a6a4d56565198cc96d4da4431c30baae4d66e
    • Instruction Fuzzy Hash: 9DF1E0B1A087019BE318DF28D8517AABBE4FF94304F04462DF9A5973D2D774E914CB82
    Function 00CD5E90 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: @J$KP$VD
    • API String ID: 0-3841663987
    • Opcode ID: c09578a5eb5d3cc33107a5620079a360f5145b4d94150843df15156dd8318093
    • Instruction ID: 3449f2ec092fc366f644d12e05b9243779bab61b55e056e455a363169a5ef357
    • Opcode Fuzzy Hash: c09578a5eb5d3cc33107a5620079a360f5145b4d94150843df15156dd8318093
    • Instruction Fuzzy Hash: A5915276704B01AFE720CF68CC81BABBBB1FB81310F14462DE5959B781D374A816DB92
    Function 00CBC02B Relevance: 3.9, Strings: 3, Instructions: 166COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: PQ$A_$IG
    • API String ID: 0-2179527320
    • Opcode ID: b80cc1f78a97b1631bf9de0c87da50606f75708d77a10a718b19d73415ad3b45
    • Instruction ID: d09b83468f925b800d125f8c6707caaa17e1440417c1df9a89b9f50bf6aea7df
    • Opcode Fuzzy Hash: b80cc1f78a97b1631bf9de0c87da50606f75708d77a10a718b19d73415ad3b45
    • Instruction Fuzzy Hash: 02419AB400C341CAC7048F25D8927ABB7F0FF96758F249A0DE0D59B695E7348A46CB4A
    Function 00CEF8D0 Relevance: 3.3, Strings: 2, Instructions: 813COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: cC$jC
    • API String ID: 0-2055910567
    • Opcode ID: b49886c8b1d892723b167275282a2b28a969046d126e7ea5db6d5aaa1291a160
    • Instruction ID: d4eb60d6b9e5fd3e81888fed2200773c2cd7078e1732c85498cd6d136a0c4570
    • Opcode Fuzzy Hash: b49886c8b1d892723b167275282a2b28a969046d126e7ea5db6d5aaa1291a160
    • Instruction Fuzzy Hash: 5D42F372A04255CFCB08CF69D8917BEB7F2FB89310F1A857DC95AA7391C674A902CB41
    Function 00CEC040 Relevance: 3.1, Strings: 2, Instructions: 624COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID: f$
    • API String ID: 2994545307-508322865
    • Opcode ID: b857407b6ebc5f20df7d136dbbd1377769aea2dd0698989dbe84b79f35764e0c
    • Instruction ID: 74d27acc0a6bd09c50208e8d1639ee349bb915072354a24c539b68712dee58ff
    • Opcode Fuzzy Hash: b857407b6ebc5f20df7d136dbbd1377769aea2dd0698989dbe84b79f35764e0c
    • Instruction Fuzzy Hash: 9812E4716083819FD715CF2AC8D0B6FBBE6ABC5314F148A2CE5A5872A2D731DD42CB52
    Function 00CE24E0 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
    Download Yara Rule
    Strings
    • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00CE25D2
    • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00CE2591
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
    • API String ID: 0-2492670020
    • Opcode ID: 4094852eabda9ccd56a1ce8ad1bfa6096ae3faf578684f0cf2534abb839659f4
    • Instruction ID: ba31b312d80c06f5dc1986e0331819f9eb158f111dff40a257a44b6ee5887a5b
    • Opcode Fuzzy Hash: 4094852eabda9ccd56a1ce8ad1bfa6096ae3faf578684f0cf2534abb839659f4
    • Instruction Fuzzy Hash: 0F815B33A096D18BCB188E3E8C513BD7BAA5F97330B2D83A9E8B19B3D5C5248D058351
    Function 00CB5AC9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 0$8
    • API String ID: 0-46163386
    • Opcode ID: 4525f227ffaad21c2521d2fe3220cce1c6465349f824312f9ecb5e5cf1eb2e4c
    • Instruction ID: 0e9d9816f5b88bed3044d31b03526bb332687604fa5de8a25a8ca829fd01d912
    • Opcode Fuzzy Hash: 4525f227ffaad21c2521d2fe3220cce1c6465349f824312f9ecb5e5cf1eb2e4c
    • Instruction Fuzzy Hash: DCA10175608780DFD320CF28D840B9EBBE1AB99304F18895CEAD8973A2C775D959CF52
    Function 00CB542C Relevance: 2.7, Strings: 2, Instructions: 217COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 0$8
    • API String ID: 0-46163386
    • Opcode ID: 41fbaa10439091d67b3e1e160a129ae13d7834c64b47ce85765cf4a49f7479b8
    • Instruction ID: b8eef45e853e6aa8a0425be8042385b501a04b18b3019b1f47bc3922c0e1ce70
    • Opcode Fuzzy Hash: 41fbaa10439091d67b3e1e160a129ae13d7834c64b47ce85765cf4a49f7479b8
    • Instruction Fuzzy Hash: C6A11175608780DFD320CF28D84079EBBE1AB99304F18895CEAD897362C775E959CF52
    Function 00CBE970 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: efg`$efg`
    • API String ID: 0-3010568471
    • Opcode ID: 8038c7e583396ea82603e11b1419c763961c4defa0476602c3805ffd7566efde
    • Instruction ID: 4c109d6565a0ae521ee5e2c05c2ec7470de8b55ee7cc0eff437b5cae360178a9
    • Opcode Fuzzy Hash: 8038c7e583396ea82603e11b1419c763961c4defa0476602c3805ffd7566efde
    • Instruction Fuzzy Hash: 5C31A132A083608BD328DFA1D5917EFB792ABE4700F5A442CD98667255CE309E0AC7D7
    Function 00CD8CB0 Relevance: 1.7, Strings: 1, Instructions: 490COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: st@
    • API String ID: 0-3741395493
    • Opcode ID: c02ab4afe7054808bb4cf317c17957bfadbaf3929f8afebf5470bb2c0a3c9879
    • Instruction ID: da1e685b1c02b7fe7f99590c9f61ed0fe2beee5cb7c4d8c22aeedef6ab503977
    • Opcode Fuzzy Hash: c02ab4afe7054808bb4cf317c17957bfadbaf3929f8afebf5470bb2c0a3c9879
    • Instruction Fuzzy Hash: 16F124B550C3818FD3049F28D89136BBBE2EF96304F18886EE5D587382D775D90ACB92
    Function 00CD8770 Relevance: 1.7, Strings: 1, Instructions: 466COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID: =:;8
    • API String ID: 2994545307-508151936
    • Opcode ID: 61eb13e94b3d3b4a6754df62a8976efb05071a90b1637a278b080685f2faf161
    • Instruction ID: edd0bcc181c1924c9d3af78ab3721da0133b665628466e99efbe691be75f2e07
    • Opcode Fuzzy Hash: 61eb13e94b3d3b4a6754df62a8976efb05071a90b1637a278b080685f2faf161
    • Instruction Fuzzy Hash: 80D19C72A583118BD714CA28CC9237BB792EBC4304F19857FDAC64B381DE749D0AD392
    Function 00CC9530 Relevance: 1.7, Strings: 1, Instructions: 449COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: efg`
    • API String ID: 0-115929991
    • Opcode ID: 72bdcb27bcec3a419b61f51fe7261b8967396e7ac22ff2a2b57d0d210158cb13
    • Instruction ID: 1b5b8313edcab02e3cb2d7ac5e3ce013d4b127284e4e2785432417da8ae62d3b
    • Opcode Fuzzy Hash: 72bdcb27bcec3a419b61f51fe7261b8967396e7ac22ff2a2b57d0d210158cb13
    • Instruction Fuzzy Hash: 14C124B1900215CBCB24DF68DC92BBF77B4FF46310F18456CE956A7291E734AA01CBA2
    Function 00CF0F60 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID: _^]\
    • API String ID: 2994545307-3116432788
    • Opcode ID: 833b65e8d2d117163f71f02d3947b8ee437e491333b4fdba3c483aa6736660a8
    • Instruction ID: f5cba2f404dc3cafacd05596023f924d07ce735222cd201791e25f5a6d64206e
    • Opcode Fuzzy Hash: 833b65e8d2d117163f71f02d3947b8ee437e491333b4fdba3c483aa6736660a8
    • Instruction Fuzzy Hash: 4181BC35208346CBC718DF58D490A3EB3E2EF99710F19852CEA929B365DB31ED51CB82
    Function 00CB61A0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: ,
    • API String ID: 0-3772416878
    • Opcode ID: 8b04fab32ec0b8383da590e4bd15150657e1dcf751765b097a457d664c512576
    • Instruction ID: 4c18135e682ef025b399783ada42f1cadfd3085314dc5be78a37250c31591755
    • Opcode Fuzzy Hash: 8b04fab32ec0b8383da590e4bd15150657e1dcf751765b097a457d664c512576
    • Instruction Fuzzy Hash: D3B147712083819FD325CF58C89065BFBE0AFA9704F444E2DE5D997382D635EA18CBA7
    Function 00CEBCE0 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID: 5|iL
    • API String ID: 2994545307-1880071150
    • Opcode ID: c97e2e8c9bdc1f7a7d4ebfa3b0a9f2d3eab909246b2ee8ab9cdc675040d937e7
    • Instruction ID: 3277488e6ae4e66f17fd99cae04b3918fbce281da93eba71da9e6eeadb184e1e
    • Opcode Fuzzy Hash: c97e2e8c9bdc1f7a7d4ebfa3b0a9f2d3eab909246b2ee8ab9cdc675040d937e7
    • Instruction Fuzzy Hash: 93711636A043518BC7148F6A8C806BBB7A6EBC5320F19866CE9A59B265C771DD02CBC1
    Function 00CBE0D8 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID: efg`
    • API String ID: 2994545307-115929991
    • Opcode ID: d3a4721029b40ca6fe9b74fbe5be38620c2db53202ff4d739480bf91aad2758d
    • Instruction ID: ef5bbc16ee604f57ef75c2a71f2875c13b1a1e98456f836eeedcb444f5a0d252
    • Opcode Fuzzy Hash: d3a4721029b40ca6fe9b74fbe5be38620c2db53202ff4d739480bf91aad2758d
    • Instruction Fuzzy Hash: 4D5119B6A043905BD720EB649C827EF7397AFD1704F194428E94A67343DF306A06D797
    Function 00CBEA38 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID: D
    • API String ID: 0-2746444292
    • Opcode ID: 2377fa130e94e8406ddb6d9c95d9b122c75f22cc0cd5442caf6715b763960e1e
    • Instruction ID: 0ba455245f158f22ab1b84e0402f15a79e41a6230c46c5d197f4a87adb87f36a
    • Opcode Fuzzy Hash: 2377fa130e94e8406ddb6d9c95d9b122c75f22cc0cd5442caf6715b763960e1e
    • Instruction Fuzzy Hash: 3A510FB05493808BE7208F16C86179BBBF1FF91B44F20980CE6E91B294D7B59949CF87
    Function 00CB77D0 Relevance: .8, Instructions: 758COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a9e56e85d3793a0f4e761ff8f8362607d8bf849bd197acd1c0af18c6b7dbfe6d
    • Instruction ID: 5eb8dff597e1e5cb6647032eb1fac0fde866ec294a2dbff232cbf59453029991
    • Opcode Fuzzy Hash: a9e56e85d3793a0f4e761ff8f8362607d8bf849bd197acd1c0af18c6b7dbfe6d
    • Instruction Fuzzy Hash: 0842B03160C3118BC725DF28E8806ABB3E2FFD4314F298A2DDD9697285E735E955CB42
    Function 00CB6CC0 Relevance: .7, Instructions: 670COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 87077ba6d2d0475c05e70b774cf8b206c6ca067cc980fc4b81c01845bafe9802
    • Instruction ID: 23f279343b18339d14b2c67e869463af5263db90360a805539ddf2b0537ce515
    • Opcode Fuzzy Hash: 87077ba6d2d0475c05e70b774cf8b206c6ca067cc980fc4b81c01845bafe9802
    • Instruction Fuzzy Hash: 4D52B87090CB848FEB35CB24C4947E7BBE1EB91314F144A2ED9EB46B82C279E985C751
    Function 00CB4AC0 Relevance: .7, Instructions: 665COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: be2215c5b6e610e46ebdf7cc3882cb364c95c12844832332ae156e5012956aae
    • Instruction ID: 64cb7c333c8f413b1f45fe35f173b6c1c78b49d2e68719d339698b3809b513d7
    • Opcode Fuzzy Hash: be2215c5b6e610e46ebdf7cc3882cb364c95c12844832332ae156e5012956aae
    • Instruction Fuzzy Hash: CC426775608701DFD708CF28D8547AEBBE1BF88355F15892CEA898B2A1D375DA84CF42
    Function 00CB2B80 Relevance: .7, Instructions: 657COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c713861763f7de1c9171861cbf41b7712ac8369d1b7e10534bb9cf98851507a2
    • Instruction ID: dee1f4a5e5d5ca2637d3cf0172717d005ea801c24cbfd743d3ba47986aeb509a
    • Opcode Fuzzy Hash: c713861763f7de1c9171861cbf41b7712ac8369d1b7e10534bb9cf98851507a2
    • Instruction Fuzzy Hash: 2752C3315083858FCB15CF29C4906EEBBE1BF88314F198A6DE8A95B351D774EA49CB81
    Function 00CB3580 Relevance: .6, Instructions: 631COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0253092a049d0bd227e7d9d0d8bca94e80a516cc93ecf0b48d42c878ec5af8bd
    • Instruction ID: a364a76183d9120b004c78286dc434f3572194423e35a84defd59b6b9e466e07
    • Opcode Fuzzy Hash: 0253092a049d0bd227e7d9d0d8bca94e80a516cc93ecf0b48d42c878ec5af8bd
    • Instruction Fuzzy Hash: F8425771914B508FC328CF29C5905AABBF2BF85710B644A2ED6A787F90D736FA45CB10
    Function 00CB5C90 Relevance: .4, Instructions: 417COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2bc2aaee6a2bf8c89908747eb49029a1ddb5242c082c8c6e80028db4d1ac29b3
    • Instruction ID: 3177272591a924db158f83512cf867cef639eb08737f9e7f6de18743b41e0068
    • Opcode Fuzzy Hash: 2bc2aaee6a2bf8c89908747eb49029a1ddb5242c082c8c6e80028db4d1ac29b3
    • Instruction Fuzzy Hash: F9F17A712087418FC728DF29C881AABFBE6EF94300F44492DE4D687791E635E949CB96
    Function 00CB6840 Relevance: .3, Instructions: 320COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 86e445ca3b438742181d2dbf2e8c100afcf3d334dfe90873b41fa4f189d33e65
    • Instruction ID: 49667035f1709fc8d39ef1dfbb690791de051d284de711237b7f5e4283d99d3c
    • Opcode Fuzzy Hash: 86e445ca3b438742181d2dbf2e8c100afcf3d334dfe90873b41fa4f189d33e65
    • Instruction Fuzzy Hash: 8FC17CB2A083418FC364CF68C89679BB7E1BF85318F08492DD5EAC7341E778A545CB45
    Function 00CE87B0 Relevance: .3, Instructions: 303COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c2c1cd1c24942864f61038c670a18ec149961f2724bb5df823d71df188c2c547
    • Instruction ID: ebf30c988b3e2b247222ed6e12af507e8f80d329c04a78c019344d7d2ebf6152
    • Opcode Fuzzy Hash: c2c1cd1c24942864f61038c670a18ec149961f2724bb5df823d71df188c2c547
    • Instruction Fuzzy Hash: ECB13A72D087D18FDB11CA7DC8843597FA26B97220F1DC3D5D9A5AB3DAC635480AC3A2
    Function 00CF1580 Relevance: .3, Instructions: 293COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID:
    • API String ID: 2994545307-0
    • Opcode ID: 6ed118e5a77dce122bb0b0c7ac0ddef196341c4a99a603aa323fa3b7a247f5dc
    • Instruction ID: 8b7f0a1cda1490d61b5ccd496da41c88fa452a3c0bab83e71221bd41a76c8435
    • Opcode Fuzzy Hash: 6ed118e5a77dce122bb0b0c7ac0ddef196341c4a99a603aa323fa3b7a247f5dc
    • Instruction Fuzzy Hash: 9781E072618349CFD718DE68D850B3BB7E2EB88310F09883CEA96D7291E675DD45C782
    Function 00CEC780 Relevance: .3, Instructions: 283COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0bc4211ff3559cfbc8cdfa33303a04b21ffa8fe43044cf814f80c683d3ac2f88
    • Instruction ID: 2eef70ba31898f0899d2c8fa979512ac5412d5c5fb0dae687e0d4a1908c3b51a
    • Opcode Fuzzy Hash: 0bc4211ff3559cfbc8cdfa33303a04b21ffa8fe43044cf814f80c683d3ac2f88
    • Instruction Fuzzy Hash: 98A1F07160C3958FC325CF2AC4D062ABBE1AFD6314F19867DE8E58B392D6349C42DB52
    Function 00CCFB60 Relevance: .3, Instructions: 281COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6c47d16c7d378559025f40638a6f90930b769156416e9ac1c7d8ec9a6c8f2c7e
    • Instruction ID: f425126bd6685271ec8fdad82457900c9734b501c08ed3f3ead7bdef097f19b4
    • Opcode Fuzzy Hash: 6c47d16c7d378559025f40638a6f90930b769156416e9ac1c7d8ec9a6c8f2c7e
    • Instruction Fuzzy Hash: 01912B32A042614FC726CE28C85076ABAD2AB95324F19C27DE8B99B392D775CD47D3C1
    Function 00CF0C80 Relevance: .3, Instructions: 269COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID:
    • API String ID: 2994545307-0
    • Opcode ID: f5e665ec8d5ce7dda5a91868b30095f468c4e2b76004e2535c6fe046e0c8f254
    • Instruction ID: 1165e555de8436d1b7e0969250ea6e33cb3997267fa9176093ca777d5eb721f9
    • Opcode Fuzzy Hash: f5e665ec8d5ce7dda5a91868b30095f468c4e2b76004e2535c6fe046e0c8f254
    • Instruction Fuzzy Hash: 5A7115356083499BC7249B58D85073FB7E2FFD4B10F25892CE6968B266DB309D51C743
    Function 00CE41D0 Relevance: .2, Instructions: 244COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f70b9f60f90b1f353b0c60180b0437cc54205e933d2b634fe6853cf2c2805366
    • Instruction ID: a40448d29dbd3b5ffc954c9a871374d74859500768ef20a7c7906c2e0dd65415
    • Opcode Fuzzy Hash: f70b9f60f90b1f353b0c60180b0437cc54205e933d2b634fe6853cf2c2805366
    • Instruction Fuzzy Hash: A9714773B599E1478B1C897E4C123B9AA874BD633072EC37AED75DB3E1CA298D014281
    Function 00CEB8E0 Relevance: .2, Instructions: 217COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID: InitializeThunk
    • String ID:
    • API String ID: 2994545307-0
    • Opcode ID: f19232df1342be0dbef954f29c4e00f149811527a0a6544f44d7c307de10a56b
    • Instruction ID: 6c9d839481f7a6d168eaca669ede625b8aa47f2afecc88fe36e1f72d8e0feaa6
    • Opcode Fuzzy Hash: f19232df1342be0dbef954f29c4e00f149811527a0a6544f44d7c307de10a56b
    • Instruction Fuzzy Hash: 56515972A083918BD7209F2A984073BF7A2EBD5720F29C63CD9E527355D7319C02C781
    Function 00CD0650 Relevance: .2, Instructions: 194COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7ed8f67092e89eb2cb90eb16dd4f5cbf88de72be6dd4522690a4b1a00d021746
    • Instruction ID: a77ac1c143fef09c7050ced5da3342e92a427c03515d07b0b85af4af820197f8
    • Opcode Fuzzy Hash: 7ed8f67092e89eb2cb90eb16dd4f5cbf88de72be6dd4522690a4b1a00d021746
    • Instruction Fuzzy Hash: 8E511537A1AAD04BC724897D4C513B96A531BE6330F3F436BDEB48B3E1C9668D069391
    Function 00CD1790 Relevance: .2, Instructions: 165COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7d71a2ab21a209fe4fa0d21d3c69897773f54ae1daf79b92753de11f8130901c
    • Instruction ID: 87f0583f4e560cdfa1184ddd6d47c286d4f5113a099fc46673fb098a136ed6a2
    • Opcode Fuzzy Hash: 7d71a2ab21a209fe4fa0d21d3c69897773f54ae1daf79b92753de11f8130901c
    • Instruction Fuzzy Hash: 77411A31A19344AFD3549FA8AC82B6F77E8EB86314F04443DFA45C3291D634D805C753
    Function 00CB27D0 Relevance: .1, Instructions: 76COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3b68c0be7b154fe79e2177f25ab66589bfcfdeaf826efb6b91ee2637d79c3b9f
    • Instruction ID: 92b459b4b15a51806aa3f0e86bbf6d3a1d2e4e3a741fb81b88388efdf5fc950d
    • Opcode Fuzzy Hash: 3b68c0be7b154fe79e2177f25ab66589bfcfdeaf826efb6b91ee2637d79c3b9f
    • Instruction Fuzzy Hash: A511E737B2666147E750CE7ADCD47ABA352EFC9310B1A0134EE51D7282CA23E901D151
    Function 00CBBC9D Relevance: .0, Instructions: 31COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7f209bcb63f892bf3070a128ed04b5786f363b78e6d2eedd94f4afc9b9da2a18
    • Instruction ID: c290ffc82c2d118ee43dd6c3a1684d12175f29adf5e04924efc261210c99ffff
    • Opcode Fuzzy Hash: 7f209bcb63f892bf3070a128ed04b5786f363b78e6d2eedd94f4afc9b9da2a18
    • Instruction Fuzzy Hash: B3F0A7716183815BD7188B24D89577FBBB1EB87614F10551CE3C2D3292DB61DC06CB0A
    Function 00CEB860 Relevance: .0, Instructions: 13COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2477820186.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true
    • Associated: 00000000.00000002.2477758961.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2477935690.0000000000CF2000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478001411.0000000000CF5000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2478065929.0000000000D07000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_cb0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 03dd6b0bb1a37c61295684181ce547ed2896c248a43bfb0371c0d6901a280340
    • Instruction ID: f6adda30584dcaa771a544a9904754bed5cca7a00dec7d234f603032f8937696
    • Opcode Fuzzy Hash: 03dd6b0bb1a37c61295684181ce547ed2896c248a43bfb0371c0d6901a280340
    • Instruction Fuzzy Hash: FDB09250A042087F04249D0A8C45F7BB6BED2CB694F106008A408A32548660EC0486FA