Edit tour

Windows Analysis Report
transferencia_BBVA_97866456345354678976543425678.exe

Overview

General Information

Sample name:	transferencia_BBVA_97866456345354678976543425678.exe
Analysis ID:	1428355
MD5:	0193a0a5847efd51f91bc7b2d4fe8a78
SHA1:	a328221484cc2d9d153d4bed7f1278b7d8bf37cf
SHA256:	274013bc54c33bfd77473b8a92016b247b6832a1d26a9f412596cc9189775efe
Tags:	AgentTeslaBBVAexe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

Binary is likely a compiled AutoIt script file

Check if machine is in data center or colocation facility

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to log keystrokes (.Net Source)

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected Generic Downloader

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

May check the online IP address of the machine

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

transferencia_BBVA_97866456345354678976543425678.exe (PID: 7076 cmdline: "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe" MD5: 0193A0A5847EFD51F91BC7B2D4FE8A78)

RegSvcs.exe (PID: 7060 cmdline: "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.elquijotebanquetes.com", "Username": "urchman@elquijotebanquetes.com", "Password": "-GN,s*KH{VEhPmo)+f"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x3455f:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x345d1:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3465b:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x346ed:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x34757:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x347c9:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3485f:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x348ef:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x31697:$s2: GetPrivateProfileString 0x30d0c:$s3: get_OSFullName 0x323df:$s5: remove_Key 0x32567:$s5: remove_Key 0x33504:$s6: FtpWebRequest 0x34541:$s7: logins 0x34ab3:$s7: logins 0x377b8:$s7: logins 0x37876:$s7: logins 0x391c9:$s7: logins 0x38410:$s9: 1.85 (Hash, version 2, native byte-order)
00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.2620538680.0000000002755000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: RegSvcs.exe PID: 7060	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegSvcs.exe PID: 7060	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x3455f:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x345d1:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3465b:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x346ed:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x34757:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x347c9:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3485f:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x348ef:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
4.2.RegSvcs.exe.400000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x31697:$s2: GetPrivateProfileString 0x30d0c:$s3: get_OSFullName 0x323df:$s5: remove_Key 0x32567:$s5: remove_Key 0x33504:$s6: FtpWebRequest 0x34541:$s7: logins 0x34ab3:$s7: logins 0x377b8:$s7: logins 0x37876:$s7: logins 0x391c9:$s7: logins 0x38410:$s9: 1.85 (Hash, version 2, native byte-order)
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x3275f:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x327d1:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3285b:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x328ed:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x32957:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x329c9:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x32a5f:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x32aef:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x2f897:$s2: GetPrivateProfileString 0x2ef0c:$s3: get_OSFullName 0x305df:$s5: remove_Key 0x30767:$s5: remove_Key 0x31704:$s6: FtpWebRequest 0x32741:$s7: logins 0x32cb3:$s7: logins 0x359b8:$s7: logins 0x35a76:$s7: logins 0x373c9:$s7: logins 0x36610:$s9: 1.85 (Hash, version 2, native byte-order)
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x3455f:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x345d1:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3465b:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x346ed:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x34757:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x347c9:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3485f:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x348ef:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x31697:$s2: GetPrivateProfileString 0x30d0c:$s3: get_OSFullName 0x323df:$s5: remove_Key 0x32567:$s5: remove_Key 0x33504:$s6: FtpWebRequest 0x34541:$s7: logins 0x34ab3:$s7: logins 0x377b8:$s7: logins 0x37876:$s7: logins 0x391c9:$s7: logins 0x38410:$s9: 1.85 (Hash, version 2, native byte-order)
Click to see the 9 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 4.2.RegSvcs.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.elquijotebanquetes.com", "Username": "urchman@elquijotebanquetes.com", "Password": "-GN,s*KH{VEhPmo)+f"}

Multi AV Scanner detection for submitted file

Source: transferencia_BBVA_97866456345354678976543425678.exe

ReversingLabs: Detection: 28%

Machine Learning detection for sample

Source: transferencia_BBVA_97866456345354678976543425678.exe

Joe Sandbox ML: detected

Source: transferencia_BBVA_97866456345354678976543425678.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: wntdll.pdbUGP source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388351967.0000000003750000.00000004.00001000.00020000.00000000.sdmp, transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388549175.00000000038F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388351967.0000000003750000.00000004.00001000.00020000.00000000.sdmp, transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388549175.00000000038F0000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C4696 GetFileAttributesW,FindFirstFileW,FindClose,	2_2_003C4696
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CC93C FindFirstFileW,FindClose,	2_2_003CC93C
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	2_2_003CC9C7
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_003CF200
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_003CF35D
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_003CF65E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_003C3A2B
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_003C3D4E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_003CBF27

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 208.95.112.1 208.95.112.1

Source: unknown

DNS query: name: ip-api.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003D25E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

2_2_003D25E2

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: ip-api.com

Source: RegSvcs.exe, 00000004.00000002.2620538680.0000000002721000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.0000000002802000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.00000000027E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.0000000002721000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.00000000027E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: RegSvcs.exe, 00000004.00000002.2620538680.0000000002721000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.00000000027E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, umlRMRbjNqD.cs

.Net Code: HekSQQsMT

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003D425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

2_2_003D425A

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003D4458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

2_2_003D4458

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

2_2_003D425A

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003C0219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

2_2_003C0219

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003ECDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

2_2_003ECDAC

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: This is a third-party compiled AutoIt script.	2_2_00363B4C
Source: transferencia_BBVA_97866456345354678976543425678.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_a74ab0b5-c
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_729336cf-0
Source: transferencia_BBVA_97866456345354678976543425678.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_8041ce29-a
Source: transferencia_BBVA_97866456345354678976543425678.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_cdb235da-7

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003C4021: CreateFileW,DeviceIoControl,CloseHandle,

2_2_003C4021

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003B8858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

2_2_003B8858

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003C545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

2_2_003C545F

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0036E800	2_2_0036E800
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038DBB5	2_2_0038DBB5
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0036E060	2_2_0036E060
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003E804A	2_2_003E804A
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00374140	2_2_00374140
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00382405	2_2_00382405
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00396522	2_2_00396522
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0039267E	2_2_0039267E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003E0665	2_2_003E0665
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038283A	2_2_0038283A
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00376843	2_2_00376843
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003989DF	2_2_003989DF
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00378A0E	2_2_00378A0E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00396A94	2_2_00396A94
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003E0AE2	2_2_003E0AE2
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C8B13	2_2_003C8B13
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003BEB07	2_2_003BEB07
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038CD61	2_2_0038CD61
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00397006	2_2_00397006
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0037710E	2_2_0037710E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00373190	2_2_00373190
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00361287	2_2_00361287
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003833C7	2_2_003833C7
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038F419	2_2_0038F419
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00375680	2_2_00375680
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003816C4	2_2_003816C4
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003878D3	2_2_003878D3
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003758C0	2_2_003758C0
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00381BB8	2_2_00381BB8
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00399D05	2_2_00399D05
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0036FE40	2_2_0036FE40
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038BFE6	2_2_0038BFE6
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00381FD0	2_2_00381FD0
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00DC3660	2_2_00DC3660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CE4A88	4_2_00CE4A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CECB08	4_2_00CECB08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CE3E70	4_2_00CE3E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CEDFAB	4_2_00CEDFAB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CE41B8	4_2_00CE41B8

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: String function: 00388B40 appears 42 times
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: String function: 00380D27 appears 70 times
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: String function: 00367F41 appears 35 times

Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1392399137.0000000003873000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs transferencia_BBVA_97866456345354678976543425678.exe
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename07823960-0dbd-43bb-aade-b6626acc7f4a.exe0 vs transferencia_BBVA_97866456345354678976543425678.exe
Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388549175.0000000003A1D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs transferencia_BBVA_97866456345354678976543425678.exe

Source: transferencia_BBVA_97866456345354678976543425678.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload

Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, v9Lsz.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, VFo.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, 5FJ0H20tobu.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, NtdoTGO.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, XBsYgp.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, AwxUa2Na.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, 19C9FfZ.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, 19C9FfZ.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, soCD8XkwU.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, soCD8XkwU.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/4@1/1

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003CA2D5 GetLastError,FormatMessageW,

2_2_003CA2D5

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003B8713 AdjustTokenPrivileges,CloseHandle,		2_2_003B8713
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003B8CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		2_2_003B8CC3

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003CB59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

2_2_003CB59E

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003DF121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

2_2_003DF121

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003CC602 CoInitialize,CoCreateInstance,CoUninitialize,

2_2_003CC602

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00364FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

2_2_00364FE9

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

File created: C:\Users\user\AppData\Local\Temp\autB4C4.tmp

Jump to behavior

Source: transferencia_BBVA_97866456345354678976543425678.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RegSvcs.exe, 00000004.00000002.2620538680.000000000282A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.0000000002817000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: transferencia_BBVA_97866456345354678976543425678.exe

ReversingLabs: Detection: 28%

Source: unknown	Process created: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"	Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: transferencia_BBVA_97866456345354678976543425678.exe

Static file information: File size 1072128 > 1048576

Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: transferencia_BBVA_97866456345354678976543425678.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388351967.0000000003750000.00000004.00001000.00020000.00000000.sdmp, transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388549175.00000000038F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388351967.0000000003750000.00000004.00001000.00020000.00000000.sdmp, transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000003.1388549175.00000000038F0000.00000004.00001000.00020000.00000000.sdmp

Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: transferencia_BBVA_97866456345354678976543425678.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003DC304 LoadLibraryA,GetProcAddress,

2_2_003DC304

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00388B85 push ecx; ret		2_2_00388B98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00CEC7A0 push esp; retf		4_2_00CECB05

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00364A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		2_2_00364A35
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003E55FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		2_2_003E55FD

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003833C7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

2_2_003833C7

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076, type: MEMORYSTR

Check if machine is in data center or colocation facility

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_2-99173

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

API coverage: 4.9 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C4696 GetFileAttributesW,FindFirstFileW,FindClose,	2_2_003C4696
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CC93C FindFirstFileW,FindClose,	2_2_003CC93C
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	2_2_003CC9C7
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_003CF200
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_003CF35D
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_003CF65E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_003C3A2B
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003C3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_003C3D4E
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003CBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_003CBF27

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00364AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

2_2_00364AFE

Source: RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	Binary or memory string: vmware
Source: RegSvcs.exe, 00000004.00000002.2622489153.0000000005ADD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
Source: RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	Binary or memory string: VMwareVBox

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

API call chain: ExitProcess graph end node

graph_2-97792

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 4_2_00CE7078 CheckRemoteDebuggerPresent,

4_2_00CE7078

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003D41FD BlockInput,

2_2_003D41FD

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00363B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

2_2_00363B4C

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00395CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

2_2_00395CCC

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003DC304 LoadLibraryA,GetProcAddress,

2_2_003DC304

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00DC34F0 mov eax, dword ptr fs:[00000030h]	2_2_00DC34F0
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00DC3550 mov eax, dword ptr fs:[00000030h]	2_2_00DC3550
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_00DC1ED0 mov eax, dword ptr fs:[00000030h]	2_2_00DC1ED0

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003B81F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

2_2_003B81F7

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038A364 SetUnhandledExceptionFilter,		2_2_0038A364
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_0038A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		2_2_0038A395

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 60F008

Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003B8C93 LogonUserW,

2_2_003B8C93

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00363B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

2_2_00363B4C

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00364A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,

2_2_00364A35

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003C4EF5 mouse_event,

2_2_003C4EF5

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"

Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

2_2_003B81F7

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003C4C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

2_2_003C4C03

Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_0038886B cpuid

2_2_0038886B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003950D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

2_2_003950D7

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_003A2230 GetUserNameW,

2_2_003A2230

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_0039418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

2_2_0039418A

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe

Code function: 2_2_00364AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

2_2_00364AFE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7060, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_81
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_XP
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_XPe
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_VISTA
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_7
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: WIN_8
Source: transferencia_BBVA_97866456345354678976543425678.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2620538680.0000000002755000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7060, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.transferencia_BBVA_97866456345354678976543425678.exe.dd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transferencia_BBVA_97866456345354678976543425678.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7060, type: MEMORYSTR

Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003D6596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,		2_2_003D6596
Source: C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe	Code function: 2_2_003D6A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		2_2_003D6A5A

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Native API	2 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	121 Input Capture	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	38 System Information Discovery	Distributed Component Object Model	121 Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	212 Process Injection	2 Valid Accounts	LSA Secrets	451 Security Software Discovery	SSH	3 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	212 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
transferencia_BBVA_97866456345354678976543425678.exe	29%	ReversingLabs	Win32.Trojan.Strab
transferencia_BBVA_97866456345354678976543425678.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ip-api.com	208.95.112.1	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ip-api.com/line/?fields=hosting	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://account.dyn.com/	transferencia_BBVA_97866456345354678976543425678.exe, 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegSvcs.exe, 00000004.00000002.2620538680.0000000002721000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.00000000027E8000.00000004.00000800.00020000.00000000.sdmp	false	high
http://ip-api.com	RegSvcs.exe, 00000004.00000002.2620538680.0000000002721000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.0000000002802000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2620538680.00000000027E8000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States		53334	TUT-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428355
Start date and time:	2024-04-18 21:16:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	transferencia_BBVA_97866456345354678976543425678.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/4@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 60 Number of non-executed functions: 275
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: transferencia_BBVA_97866456345354678976543425678.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
208.95.112.1	order & specification.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	ip-api.com/line/?fields=hosting
	CTM REQUEST BIRTHSHIP.doc	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	SHIPPING DOCUMENTS_PDF..vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	ip-api.com/line/?fields=hosting
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse	ip-api.com/json/?fields=query,status,countryCode,city,timezone
	Cheat Lab 2.7.2.msi	Get hash	malicious	Unknown	Browse	ip-api.com/json/?fields=query,status,countryCode,city,timezone
	xmrhZ7VhlJjD.exe	Get hash	malicious	Quasar	Browse	ip-api.com/json/
	TransactionSummary_910020049836765_110424045239.xlsx	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	rks18.doc	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	PRODUCT LIST_002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	PayFmc6FL4.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ip-api.com	order & specification.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	CTM REQUEST BIRTHSHIP.doc	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	SHIPPING DOCUMENTS_PDF..vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	Cheat Lab 2.7.2.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	xmrhZ7VhlJjD.exe	Get hash	malicious	Quasar	Browse	208.95.112.1
	TransactionSummary_910020049836765_110424045239.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rks18.doc	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PRODUCT LIST_002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PayFmc6FL4.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TUT-ASUS	order & specification.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	CTM REQUEST BIRTHSHIP.doc	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	SHIPPING DOCUMENTS_PDF..vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	Cheat Lab 2.7.2.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	xmrhZ7VhlJjD.exe	Get hash	malicious	Quasar	Browse	208.95.112.1
	TransactionSummary_910020049836765_110424045239.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rks18.doc	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PRODUCT LIST_002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PayFmc6FL4.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1

Process:	C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe
File Type:	data
Category:	dropped
Size (bytes):	151180
Entropy (8bit):	7.877793137635806
Encrypted:	false
SSDEEP:	3072:IA9EkQWdaqoW2O+ChW5eqS+i7RMUIPcqhUt3RHk8Kkm1molF:IAEkdIq327ZgJ+6RDIJethk8KkmkiF
MD5:	4173943F3CEBE846AC4D27C097988090
SHA1:	4A580B6516C2D80027366C63C3685C6E66601419
SHA-256:	A9B8AEEEDEBB4509130A6EC8A1B95556B06AAC285158F73F37F65042555D67FB
SHA-512:	2C8CF2F423D79FEA7A60525A52EB25632A00E55AA4C8EAA89B38DF8C91FE1E17B56E14AC6D2E2C67248D8CCA62D1CC163A5690395377DD1E64E331D7D713C597
Malicious:	false
Reputation:	low
Preview:	EA06.......5z...R..&.->.7..kT..f.W......B.O........\|]..B.].W)xI.~...^...t.g...2.\|.U]..g2..b...K.R.$..+.\...%.k ..s........oR.S.S.,c./.d.a5.......Y.V. ....&.........^.b..&Sz.p.35...D&u.4.S...G.S.VT....A..d ....dv... ....R..@<>y.J......}.....S.+.F...(.n.?.K...?..h.....k3.P.o...B.).N@.....P........Y.(.#....7C.....^..i..K..Q.]@->>F~..AD......R..f...7......F......f........%$..f4\..[W.Tw...K.H.Aj..&.QV.m..i.O...."TJ..'Y..,~......f.S...aH..9...^."...$..@.pe...[.d.H.p..RK....~i\|.u_.[.w....d......vY...4.].ns6.^fS)..]..L....{.3.R.(......a6.I..5m.L..Ku.S..t...........X.A>.($ .... ..n...Bh.(K@..............P....`.B..(..=.%z....'s.. .b.t{.......wV^...d..e..'....~...b.......\|2;p.v..t.;..D$uKE..U..j.)..I.Y+..n.9s..&uz.".4....&..v.Y99k......=..5/.6.\|..K........1tj.>.....T...t.k..R..y...'.I...,.W ..j...z....f.9..T...J....h..].a=.v..y..k...5...(.HS.5...6..n3xmf.S..)R.$.oX..j3y...S.VkuZ..j..&2..>.1.T....>.(......B.2..(...._Q..@..T..D.S....n!b.Vj5...V...:..g_6...S....S.R

C:\Users\user\AppData\Local\Temp\autB523.tmp

Download File

Process:	C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe
File Type:	data
Category:	dropped
Size (bytes):	9896
Entropy (8bit):	7.599016178653474
Encrypted:	false
SSDEEP:	192:mS5jnkklrTefgLyCKomzBVNuVROF9cfsSEyoJX6DPQGMhoDMjZQOM:VnI0lHmrNiWeC6M3RXM
MD5:	B51848AFC88D5C3EE5ED82485608CDED
SHA1:	A702DCABD9EA7F4D132E6A6D14C772B10E4B0D5D
SHA-256:	9E7810A6EBC2D83BDF154D2BB13A7D9CFD65E3B5697E0937F7ED3D6FF42360E7
SHA-512:	E55D34CBC7D3A4BCA1A4279C8A769A634392BB5170E29C8DE1A4D7449B4E02D4E10FEBB0CB96BBA95CF99BBC1952E584DBB0D4258A3567837AD493471840A7BE
Malicious:	false
Reputation:	low
Preview:	EA06..p.P.tY..kD.L'....8.M.t..o7.Q'.)..aC.P......0.Mf.....8..lv;..e0..&.i...8.X.....m6.Nf.Y...9.M@..d.!,3y.........e.6., ..%..a.X....-.q3...zs0.Nf`.].Y'3+..d....s4.l&..........\|....sa...`.........Y&.K0.....-vs5.M..2...N&.I...@.>..........$.0...fx. ..$l...I...#..$6...... ..... .Z...a.5..&.).....L.j.;$....M.j.;$....X@j.;%....Y@j.;,.....j.e.\|f #^...j......l.....l.5....>0..Xf....M.^.8.N@.=7.z...#.$...`!..H&.>_L.p..............@\|..6..(....ka..&...Xf@0........\|.=..g...........`.A..b.......P.O.id...\|.)....4....\.M.4.;...K..4\|. F...e.f..s....id..p.....4....s`./.....X. ..%..K.;-.o8...k ..4..`w..qd..f`....l.....V0...lS..m4.Y.......>.5...S...f&.+..Af....<..f....gl`....g.d..#4.x..#1.X...cV....0..BV0.NL@.;1.X..e1.Y,S[(.#6.,.d.....f.I......B3p....;2.X.se.Y..@.Fn.....f`...J&.9.......!93.X...c6).$.6.....h`...@.....3f.Lg3I..h....l.Z.,.....[%.ec...`....,vj...%.sb.X.,...p.....f.....g ...!8.....c.`!......3d...l.2.,...g.K..i0...B.....@.....j.0..B...Fl.....f....X.I..P...@

C:\Users\user\AppData\Local\Temp\reindulging

Download File

Process:	C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe
File Type:	ASCII text, with very long lines (28714), with no line terminators
Category:	dropped
Size (bytes):	28714
Entropy (8bit):	3.597122621537355
Encrypted:	false
SSDEEP:	768:DiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNboE+I026c024vfF3if6X:DiTZ+2QoioGRk6ZklputwjpjBkCiw2RA
MD5:	8ABC6180C70B0DE02598969DE6AA7F79
SHA1:	5E8E8F220423CA168C032D122E70314E97C828C3
SHA-256:	A939E39421D51C23333E1F23423703406F65334A7A1A4BF89FB86BC536B45CB8
SHA-512:	48912B4A7398929E3E2D9FC098B92E8C913288674C7304654EAE285CCB1BE4B230B7070455C40A2D79A3FDCDB618156B028013185AF15FD6F8A714A0A4050B48
Malicious:	false
Reputation:	low
Preview:	8BCE895DD08975C8663BC2772D8B5F0C8BD08BFE0x558bec81eccc0200005657b86b00000066894584b96500000066894d86ba7200000066895588b86e0000006689458ab96500000066894d8cba6c0000006689558eb83300000066894590b93200000066894d92ba2e00000066895594b86400000066894596b96c00000066894d98ba6c0000006689559a33c06689459cb96e00000066898d44ffffffba7400000066899546ffffffb86400000066898548ffffffb96c00000066898d4affffffba6c0000006689954cffffffb82e0000006689854effffffb96400000066898d50ffffffba6c00000066899552ffffffb86c00000066898554ffffff33c966898d56ffffffba75000000668955d0b873000000668945d2b96500000066894dd4ba72000000668955d6b833000000668945d8b93200000066894ddaba2e000000668955dcb864000000668945deb96c00000066894de0ba6c000000668955e233c0668945e4b96100000066898d68ffffffba640000006689956affffffb8760000006689856cffffffb96100000066898d6effffffba7000000066899570ffffffb86900000066898572ffffffb93300000066898d74ffffffba3200000066899576ffffffb82e00000066898578ffffffb96400000066898d7affffffba6c0000006689957cffffffb86c0000006689857e

C:\Users\user\AppData\Local\Temp\wainage

Download File

Process:	C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe
File Type:	data
Category:	dropped
Size (bytes):	244736
Entropy (8bit):	6.6975893110938
Encrypted:	false
SSDEEP:	6144:IvfLMoaylMk/KxQaJTcXNCARtlURhLel68cJ:Ivfo/yKAA6taD
MD5:	FC0B9AE2F821A9DA786A059FAB0576B8
SHA1:	C84E8A98F873A400381032F45088A19E3E14BB11
SHA-256:	E6603DB856FE83B377771B3D95FE59732B3AF6CDE355CDB28E2F158A95DC4C31
SHA-512:	A9F84CB82991D89406D2081E2A745EA49D9E453356D12DDD7C00F024F8496EA06D878E0D78BD6C18D3E527E70DB6EFD139FE8B6FADB98F2383EA4635502AC8E4
Malicious:	false
Reputation:	low
Preview:	...WPBHRO07R..Q7.1ZJZYQW.BHRK07RXOQ751ZJZYQWSBHRK07RXOQ751ZJ.YQW]].\K.>.y.P{..."3q'!-/ ].19!?XA.8/z+$9s+&r..dr5 5R.<W@~YQWSBHR.u7R.NR7.../ZYQWSBHR.05SSNZ75.YJZQQWSBHR..4RXoQ75.YJZY.WSbHRK27R\OQ751ZJ^YQWSBHRK.3RXMQ751ZJXY..SBXRK 7RXOA75!ZJZYQWCBHRK07RXOQ7U.YJ.YQWS.KR.57RXOQ751ZJZYQWSBHRK03RTOQ751ZJZYQWSBHRK07RXOQ751ZJZYQWSBHRK07RXOQ751ZJZYQWSbHRC07RXOQ751ZJRyQW.BHRK07RXOQ7.E?2.YQW..KRK.7RX.R753ZJZYQWSBHRK07RxOQW.C)89YQW.GHRK.4RXIQ75.YJZYQWSBHRK07R.OQw.C?&5:QW_BHRK03RXMQ75.YJZYQWSBHRK07R.OQu51ZJZYQWSBHRK07R.R751ZJ.YQWQBMR..5RTxP761ZJ[YQQSBHRK07RXOQ751ZJZYQWSBHRK07RXOQ751ZJZYQWSBHRK07RE.....t.$o]1E.t.W.Q..B..H..U.D.(V..v:.....D\..Y.Xc..B...:.?0H[....k"C#EXd%w@0.(....dp#...T%.M.../.._\n.p...dk...{],...E..96<y228>..d3>.#^.3.KZYQW......17.m.2UTnK)....."O....K1ZJ>YQW!BHR*07R.OQ7Z1ZJ4YQW-BHR507R.OQ7u1ZJmYQWvBHR&07R\|OQ7K1ZJ.$^X..;8..RXOQ7...z.4.....e...d)./lW....=....M..?_./..p..T.2..D.#Th~oUYIU276^IVd_....sI43WZHU49.T....v.d.r...)...fK.6ZYQWSB.RK.7RX..7.1ZJ.Y.W..HRK..R.O.7...J

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.990093751601959
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	transferencia_BBVA_97866456345354678976543425678.exe
File size:	1'072'128 bytes
MD5:	0193a0a5847efd51f91bc7b2d4fe8a78
SHA1:	a328221484cc2d9d153d4bed7f1278b7d8bf37cf
SHA256:	274013bc54c33bfd77473b8a92016b247b6832a1d26a9f412596cc9189775efe
SHA512:	06a1467e49ed319f16aa8b0e7469c15d335305016fbc5ba81676625a5add7fe4f62ee563e26c7af7af099d3c4ff6206a8622fd39fc8344a99c144c00b43f6876
SSDEEP:	24576:dAHnh+eWsN3skA4RV1Hom2KXMmHazaV/F9MaT69H5:8h+ZkldoPK8YazA9MaC
TLSH:	0135AD0273D1C036FFABA2739B6AF60156BD79254133852F13981DB9BC701B2267E663
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x42800a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6621455E [Thu Apr 18 16:07:58 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	afcdf79be1557326c854b6e20cb900a7

Entrypoint Preview

Instruction
call 00007FAE0CB2B11Dh
jmp 00007FAE0CB1DED4h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007FAE0CB1E05Ah
cmp edi, eax
jc 00007FAE0CB1E3BEh
bt dword ptr [004C41FCh], 01h
jnc 00007FAE0CB1E059h
rep movsb
jmp 00007FAE0CB1E36Ch
cmp ecx, 00000080h
jc 00007FAE0CB1E224h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007FAE0CB1E060h
bt dword ptr [004BF324h], 01h
jc 00007FAE0CB1E530h
bt dword ptr [004C41FCh], 00000000h
jnc 00007FAE0CB1E1FDh
test edi, 00000003h
jne 00007FAE0CB1E20Eh
test esi, 00000003h
jne 00007FAE0CB1E1EDh
bt edi, 02h
jnc 00007FAE0CB1E05Fh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007FAE0CB1E063h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007FAE0CB1E0B5h
bt esi, 03h

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2013 UPD5 build 40629
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xbc0cc	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc8000	0x3b4e4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x104000	0x7134	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92bc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xa4b50	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8f000	0x884	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8dfdd	0x8e000	310e36668512d53489c005622bb1b4a9	False	0.5735602580325704	data	6.675248351711057	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8f000	0x2fd8e	0x2fe00	748cf1ab2605ce1fd72d53d912abb68f	False	0.32828818537859006	data	5.763244005758284	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xbf000	0x8f74	0x5200	aae9601d920f07080bdfadf43dfeff12	False	0.1017530487804878	data	1.1963819235530628	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc8000	0x3b4e4	0x3b600	0cfd461273595000e3faad3fbccf0864	False	0.8890172697368421	data	7.8006525697555125	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x104000	0x7134	0x7200	f04128ad0f87f42830e4a6cdbc38c719	False	0.7617530153508771	data	6.783955557128661	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc85a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc86d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc87f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc8920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xc8c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xc8d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xc9bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xca480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xca9e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xccf90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xce038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xce4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xce4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xcea84	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xcf110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xcf5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xcfb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xd01f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xd0660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xd07b8	0x327ac	data			1.0003433866630556
RT_GROUP_ICON	0x102f64	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0x102fdc	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0x102ff0	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0x103004	0x14	data	English	Great Britain	1.25
RT_VERSION	0x103018	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0x1030f4	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
USER32.dll	AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
GDI32.dll	StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
OLEAUT32.dll	LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 21:17:00.444902897 CEST	49706	80	192.168.2.9	208.95.112.1
Apr 18, 2024 21:17:00.562072039 CEST	80	49706	208.95.112.1	192.168.2.9
Apr 18, 2024 21:17:00.562150955 CEST	49706	80	192.168.2.9	208.95.112.1
Apr 18, 2024 21:17:00.563144922 CEST	49706	80	192.168.2.9	208.95.112.1
Apr 18, 2024 21:17:00.743102074 CEST	80	49706	208.95.112.1	192.168.2.9
Apr 18, 2024 21:17:00.798690081 CEST	49706	80	192.168.2.9	208.95.112.1
Apr 18, 2024 21:17:47.846981049 CEST	80	49706	208.95.112.1	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 21:17:00.333368063 CEST	61462	53	192.168.2.9	1.1.1.1
Apr 18, 2024 21:17:00.438745975 CEST	53	61462	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 21:17:00.333368063 CEST	192.168.2.9	1.1.1.1	0xd9c6	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 21:17:00.438745975 CEST	1.1.1.1	192.168.2.9	0xd9c6	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ip-api.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49706	208.95.112.1	80	7060	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Apr 18, 2024 21:17:00.563144922 CEST	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Apr 18, 2024 21:17:00.743102074 CEST	174	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 19:17:00 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 5 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 74 72 75 65 0a Data Ascii: true

Target ID:	2
Start time:	21:16:57
Start date:	18/04/2024
Path:	C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"
Imagebase:	0x7ff70f010000
File size:	1'072'128 bytes
MD5 hash:	0193A0A5847EFD51F91BC7B2D4FE8A78
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: 00000002.00000002.1394641669.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:16:58
Start date:	18/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\transferencia_BBVA_97866456345354678976543425678.exe"
Imagebase:	0x490000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2618945893.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2620538680.0000000002755000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	5.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	171

Executed Functions

Function 00363B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00363B7A
IsDebuggerPresent.KERNEL32 ref: 00363B8C
GetFullPathNameW.KERNEL32(00007FFF,?,?,004262F8,004262E0,?,?), ref: 00363BFD

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Part of subcall function 00370A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00363C26,004262F8,?,?,?), ref: 00370ACE

SetCurrentDirectoryW.KERNEL32(?), ref: 00363C81
MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,004193F0,00000010), ref: 0039D4BC
SetCurrentDirectoryW.KERNEL32(?,004262F8,?,?,?), ref: 0039D4F4
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00415D40,004262F8,?,?,?), ref: 0039D57A
ShellExecuteW.SHELL32(00000000,?,?), ref: 0039D581

Part of subcall function 00363A58: GetSysColorBrush.USER32(0000000F), ref: 00363A62
Part of subcall function 00363A58: LoadCursorW.USER32 ref: 00363A71
Part of subcall function 00363A58: LoadIconW.USER32(00000063), ref: 00363A88
Part of subcall function 00363A58: LoadIconW.USER32(000000A4), ref: 00363A9A
Part of subcall function 00363A58: LoadIconW.USER32(000000A2), ref: 00363AAC
Part of subcall function 00363A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00363AD2
Part of subcall function 00363A58: RegisterClassExW.USER32(?), ref: 00363B28

Part of subcall function 003639E7: CreateWindowExW.USER32 ref: 00363A15
Part of subcall function 003639E7: CreateWindowExW.USER32 ref: 00363A36
Part of subcall function 003639E7: ShowWindow.USER32(00000000,?,?), ref: 00363A4A
Part of subcall function 003639E7: ShowWindow.USER32(00000000,?,?), ref: 00363A53

Part of subcall function 003643DB: _memset.LIBCMT ref: 00364401
Part of subcall function 003643DB: Shell_NotifyIconW.SHELL32 ref: 003644A6

Strings

This is a third-party compiled AutoIt script., xrefs: 0039D4B4
%?, xrefs: 00363C56
runas, xrefs: 0039D575

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
String ID: This is a third-party compiled AutoIt script.$runas$%?
API String ID: 529118366-505933256
Opcode ID: f11888eb9393bb1906f13834dd676cfb31cbf596d6b355511478ec5eaae01c8f
Instruction ID: 68eaf7c4a7fa85d48a41703e0d86785df53527922ce65e0e0c8a84964aa58bb8
Opcode Fuzzy Hash: f11888eb9393bb1906f13834dd676cfb31cbf596d6b355511478ec5eaae01c8f
Instruction Fuzzy Hash: F7510930A04248EECF23ABB4EC55EED7B78AB44304F51C1B5F411AA195CB745A46CB35

Uniqueness

Uniqueness Score: -1.00%

Function 00364FE9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00364EEE,?,?,00000000,00000000), ref: 00364FF9
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00364EEE,?,?,00000000,00000000), ref: 00365010
LoadResource.KERNEL32(?,00000000,?,?,00364EEE,?,?,00000000,00000000,?,?,?,?,?,?,00364F8F), ref: 0039DD60
SizeofResource.KERNEL32(?,00000000,?,?,00364EEE,?,?,00000000,00000000,?,?,?,?,?,?,00364F8F), ref: 0039DD75
LockResource.KERNEL32(N6,?,?,00364EEE,?,?,00000000,00000000,?,?,?,?,?,?,00364F8F,00000000), ref: 0039DD88

Strings

SCRIPT, xrefs: 00365006
N6, xrefs: 0039DD85

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT$N6
API String ID: 3051347437-764952453
Opcode ID: 36a817e25f5ecd7b3089701de5b40a1cee29a36eaded365c892f27c53d08075a
Instruction ID: 9560765129889badb9fb321f31a57d5507729478d99abf71e643c4619b3a7852
Opcode Fuzzy Hash: 36a817e25f5ecd7b3089701de5b40a1cee29a36eaded365c892f27c53d08075a
Instruction Fuzzy Hash: 75115E75200741AFD7328B65DC98F677BBDEBC9B11F108678F5059A2A0DBA1EC008660

Uniqueness

Uniqueness Score: -1.00%

Function 00364AFE Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00364B2B

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

GetCurrentProcess.KERNEL32(?,003EFAEC,00000000,00000000,?), ref: 00364BF8
IsWow64Process.KERNEL32(00000000), ref: 00364BFF
GetNativeSystemInfo.KERNELBASE(00000000), ref: 00364C45
FreeLibrary.KERNEL32(00000000), ref: 00364C50
GetSystemInfo.KERNEL32(00000000), ref: 00364C81
GetSystemInfo.KERNEL32(00000000), ref: 00364C8D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
String ID:
API String ID: 1986165174-0
Opcode ID: 90cd3eb48010c08fb97cf58148c295f848737ca5c1485f2c9fce118c101e819d
Instruction ID: 4af6e5c9646cbb46d467d3f457402b4db75a1606aa6aff67c0b144881f20f9b0
Opcode Fuzzy Hash: 90cd3eb48010c08fb97cf58148c295f848737ca5c1485f2c9fce118c101e819d
Instruction Fuzzy Hash: 0891C57194A7C4DECB33CB7895511AABFE4AF26300B488E9DD0CB97B41D260E948C759

Uniqueness

Uniqueness Score: -1.00%

Function 0036E800 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON

Download Yara Rule

Strings

DtB, xrefs: 0036EC21
DtB, xrefs: 0036EC1A
DtB, xrefs: 003A3F58
Variable must be of type 'Object'., xrefs: 003A428C
DtB, xrefs: 003A3F1F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: DtB$DtB$DtB$DtB$Variable must be of type 'Object'.
API String ID: 0-1803034821
Opcode ID: 8ed943d04759d0a14e262ab2dc8f9bac5b9c70253b30a72e106b111beb72354e
Instruction ID: bf3403cc5fe5be23add48aa45a22a3242dcb6611a065fbd774f06df906ab0a27
Opcode Fuzzy Hash: 8ed943d04759d0a14e262ab2dc8f9bac5b9c70253b30a72e106b111beb72354e
Instruction Fuzzy Hash: 11A2C078A04215CFCB26CF58C480AAEB7B5FF49304F65C069E806AB359D775EC4ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 003C4696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,0039E7C1), ref: 003C46A6
FindFirstFileW.KERNELBASE(?,?), ref: 003C46B7
FindClose.KERNEL32(00000000), ref: 003C46C7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID:
API String ID: 48322524-0
Opcode ID: e24e9fd7f7d2c90a20565f91a74e2ace94db03e9a983ab80c05e88bd6d497b18
Instruction ID: d69d8d3302dfd6ceae32c3897abc007b89f94568a162dd04a165fd016394c49e
Opcode Fuzzy Hash: e24e9fd7f7d2c90a20565f91a74e2ace94db03e9a983ab80c05e88bd6d497b18
Instruction Fuzzy Hash: 10E0D8358105005F82216738EC9D9EA775C9E06335F104B19F935C14E0E7F05D608695

Uniqueness

Uniqueness Score: -1.00%

Function 00370B30 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00370BBB
timeGetTime.WINMM ref: 00370E76
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00370FB3
TranslateMessage.USER32(?), ref: 00370FC7
DispatchMessageW.USER32(?), ref: 00370FD5
Sleep.KERNEL32(0000000A), ref: 00370FDF
LockWindowUpdate.USER32(00000000,?,?), ref: 0037105A
DestroyWindow.USER32 ref: 00371066
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00371080
Sleep.KERNEL32(0000000A,?,?), ref: 003A52AD
TranslateMessage.USER32(?), ref: 003A608A
DispatchMessageW.USER32(?), ref: 003A6098
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 003A60AC

Strings

prB, xrefs: 003A5383
prB, xrefs: 003A53D8
@GUI_CTRLID, xrefs: 003A5364
@COM_EVENTOBJ, xrefs: 003A591A
@GUI_WINHANDLE, xrefs: 003A53B9
@GUI_CTRLHANDLE, xrefs: 003A540E
prB, xrefs: 003A542D
@TRAY_ID, xrefs: 003A5BB9
prB, xrefs: 003A5BDE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$prB$prB$prB$prB
API String ID: 4003667617-573533718
Opcode ID: 00cb758101f4c7dc8d70bfe6e6ea18dbe64673b75bb2a158fb009d8fcf1933f1
Instruction ID: 4ad82662ed2573b06b704632454ed5ca77384f324d697909f520b9e2a22e4b04
Opcode Fuzzy Hash: 00cb758101f4c7dc8d70bfe6e6ea18dbe64673b75bb2a158fb009d8fcf1933f1
Instruction Fuzzy Hash: 1FB2B270608741DFD73ADF24C884BAAB7E8FF85304F15891DE48A9B2A1DB75E845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 003C93DF Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003C91E9: __time64.LIBCMT ref: 003C91F3

Part of subcall function 00365045: _fseek.LIBCMT ref: 0036505D

__wsplitpath.LIBCMT ref: 003C94BE

Part of subcall function 0038432E: __wsplitpath_helper.LIBCMT ref: 0038436E

_wcscpy.LIBCMT ref: 003C94D1
_wcscat.LIBCMT ref: 003C94E4
__wsplitpath.LIBCMT ref: 003C9509
_wcscat.LIBCMT ref: 003C951F
_wcscat.LIBCMT ref: 003C9532

Part of subcall function 003C922F: _memmove.LIBCMT ref: 003C9268
Part of subcall function 003C922F: _memmove.LIBCMT ref: 003C9277

_wcscmp.LIBCMT ref: 003C9479

Part of subcall function 003C99BE: _wcscmp.LIBCMT ref: 003C9AAE
Part of subcall function 003C99BE: _wcscmp.LIBCMT ref: 003C9AC1

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003C96DC
_wcsncpy.LIBCMT ref: 003C974F
DeleteFileW.KERNEL32(?,?), ref: 003C9785
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003C979B
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003C97AC
DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003C97BE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
String ID:
API String ID: 1500180987-0
Opcode ID: fe11e2415c27ce39c122be9c98eb8832b426dfd5bf51dd1a2a8b957fc9596bbb
Instruction ID: bc463c7ed2003198a8e1bbc868d2463e9abdb9ad68f1e7f0d08c8d8cbc87dfdb
Opcode Fuzzy Hash: fe11e2415c27ce39c122be9c98eb8832b426dfd5bf51dd1a2a8b957fc9596bbb
Instruction Fuzzy Hash: 52C11AB1D00229AADF22DFA5CC85FDEB7BDAF45310F0040AAF609EA151DB709E548F65

Uniqueness

Uniqueness Score: -1.00%

Function 00363015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00363074
RegisterClassExW.USER32(00000030), ref: 0036309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003630AF
InitCommonControlsEx.COMCTL32(?), ref: 003630CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003630DC
LoadIconW.USER32(000000A9), ref: 003630F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00363101

Strings

0, xrefs: 00363056
AutoIt v3 GUI, xrefs: 00363090
TaskbarCreated, xrefs: 003630A4
+, xrefs: 0036305D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: c08cab9ece3e14929e8594cdcf4f1db277f2023c04eb87aeeb08b248276c007c
Instruction ID: 79cf4a6ad543d4a849339e94e182b3acdfd36120f1da4e47c88757b45f9d3317
Opcode Fuzzy Hash: c08cab9ece3e14929e8594cdcf4f1db277f2023c04eb87aeeb08b248276c007c
Instruction Fuzzy Hash: 3F317CB1941389EFDB22DFA4DC84AC9BFF4FB09310F15466AE580EA2A0D3B54586CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00363041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00363074
RegisterClassExW.USER32(00000030), ref: 0036309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003630AF
InitCommonControlsEx.COMCTL32(?), ref: 003630CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003630DC
LoadIconW.USER32(000000A9), ref: 003630F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00363101

Strings

0, xrefs: 00363056
AutoIt v3 GUI, xrefs: 00363090
TaskbarCreated, xrefs: 003630A4
+, xrefs: 0036305D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 990265a41d1d05842578949a2bd394b8a4233c38c3ed578d961e9d00f7f571f2
Instruction ID: c5509388f20e49bd028ecd1cabcdb100463bc292da8b3dbcbe95b0a994932a5d
Opcode Fuzzy Hash: 990265a41d1d05842578949a2bd394b8a4233c38c3ed578d961e9d00f7f571f2
Instruction Fuzzy Hash: 6321CCB5A01258EFDB21EF94EC89BDD7BF8FB08700F01462AF510AA2A0D7B145458F95

Uniqueness

Uniqueness Score: -1.00%

Function 003671EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00364864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004262F8,?,003637C0,?), ref: 00364882

Part of subcall function 0038074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,003672C5), ref: 00380771

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00367308
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0039ECF1
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0039ED32
RegCloseKey.ADVAPI32(?), ref: 0039ED70
_wcscat.LIBCMT ref: 0039EDC9

Strings

\, xrefs: 0039EDEC
Include, xrefs: 0039ECE8, 0039ED29
Software\AutoIt v3\AutoIt, xrefs: 003672FE
\Include\, xrefs: 003672C5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 2673923337-2727554177
Opcode ID: bda07e4448e244340b6ddb284a0220fc9b8233cdba84ac78d3d8e0da1978470f
Instruction ID: 792be03223b4cb786c6a10c7ca51bead03e5187e255fba1abca74143af2befd9
Opcode Fuzzy Hash: bda07e4448e244340b6ddb284a0220fc9b8233cdba84ac78d3d8e0da1978470f
Instruction Fuzzy Hash: 3971A171509301DEC726EF25EC8199BBBE8FF58340F80457EF4458B1A1EB709949CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00363633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 003636D2
KillTimer.USER32(?,00000001), ref: 003636FC
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0036371F
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0036372A
CreatePopupMenu.USER32 ref: 0036373E
PostQuitMessage.USER32(00000000), ref: 0036375F

Strings

TaskbarCreated, xrefs: 00363725
%?, xrefs: 0039D2D1, 0039D31F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated$%?
API String ID: 129472671-4267315211
Opcode ID: 9375d398ab7aae13b17e629fb0ddde5e416cfd0f9f6ccb5099da0b2e9d325a5c
Instruction ID: ba4108784b64f819ead91432fea18840dfd3cf62d0d2f7282b064e12c2ca3730
Opcode Fuzzy Hash: 9375d398ab7aae13b17e629fb0ddde5e416cfd0f9f6ccb5099da0b2e9d325a5c
Instruction Fuzzy Hash: DA4126B2301145ABDF236F28EC8AB793B59EB01300F558239F5029A2A5CBB49E119779

Uniqueness

Uniqueness Score: -1.00%

Function 00363A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00363A62
LoadCursorW.USER32 ref: 00363A71
LoadIconW.USER32(00000063), ref: 00363A88
LoadIconW.USER32(000000A4), ref: 00363A9A
LoadIconW.USER32(000000A2), ref: 00363AAC
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00363AD2
RegisterClassExW.USER32(?), ref: 00363B28

Part of subcall function 00363041: GetSysColorBrush.USER32(0000000F), ref: 00363074
Part of subcall function 00363041: RegisterClassExW.USER32(00000030), ref: 0036309E
Part of subcall function 00363041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003630AF
Part of subcall function 00363041: InitCommonControlsEx.COMCTL32(?), ref: 003630CC
Part of subcall function 00363041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003630DC
Part of subcall function 00363041: LoadIconW.USER32(000000A9), ref: 003630F2
Part of subcall function 00363041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00363101

Strings

AutoIt v3, xrefs: 00363B17
0, xrefs: 00363B06
#, xrefs: 00363B0D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: b65099f0ac0274846424c764243fa9eadeface46403666f0d961c14ef7715c34
Instruction ID: a8ec690461b9d4cc0486f99053a4f03bf9c0150e49816ccf3080cda157382532
Opcode Fuzzy Hash: b65099f0ac0274846424c764243fa9eadeface46403666f0d961c14ef7715c34
Instruction Fuzzy Hash: EB215E74E00304EFEB22AFA4EC49B9D7BB4FB08710F4141B9F504AA2E0D7B656558F68

Uniqueness

Uniqueness Score: -1.00%

Function 00363778 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>>>AUTOIT NO CMDEXECUTE<<<, xrefs: 003637C0
/AutoIt3OutputDebug, xrefs: 003638A4
/AutoIt3ExecuteLine, xrefs: 003638B9
CMDLINERAW, xrefs: 0036380D
bB, xrefs: 0039D44E
/ErrorStdOut, xrefs: 0036388F
/AutoIt3ExecuteScript, xrefs: 003638CE
CMDLINE, xrefs: 00363834

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW$bB
API String ID: 1825951767-3527944643
Opcode ID: 1cf28b87b481163959de5afcc53d4faa9775db00818c00db70a356dce4a097fc
Instruction ID: 66204aed8831e18fb255f8a5135338a1182c8feab58913440a9ec898ab5f78e4
Opcode Fuzzy Hash: 1cf28b87b481163959de5afcc53d4faa9775db00818c00db70a356dce4a097fc
Instruction Fuzzy Hash: A9A15F7291022D9ACF16FBA0CC95EEEB7B8BF14300F54852AF412BB195DF755A09CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0036F8CF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003803A2: MapVirtualKeyW.USER32(0000005B,00000000,?,?,?,0036F937), ref: 003803D3
Part of subcall function 003803A2: MapVirtualKeyW.USER32(00000010,00000000,?,?,?,0036F937), ref: 003803DB
Part of subcall function 003803A2: MapVirtualKeyW.USER32(000000A0,00000000,?,?,?,0036F937), ref: 003803E6
Part of subcall function 003803A2: MapVirtualKeyW.USER32(000000A1,00000000,?,?,?,0036F937), ref: 003803F1
Part of subcall function 003803A2: MapVirtualKeyW.USER32(00000011,00000000,?,?,?,0036F937), ref: 003803F9
Part of subcall function 003803A2: MapVirtualKeyW.USER32(00000012,00000000,?,?,?,0036F937), ref: 00380401

Part of subcall function 00376259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0036FA90), ref: 003762B4

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0036FB2D
OleInitialize.OLE32(00000000), ref: 0036FBAA
CloseHandle.KERNEL32(00000000), ref: 003A49F2

Strings

<gB, xrefs: 0036FA90
%?, xrefs: 0036F8F6, 0036F908, 0036FACE, 0036FBB1
\dB, xrefs: 0036F957
cB, xrefs: 0036F94B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID: <gB$\dB$%?$cB
API String ID: 1986988660-786905223
Opcode ID: 6e8df421cd4c22c53b1907e44abb096976a68f37327b829cd91a21ca3d5f1fed
Instruction ID: 6656204671d1aa95124418d74dbb23e94092419abd156c6b37dfe98a901f4d83
Opcode Fuzzy Hash: 6e8df421cd4c22c53b1907e44abb096976a68f37327b829cd91a21ca3d5f1fed
Instruction Fuzzy Hash: 8981DBB0B01290CEC3A5EF29FD506257AE5FB983087D2817ED488CB266EB755506CF1C

Uniqueness

Uniqueness Score: -1.00%

Function 00DC2640 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00DC2711
VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DC2937

Memory Dump Source

Source File: 00000002.00000002.1394621807.0000000000DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dc0000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateFileFreeVirtual
String ID:
API String ID: 204039940-0
Opcode ID: 7a8af28d10d872e8c42d0e09e8738e4af41cabd85448581b7ead53f150642b41
Instruction ID: cac8d1e0886c7c24ac80d21b852229fde3f39ccff09a3279b43c879151586680
Opcode Fuzzy Hash: 7a8af28d10d872e8c42d0e09e8738e4af41cabd85448581b7ead53f150642b41
Instruction Fuzzy Hash: ADA1E374E0020AEBDB14CFA4C895FAEBBB5BF48704F248159E505AB280D7759A81DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003639E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32 ref: 00363A15
CreateWindowExW.USER32 ref: 00363A36
ShowWindow.USER32(00000000,?,?), ref: 00363A4A
ShowWindow.USER32(00000000,?,?), ref: 00363A53

Strings

AutoIt v3, xrefs: 00363A0D, 00363A12, 00363A13
edit, xrefs: 00363A30

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: abe363dcea6dbe49f7890a9682373eebf936bd9cd1648d2c55e3b90d35ac4837
Instruction ID: d8fb8286f083b02b3fc94058beda201f138db7fce8110d963d6fd9cc5b255604
Opcode Fuzzy Hash: abe363dcea6dbe49f7890a9682373eebf936bd9cd1648d2c55e3b90d35ac4837
Instruction Fuzzy Hash: 68F03A707002A0FEEA3227236C48E772E7DD7C6F50F4201BAB900A61B0C2B50C42CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 00DC2410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00DC2300: Sleep.KERNELBASE(000001F4), ref: 00DC2311

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00DC252F

Strings

ZYQWSBHRK07RXOQ751ZJ, xrefs: 00DC2592, 00DC2595

Memory Dump Source

Source File: 00000002.00000002.1394621807.0000000000DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dc0000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateFileSleep
String ID: ZYQWSBHRK07RXOQ751ZJ
API String ID: 2694422964-4019641779
Opcode ID: feabd78bd8c827dd8729c71640675ab614b251b72b40845b19d446f733fad8c4
Instruction ID: bedb8dbed0117ee9e80f548df5442b2d8f117b423fc698315fed876f01441467
Opcode Fuzzy Hash: feabd78bd8c827dd8729c71640675ab614b251b72b40845b19d446f733fad8c4
Instruction Fuzzy Hash: 12519030D14289DAEF11DBA4C814BEFBB79AF09304F04419CE548BB2C1DAB95B49CB75

Uniqueness

Uniqueness Score: -1.00%

Function 0036410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32 ref: 0039D5EC

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

_memset.LIBCMT ref: 0036418D
_wcscpy.LIBCMT ref: 003641E1
Shell_NotifyIconW.SHELL32 ref: 003641F1

Strings

Line: , xrefs: 0039D615

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
String ID: Line:
API String ID: 3942752672-1585850449
Opcode ID: 63f3547926eaf444e3d08cda33c60594372c404578f19dc94a447cb0e7fd0a34
Instruction ID: 0233b99607f5b8f76a5c64d0237a28f6e8d46f804effc47de0fdcd396f9b7996
Opcode Fuzzy Hash: 63f3547926eaf444e3d08cda33c60594372c404578f19dc94a447cb0e7fd0a34
Instruction Fuzzy Hash: 423134315083009AD333FB60DC46FDB77ECAF05304F508A2AF184860A5EB709649C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 0038564D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 003856AB
_memcpy_s.LIBCMT ref: 0038571D
__read_nolock.LIBCMT ref: 0038577B
__filbuf.LIBCMT ref: 0038579E
_memset.LIBCMT ref: 003857E2

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
Instruction ID: 0859f8fdc467ba0ac82c811f836230e13a9107bfa322d53464d95895ffee994b
Opcode Fuzzy Hash: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
Instruction Fuzzy Hash: 2B51B534A00B05DFDF26AFB9C88466E77B5AF40320F65C7A9F8359A6D0E7709D508B40

Uniqueness

Uniqueness Score: -1.00%

Function 003669CA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON

Download Yara Rule

APIs

Part of subcall function 00364F3D: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,004262F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00364F6F

_free.LIBCMT ref: 0039E68C
_free.LIBCMT ref: 0039E6D3

Part of subcall function 00366BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00366D0D

Strings

Bad directive syntax error, xrefs: 0039E6BB
>>>AUTOIT SCRIPT<<<, xrefs: 0039E462

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _free$CurrentDirectoryLibraryLoad
String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
API String ID: 2861923089-1757145024
Opcode ID: 2e3a176da82008f37c2a0829fa0ea334892abefdf398e063d0372beb5e8a9b8c
Instruction ID: fcd66328ddda1cdb3d41c50401772b312ebc6ddbb058e64016ef644653240bd0
Opcode Fuzzy Hash: 2e3a176da82008f37c2a0829fa0ea334892abefdf398e063d0372beb5e8a9b8c
Instruction Fuzzy Hash: BA915D71910219EFCF06EFA5CC919EDBBB8BF19314F14846AF815AF291EB309915CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003635B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,003635A1,SwapMouseButtons,00000004,?), ref: 003635D4
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,003635A1,SwapMouseButtons,00000004,?,?,?,?,00362754), ref: 003635F5
RegCloseKey.KERNELBASE(00000000,?,?,003635A1,SwapMouseButtons,00000004,?,?,?,?,00362754), ref: 00363617

Strings

Control Panel\Mouse, xrefs: 003635D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 0ccbf5a3262365c73b5a93cb7ae379a8b60968733c627cd1418e107059a14b13
Instruction ID: 6bd489419d3c3ed8422cb44f76042b42cbc3a17954c47e9c461e535b5484b183
Opcode Fuzzy Hash: 0ccbf5a3262365c73b5a93cb7ae379a8b60968733c627cd1418e107059a14b13
Instruction Fuzzy Hash: 79115771614218BFDB22CF68DC80EAEBBBCEF04740F018569F805DB214E2719F409BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00DC1300 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 00DC1B2D
Wow64GetThreadContext.KERNELBASE(?,00010007), ref: 00DC1B51
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00DC1B73

Memory Dump Source

Source File: 00000002.00000002.1394621807.0000000000DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dc0000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
Instruction ID: ab524add277c71c4985c3e710d5ba23282de56f56948d3a5f4492d0b2c5115eb
Opcode Fuzzy Hash: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
Instruction Fuzzy Hash: E9622B34A14259DBEB24CFA4C840BDEB376EF59300F1091A9E10DEB391E7759E81CB69

Uniqueness

Uniqueness Score: -1.00%

Function 003C97E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00365045: _fseek.LIBCMT ref: 0036505D

Part of subcall function 003C99BE: _wcscmp.LIBCMT ref: 003C9AAE
Part of subcall function 003C99BE: _wcscmp.LIBCMT ref: 003C9AC1

_free.LIBCMT ref: 003C992C
_free.LIBCMT ref: 003C9933
_free.LIBCMT ref: 003C999E

Part of subcall function 00382F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00389C64), ref: 00382FA9
Part of subcall function 00382F95: GetLastError.KERNEL32(00000000,?,00389C64), ref: 00382FBB

_free.LIBCMT ref: 003C99A6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
String ID:
API String ID: 1552873950-0
Opcode ID: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
Instruction ID: 8020eec14f431a4ac58f71a8b4245372962b0b6e9800ea50423aa8a779e6d70a
Opcode Fuzzy Hash: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
Instruction Fuzzy Hash: 24515BB1904218AFDF259F64CC85B9EBBB9EF48310F1044AEF609AB241DB715E90CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0038493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003849D0
__flush.LIBCMT ref: 003849F0
__write.LIBCMT ref: 00384A23
__flsbuf.LIBCMT ref: 00384A51

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
Instruction ID: fa08dcf5b46376a3bf7ac02b3d0c80574f6f60122a8fe602b29873abce158903
Opcode Fuzzy Hash: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
Instruction Fuzzy Hash: 3E41C5706007079BDF2EEE69C88096F77A9EF80360B2581ADE8558BE40D774DD408744

Uniqueness

Uniqueness Score: -1.00%

Function 003663A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

%?, xrefs: 003663AE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: %?
API String ID: 0-3131337030
Opcode ID: 9f0ab0a14612ea90a820f274bc47e37b50762ba5f38f427a118c5c39261427df
Instruction ID: b737779e22a6fa15e562d58e7b59f41feccae5b9e113509831d43649436361cc
Opcode Fuzzy Hash: 9f0ab0a14612ea90a820f274bc47e37b50762ba5f38f427a118c5c39261427df
Instruction Fuzzy Hash: 7AB1B6719001099BCF27EF95C8929FDBBB8FF45390F50C126E902AB199EB319D85CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00364DD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00364E1A

Strings

EA06, xrefs: 0039DCF5
AU3!P/?, xrefs: 00364E14

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove
String ID: AU3!P/?$EA06
API String ID: 4104443479-2942601680
Opcode ID: 6b388da18d4a700363cec9803637e9b7ea0d9cf3af451faef85d26eabbe33505
Instruction ID: aeac3f194c340b66dda035b258854f91382dc4a03dac829de0eb1315d57f9ed6
Opcode Fuzzy Hash: 6b388da18d4a700363cec9803637e9b7ea0d9cf3af451faef85d26eabbe33505
Instruction Fuzzy Hash: 51415C71E04654ABDF235B64C8527BF7FAAAB05300F69C075F8829F28EC6329D4487E1

Uniqueness

Uniqueness Score: -1.00%

Function 003673E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0039EE62
GetOpenFileNameW.COMDLG32(?), ref: 0039EEAC

Part of subcall function 003648AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003648A1,?,?,003637C0,?), ref: 003648CE

Part of subcall function 003809D5: GetLongPathNameW.KERNELBASE ref: 003809F4

Strings

X, xrefs: 0039EE7A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen_memset
String ID: X
API String ID: 3777226403-3081909835
Opcode ID: 9b9418d872399e5ec52f3f85f4e694978f16297ebb18daebc6b08748d20908f4
Instruction ID: 1e59b3243b07152a546891c6ff0c8a2f982df714595590f17862735997a60186
Opcode Fuzzy Hash: 9b9418d872399e5ec52f3f85f4e694978f16297ebb18daebc6b08748d20908f4
Instruction Fuzzy Hash: 4F21D871E002589BCF12DF94C845BEE7BFC9F49314F40805AE408EB241DBF8598A8FA1

Uniqueness

Uniqueness Score: -1.00%

Function 003C901B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003C9036
__fread_nolock.LIBCMT ref: 003C904B

Strings

EA06, xrefs: 003C907D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __fread_nolock_memmove
String ID: EA06
API String ID: 1988441806-3962188686
Opcode ID: a6b31332c6fbc37ff24b5620f309c92c4d62ec0265517a0fd9d5222c312860c8
Instruction ID: 9e092997a2c02731c675fb7bed4f7c6190bd0f75bfad20a09606b2294278d7da
Opcode Fuzzy Hash: a6b31332c6fbc37ff24b5620f309c92c4d62ec0265517a0fd9d5222c312860c8
Instruction Fuzzy Hash: F601F971904318AEDB29D7A8CC1AFFE7BFCDB01301F00419FF552D6181E5B9AA048760

Uniqueness

Uniqueness Score: -1.00%

Function 003C9B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 003C9B82
GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 003C9B99

Strings

aut, xrefs: 003C9B93

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 2953249e83f37f6a4e9135833e060df4645272fe757b0f2606c94d7ae3b3bf10
Instruction ID: aa917fdcbbc5c41bf49a0d61fccb838bf6d9ea18413af8ee8932bb0987a554e1
Opcode Fuzzy Hash: 2953249e83f37f6a4e9135833e060df4645272fe757b0f2606c94d7ae3b3bf10
Instruction Fuzzy Hash: 7ED05E7954030DAFDB209B94DC4EFEA772CE704700F0046A1BF54990E2DFF465A88B96

Uniqueness

Uniqueness Score: -1.00%

Function 003DCDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9364f5e90bfd92c635b5cbb523fccd9dd1da0fa0ba289644f21e71389be2b015
Instruction ID: 032928e8662a7988e30156f54bbdfea7c9c59a009e7d2209d8207838d919833a
Opcode Fuzzy Hash: 9364f5e90bfd92c635b5cbb523fccd9dd1da0fa0ba289644f21e71389be2b015
Instruction Fuzzy Hash: 6DF16A71A083419FCB15DF28C480A6ABBE5FF88314F14892EF89A9B351D731E945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 003643DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00364401
Shell_NotifyIconW.SHELL32 ref: 003644A6
Shell_NotifyIconW.SHELL32 ref: 003644C3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconNotifyShell_$_memset
String ID:
API String ID: 1505330794-0
Opcode ID: 44215e98d1d83e2b4ab6d0b6be69c129a494c80e2f61ef1c4e034913f66dc74b
Instruction ID: 6992936c9a9dfc38c57fe5d1383ad086d06a94b0155854a95b81967f4a70326a
Opcode Fuzzy Hash: 44215e98d1d83e2b4ab6d0b6be69c129a494c80e2f61ef1c4e034913f66dc74b
Instruction Fuzzy Hash: B8318470A04301CFD722EF25D885B97BBF8FB49304F41493EE59A87291DB71A944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0038594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 00385963

Part of subcall function 0038A3AB: __NMSG_WRITE.LIBCMT ref: 0038A3D2
Part of subcall function 0038A3AB: __NMSG_WRITE.LIBCMT ref: 0038A3DC

__NMSG_WRITE.LIBCMT ref: 0038596A

Part of subcall function 0038A408: GetModuleFileNameW.KERNEL32(00000000,004243BA,00000104,?,00000001,00000000), ref: 0038A49A
Part of subcall function 0038A408: ___crtMessageBoxW.LIBCMT ref: 0038A548

Part of subcall function 003832DF: ___crtCorExitProcess.LIBCMT ref: 003832E5
Part of subcall function 003832DF: ExitProcess.KERNEL32 ref: 003832EE

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

RtlAllocateHeap.NTDLL(00F80000,00000000,00000001,00000000,?,?,?,00381013,?), ref: 0038598F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
String ID:
API String ID: 1372826849-0
Opcode ID: bdf7fae59b7032e3da428e0dff80897a635fbe6e6871c9745d15accb7f8088a0
Instruction ID: c46e51f582a8c0257bd4a448c1e831fc71d940fd27cae3a4feb4208270ae27c3
Opcode Fuzzy Hash: bdf7fae59b7032e3da428e0dff80897a635fbe6e6871c9745d15accb7f8088a0
Instruction Fuzzy Hash: 12019235301B15DEE6237B65D842A6E7288DF92B70F5101EAF4059E2C1DB709D0187A5

Uniqueness

Uniqueness Score: -1.00%

Function 003C9B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,003C97D2,?,?,?,?,?,00000004), ref: 003C9B45
SetFileTime.KERNELBASE(00000000,?,00000000,?,?,003C97D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 003C9B5B
CloseHandle.KERNEL32(00000000,?,003C97D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003C9B62

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: File$CloseCreateHandleTime
String ID:
API String ID: 3397143404-0
Opcode ID: 070aa61eeef2d7fdb7edc87070267b15dc0112d98e2f3a6396458671afe95181
Instruction ID: fb8f60dfe3048ad2aa1c7802f95a15a7c379a88a812b2586917abc6195bcadfa
Opcode Fuzzy Hash: 070aa61eeef2d7fdb7edc87070267b15dc0112d98e2f3a6396458671afe95181
Instruction Fuzzy Hash: 68E08632180218FBDB331B54EC49FDA7B2CAF05761F118220FB14BD0E087F129119798

Uniqueness

Uniqueness Score: -1.00%

Function 003C8F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 003C8FA5

Part of subcall function 00382F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00389C64), ref: 00382FA9
Part of subcall function 00382F95: GetLastError.KERNEL32(00000000,?,00389C64), ref: 00382FBB

_free.LIBCMT ref: 003C8FB6
_free.LIBCMT ref: 003C8FC8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
Instruction ID: 42242d36b289c840b2685216c60ab6ef3022367ca3378723c65baa2a5596df1b
Opcode Fuzzy Hash: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
Instruction Fuzzy Hash: 95E012B16097015ACA25B679BD40FD367EE5F48750B19085DF509DF142DE24ED41C364

Uniqueness

Uniqueness Score: -1.00%

Function 0036AB23 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

CALL, xrefs: 003A002B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: CALL
API String ID: 0-4196123274
Opcode ID: 803198e00a75f92adad48147df0bbd797d2afbd27be8deaa668b22a12a7e1916
Instruction ID: 79bf662d2d8a407edc514870c42b4fca44adb573026c44142e8f4fd251633555
Opcode Fuzzy Hash: 803198e00a75f92adad48147df0bbd797d2afbd27be8deaa668b22a12a7e1916
Instruction Fuzzy Hash: F3224674608641CFCB2ADF14C490B6ABBE5FF85304F15895DE88A9B666D731EC81CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0036C6DC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_wcscmp.LIBCMT ref: 0036C73D

Strings

6, xrefs: 0036C6E1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscmp
String ID: 6
API String ID: 856254489-498629140
Opcode ID: eef52f872bf8d54b1bc7646c63824387eb2d302de3758ebc4baec6d77b97cfcd
Instruction ID: 358f7b71c02036ec67b33915494f7d89c8bb243dbd0ff7b86b45326584f34069
Opcode Fuzzy Hash: eef52f872bf8d54b1bc7646c63824387eb2d302de3758ebc4baec6d77b97cfcd
Instruction Fuzzy Hash: E101F972D042955FD7179B2888505EAFF79DF57350F05C09AD890EB3A1D2309D41CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0036492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 00364992

Part of subcall function 003835AC: __lock.LIBCMT ref: 003835B2
Part of subcall function 003835AC: DecodePointer.KERNEL32(00000001,?,003649A7,003B81BC), ref: 003835BE
Part of subcall function 003835AC: EncodePointer.KERNEL32(?,?,003649A7,003B81BC), ref: 003835C9

Part of subcall function 00364A5B: SystemParametersInfoW.USER32 ref: 00364A73
Part of subcall function 00364A5B: SystemParametersInfoW.USER32 ref: 00364A88

Part of subcall function 00363B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00363B7A
Part of subcall function 00363B4C: IsDebuggerPresent.KERNEL32 ref: 00363B8C
Part of subcall function 00363B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,004262F8,004262E0,?,?), ref: 00363BFD
Part of subcall function 00363B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00363C81

SystemParametersInfoW.USER32 ref: 003649D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
String ID:
API String ID: 1438897964-0
Opcode ID: 54762f1ecfb5d2ada2dd30ac43b54848c1f6889253d1e68341570c3b27f9be43
Instruction ID: 04ed2b2c3bf85ed61ecb021dcaf3bbd07717be670251b94ad1c4856ab9704a03
Opcode Fuzzy Hash: 54762f1ecfb5d2ada2dd30ac43b54848c1f6889253d1e68341570c3b27f9be43
Instruction Fuzzy Hash: C1118E71A043519FC312EF68DC4590ABBE8EB94710F00856EF0458B2A1DB709655CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00365DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,00365981,?,?,?,?), ref: 00365E27
CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,00365981,?,?,?,?), ref: 0039E19C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 993cccca939d35636cc08d8916a6a0085ce81a1e554217cf0f40c13ce51113d9
Instruction ID: 918e7f9e765cdb8fc0d58757a031e24fb7cd607cd1c9d0045f7cb3b4a416eca6
Opcode Fuzzy Hash: 993cccca939d35636cc08d8916a6a0085ce81a1e554217cf0f40c13ce51113d9
Instruction Fuzzy Hash: 7001B570244708FEFB264E24CC8AFA63B9CEB11768F10C328BAE55A1E0C6B51E458B54

Uniqueness

Uniqueness Score: -1.00%

Function 00380FF6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0038594C: __FF_MSGBANNER.LIBCMT ref: 00385963
Part of subcall function 0038594C: __NMSG_WRITE.LIBCMT ref: 0038596A
Part of subcall function 0038594C: RtlAllocateHeap.NTDLL(00F80000,00000000,00000001,00000000,?,?,?,00381013,?), ref: 0038598F

std::exception::exception.LIBCMT ref: 0038102C
__CxxThrowException@8.LIBCMT ref: 00381041

Part of subcall function 003887DB: RaiseException.KERNEL32(?,?,?,0041BAF8,00000000,?,?,?,?,00381046,?,0041BAF8,?,00000001), ref: 00388830

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
String ID:
API String ID: 3902256705-0
Opcode ID: 3b1966f6716d58d5053b1c16a7a505eac6821f17f51f796483f5edeb13250c2d
Instruction ID: 0c7e0a53cc800d1408994dc7644760cca8e4a82bc4340a214419c9352c993595
Opcode Fuzzy Hash: 3b1966f6716d58d5053b1c16a7a505eac6821f17f51f796483f5edeb13250c2d
Instruction Fuzzy Hash: 3EF0287850031DA7CB23BB58EC019EF7BAC9F01350F1004A6F904AA581EFB1CA8187D5

Uniqueness

Uniqueness Score: -1.00%

Function 0038582D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0038585C
__lock_file.LIBCMT ref: 0038587D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __lock_file_memset
String ID:
API String ID: 26237723-0
Opcode ID: 3c9be5f2328ad8b9e28b87200188563865ae258ee32d486c5f8ebe461191cbc2
Instruction ID: 7d0211c9d2d4ecfbd5260a7f1b6e342cc5d10157e25e9636b692d36b28b6875b
Opcode Fuzzy Hash: 3c9be5f2328ad8b9e28b87200188563865ae258ee32d486c5f8ebe461191cbc2
Instruction Fuzzy Hash: 5601A771D00718EBCF23BF698C0659F7B61AF80360F5582D6F8245F1A1EB318A51DB91

Uniqueness

Uniqueness Score: -1.00%

Function 003855D6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

__lock_file.LIBCMT ref: 0038561B

Part of subcall function 00386E4E: __lock.LIBCMT ref: 00386E71

__fclose_nolock.LIBCMT ref: 00385626

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: c7e3f440855fa661f75780dedc4e4e19ec18a365181d755fc917c045010eeab8
Instruction ID: a4c7ce12918337d2eaf219ab72623a947f605438a5dc2bf5856ce8ec6fc0f56a
Opcode Fuzzy Hash: c7e3f440855fa661f75780dedc4e4e19ec18a365181d755fc917c045010eeab8
Instruction Fuzzy Hash: 81F0BE72801B049BDB23BF79880276E77E16F41334FA582C9A425AF1C1EF7C8A419B95

Uniqueness

Uniqueness Score: -1.00%

Function 00DC12FD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 00DC1B2D
Wow64GetThreadContext.KERNELBASE(?,00010007), ref: 00DC1B51
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00DC1B73

Memory Dump Source

Source File: 00000002.00000002.1394621807.0000000000DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dc0000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
Instruction ID: 09a819d0eb815c206e3e67aca1dc5a53121cb52956e5b1a31344b1bc7f6eb007
Opcode Fuzzy Hash: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
Instruction Fuzzy Hash: 4012DC24E24658C6EB24DF64D8507DEB232EF68300F1091ED910DEB7A5E77A4E81CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0036F3F0 Relevance: 1.7, APIs: 1, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c5fc5a47901868ec0d78a385a79c7befcdce1d5ab4ba8e86ad93cc91f208a8b
Instruction ID: 6aba660405813565866c13a8d977544aef2f391786a5d32ddb2e15e315757682
Opcode Fuzzy Hash: 0c5fc5a47901868ec0d78a385a79c7befcdce1d5ab4ba8e86ad93cc91f208a8b
Instruction Fuzzy Hash: 2E61DA7060060A9FCB12EF64D881AAAB7F9EF46300F14C079EA168B649EB71ED51CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00372123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482ddd29665434172f1ec6603c36561e03b30660dcad19f48764788a4b59737c
Instruction ID: 7b60a019b28b28bc43185122f0a79d70eddd04e77c3ec84777a8b97584a2a4c0
Opcode Fuzzy Hash: 482ddd29665434172f1ec6603c36561e03b30660dcad19f48764788a4b59737c
Instruction Fuzzy Hash: FB518135600604AFCF16EB54C992FAE77AAAF45310F19C068F90AAF296CB34ED00CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0036766F Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0036774A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 137ddfd0232708e3b58a8764eb2c3eda55301eb74d4565348677704d51d6fb2f
Instruction ID: 46d6ab602ab5c357f6337e7cc86294a7e80f7dd651ea77cf90266eef42e9ab18
Opcode Fuzzy Hash: 137ddfd0232708e3b58a8764eb2c3eda55301eb74d4565348677704d51d6fb2f
Instruction Fuzzy Hash: CF31A679208A02DFD726DF18C490931F7E4FF09310755C569E98A8B769EB30EC91CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00365C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00365CF6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8249f80b002730ab212bcc840874d6c59c29779710d4ddcd67efa45f2a88ebd5
Instruction ID: d494b3a5f64ec2206ed66fd0a2946e6dd327e7a7273ad43303937cbccc820571
Opcode Fuzzy Hash: 8249f80b002730ab212bcc840874d6c59c29779710d4ddcd67efa45f2a88ebd5
Instruction Fuzzy Hash: F9318A71A00B0AAFCB19CF2DC884AADB7B5FF88310F15C629E81997744D771B960CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003A00D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 003A00E1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: a0264876f766ec356b0fd2f984fd94156774de5725329d6f1c3364511c8d8c66
Instruction ID: bac39146d3df332f9b8333e9c82081b9f5ca64b4b516cb461c2855dd14383dfe
Opcode Fuzzy Hash: a0264876f766ec356b0fd2f984fd94156774de5725329d6f1c3364511c8d8c66
Instruction Fuzzy Hash: EA412774504351CFDB26DF14C884B1ABBE0BF45318F0989ACE8899B762C736E885CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0036C707 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_wcscmp.LIBCMT ref: 0036C73D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscmp
String ID:
API String ID: 856254489-0
Opcode ID: 786054b747d1efc29ca35882d3600c8fe3667b028cfcd395868b1ab1068846eb
Instruction ID: bc5539f08e333983b2ecad27a8fae8f7e40002ceb6fa0b767d170a2147405911
Opcode Fuzzy Hash: 786054b747d1efc29ca35882d3600c8fe3667b028cfcd395868b1ab1068846eb
Instruction Fuzzy Hash: 9411A271914119DBCB16EBA9DC819EEF778EF95360F10C126F851AB194EB309D05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00364F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00364D13: FreeLibrary.KERNEL32(00000000,?), ref: 00364D4D

Part of subcall function 0038548B: __wfsopen.LIBCMT ref: 00385496

LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,004262F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00364F6F

Part of subcall function 00364CC8: FreeLibrary.KERNEL32(00000000), ref: 00364D02

Part of subcall function 00364DD0: _memmove.LIBCMT ref: 00364E1A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Library$Free$Load__wfsopen_memmove
String ID:
API String ID: 1396898556-0
Opcode ID: 91c6de0f472aa1fc703330ef9e4f9cd4e8b268769cfdde8964b8e0e2d65947f0
Instruction ID: 057f6b4e1119c53686acf2bd75a53031c24ce9eef1c11f3f2553fa763153a8ba
Opcode Fuzzy Hash: 91c6de0f472aa1fc703330ef9e4f9cd4e8b268769cfdde8964b8e0e2d65947f0
Instruction Fuzzy Hash: 7C11E331A00309EACF12BF70DC02FAE77A89F40B00F11C429F541AF2C6DAB19A159BA0

Uniqueness

Uniqueness Score: -1.00%

Function 003A01AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 003A01BB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 37688981552782cff1d52d5311849b076758d80faf39f0d7e4ba687b6a87b1d0
Instruction ID: 25a20ee79684d5374f3a80f132b9438cd3b07256141231ec8c9365328482d933
Opcode Fuzzy Hash: 37688981552782cff1d52d5311849b076758d80faf39f0d7e4ba687b6a87b1d0
Instruction Fuzzy Hash: 502124B4508341CFCB26DF14C884B1ABBE4BF85314F058968E88A5B761D732E845CF53

Uniqueness

Uniqueness Score: -1.00%

Function 00365D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,00365807,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00365D76

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: a722c920978ddb54bad5e13fab8f6a900ba99a7b479e4a31ce7efd16e13cb175
Instruction ID: 767d19339e9a8303e7694398d1d30bfd82a38462fe2dc5ef1f9464053491f5cc
Opcode Fuzzy Hash: a722c920978ddb54bad5e13fab8f6a900ba99a7b479e4a31ce7efd16e13cb175
Instruction Fuzzy Hash: B9113631200B059FD3328F15C888B66B7E9EF45760F10C92EE5AA8AA94D7B0E945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00384A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 00384AD6

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __getptd_noexit__lock_file
String ID:
API String ID: 2597487223-0
Opcode ID: 2e32ad0de75e9167d5b6f42b7d8846974dc64df47c5dbd78abc43b2d8b8b8bc2
Instruction ID: a2e0c25efd51df5195088bcd006284b93fc1ebe4c8df905a20b82560c2b2ace2
Opcode Fuzzy Hash: 2e32ad0de75e9167d5b6f42b7d8846974dc64df47c5dbd78abc43b2d8b8b8bc2
Instruction Fuzzy Hash: 7DF0AF3194030AABDF63BF688C0639E76A1AF00325F558594F424AE5D1DB7C8A50DF95

Uniqueness

Uniqueness Score: -1.00%

Function 00364FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,004262F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00364FDE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 7a804758dacc9cc6f0a6e051f002e87543821be6181a1d3810b715948ce4a5ac
Instruction ID: eb7391469107ade5d486918e9928c2f946877d5c6a24205bea1bbfd00c6fb073
Opcode Fuzzy Hash: 7a804758dacc9cc6f0a6e051f002e87543821be6181a1d3810b715948ce4a5ac
Instruction Fuzzy Hash: F1F06D71905712CFCB369F64E494812BBF5BF05329321CA7EE1D78AA14C771A840DF40

Uniqueness

Uniqueness Score: -1.00%

Function 003809D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE ref: 003809F4

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LongNamePath_memmove
String ID:
API String ID: 2514874351-0
Opcode ID: 8fe2b5b1a20d8de93435df5583a4ffc9901ffe39436b2e8bd56cc4519a744936
Instruction ID: 552ed503e964bd118a562d869c2205a51961076e3ac2d8b800c3e2a90411fdb8
Opcode Fuzzy Hash: 8fe2b5b1a20d8de93435df5583a4ffc9901ffe39436b2e8bd56cc4519a744936
Instruction Fuzzy Hash: 6EE0CD369042285BC721D6589C05FFA77EDDF88790F0442B5FD0CDB248DAA09C818690

Uniqueness

Uniqueness Score: -1.00%

Function 003C9129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 003C914B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
Instruction ID: 0a6130d80b9ec1579b064d86813b1e8be1c4f307460e697998e2fc9bf3cb3851
Opcode Fuzzy Hash: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
Instruction Fuzzy Hash: 1FE092B0204B005FDB359A24D815BE373E0BB06315F05085DF29AC3341EB627C418759

Uniqueness

Uniqueness Score: -1.00%

Function 00365DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,0039E16B,?,?,00000000), ref: 00365DBF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: a59cf296d90d5be2452323657904258f822a8baf6b7ad79032d30f014a8c55a3
Instruction ID: b352c7d915dfe9cdaa5b3df5ec33d0167dc32526b6a1515bb092c3a962112145
Opcode Fuzzy Hash: a59cf296d90d5be2452323657904258f822a8baf6b7ad79032d30f014a8c55a3
Instruction Fuzzy Hash: F9D0C77464020CFFE710DB80DC46FA9777CDB45711F100294FD0456290D6F27E508795

Uniqueness

Uniqueness Score: -1.00%

Function 0038548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 00385496

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction ID: 269ec4d9e3aa0f9d5fa37143c8297e3a5b5f81298eb64fa2db7be8e32286ca34
Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction Fuzzy Hash: 83B0927684020C77DF022E82EC03A593B199B40678F808060FB0C1D162A673A6A09689

Uniqueness

Uniqueness Score: -1.00%

Function 003CD2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000002,00000000), ref: 003CD46A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 6bec1624ba1674303699697c11de99771d3420fe0c55eccf0ec7eafb134cb6f8
Instruction ID: 551d917a670e4efc592d5731f1050b3cc4f241f3d576e683bdc2260dbba7daa3
Opcode Fuzzy Hash: 6bec1624ba1674303699697c11de99771d3420fe0c55eccf0ec7eafb134cb6f8
Instruction Fuzzy Hash: AC715F342083018FC71AEF64C491F6AB7E5AF89314F04896DF5969B2A6DF30ED49CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00380E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00380EF7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 31d561eca1acfd77eb33885019b70870bf760e6eca5bc7e99b2959cb60e9d14f
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: E4310470A00605DFC7AAEF58C48096AF7A6FF59300B258AE5E409CB651D730EDC5CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00DC2300 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 00DC2311

Memory Dump Source

Source File: 00000002.00000002.1394621807.0000000000DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dc0000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction ID: f027873170d7667a66ef187777192d1c63b8b43ff77899569832d17894f34ee8
Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction Fuzzy Hash: 9FE0E67494020EDFDB00EFB8D5496AE7FF4EF04301F100565FD01D2281D6309D508A72

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 003ECDAC Relevance: 77.6, APIs: 40, Strings: 4, Instructions: 637windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 003ECE50
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003ECE91
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 003ECED6
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003ECF00
SendMessageW.USER32 ref: 003ECF29
_wcsncpy.LIBCMT ref: 003ECFA1
GetKeyState.USER32(00000011), ref: 003ECFC2
GetKeyState.USER32(00000009), ref: 003ECFCF
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003ECFE5
GetKeyState.USER32(00000010), ref: 003ECFEF
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003ED018
SendMessageW.USER32 ref: 003ED03F
SendMessageW.USER32(?,00001030,?,003EB602), ref: 003ED145
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 003ED15B
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003ED16E
SetCapture.USER32(?), ref: 003ED177
ClientToScreen.USER32 ref: 003ED1DC
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003ED1E9
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003ED203
ReleaseCapture.USER32(?,?,?), ref: 003ED20E
GetCursorPos.USER32(?), ref: 003ED248
ScreenToClient.USER32(?,?), ref: 003ED255
SendMessageW.USER32(?,00001012,00000000,?), ref: 003ED2B1
SendMessageW.USER32 ref: 003ED2DF
SendMessageW.USER32(?,00001111,00000000,?), ref: 003ED31C
SendMessageW.USER32 ref: 003ED34B
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003ED36C
SendMessageW.USER32(?,0000110B,00000009,?), ref: 003ED37B
GetCursorPos.USER32(?), ref: 003ED39B
ScreenToClient.USER32(?,?), ref: 003ED3A8
GetParent.USER32(?), ref: 003ED3C8
SendMessageW.USER32(?,00001012,00000000,?), ref: 003ED431
SendMessageW.USER32 ref: 003ED462
ClientToScreen.USER32 ref: 003ED4C0
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003ED4F0
SendMessageW.USER32(?,00001111,00000000,?), ref: 003ED51A
SendMessageW.USER32 ref: 003ED53D
ClientToScreen.USER32 ref: 003ED58F
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003ED5C3

Part of subcall function 003625DB: GetWindowLongW.USER32(?,000000EB), ref: 003625EC

GetWindowLongW.USER32(?,000000F0), ref: 003ED65F

Strings

@U=u, xrefs: 003ECE91, 003ECF00, 003ECF29, 003ECFE5, 003ED018, 003ED03F, 003ED145, 003ED2B1, 003ED2DF, 003ED31C, 003ED34B, 003ED431, 003ED462, 003ED51A, 003ED53D
prB, xrefs: 003ED1BD
F, xrefs: 003ED543
@GUI_DRAGID, xrefs: 003ED1AA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
String ID: @GUI_DRAGID$@U=u$F$prB
API String ID: 3977979337-1244133831
Opcode ID: 773f97239902f1bb7cade598fe1de87a8bb1d22b85709e2e62973e9aa13b3641
Instruction ID: 3289f7ea9d2ba2cc87a16a0d48d5566d0cc721b283574a4b2cbe9e9cd3a149a0
Opcode Fuzzy Hash: 773f97239902f1bb7cade598fe1de87a8bb1d22b85709e2e62973e9aa13b3641
Instruction Fuzzy Hash: 5142A130204291AFD722CF29C884FAABBE9FF89314F15062DF6559B2E1C771D951CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003E804A Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 571windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000400,00000000,00000000), ref: 003E873F

Strings

@U=u, xrefs: 003E80E0, 003E8134, 003E81E7, 003E822E, 003E8256, 003E83BB, 003E8456, 003E84A0, 003E84EA, 003E850A, 003E85EC, 003E8625, 003E8676, 003E86E1, 003E873F
%d/%02d/%02d, xrefs: 003E8478

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: %d/%02d/%02d$@U=u
API String ID: 3850602802-2764005415
Opcode ID: c08ab7e942cb46f1d9a96c738cd767d1158fd83a57295aeb0609adaec38c4dd0
Instruction ID: 159c21bbe1c8ca76224a3803532e91bd0f810c898a4f68c60eab53a3160b6399
Opcode Fuzzy Hash: c08ab7e942cb46f1d9a96c738cd767d1158fd83a57295aeb0609adaec38c4dd0
Instruction Fuzzy Hash: 7A12E5719002A4AFEB269F65CC89FAF7BB8EF45310F114269F519EA2E0DF709941CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0037710E Relevance: 52.3, APIs: 19, Strings: 8, Instructions: 5093COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003775C2
_memset.LIBCMT ref: 003776B1
_memmove.LIBCMT ref: 00377C4B
_memmove.LIBCMT ref: 00377E4F

Strings

DEFINE, xrefs: 003B25AF
[:>:]], xrefs: 0037760A
0wA, xrefs: 003B1F5B
Q\E, xrefs: 003781C1
[:<:]], xrefs: 003775F1
Oa7, xrefs: 003B287E
\b(?<=\w), xrefs: 003B3C41
\b(?=\w), xrefs: 003B3C34

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove$_memset
String ID: 0wA$DEFINE$Oa7$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
API String ID: 1357608183-1104405717
Opcode ID: 9824822195d3e239c14c36bbe3366de39949e785364a9bc63a3271101fd70ea5
Instruction ID: fc43b9a58f5d53bad0bd7d7d1c1d0a94fc8de4e947ca0904e2094488d795c441
Opcode Fuzzy Hash: 9824822195d3e239c14c36bbe3366de39949e785364a9bc63a3271101fd70ea5
Instruction Fuzzy Hash: F193B275E00219DBDB26CF58C8817EDB7B1FF48314F25816AEA49EB681E7749E81CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00364A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?), ref: 00364A3D
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0039DA8E
IsIconic.USER32 ref: 0039DA97
ShowWindow.USER32(?,00000009), ref: 0039DAA4
SetForegroundWindow.USER32(?), ref: 0039DAAE
GetWindowThreadProcessId.USER32 ref: 0039DAC4
GetCurrentThreadId.KERNEL32 ref: 0039DACB
GetWindowThreadProcessId.USER32 ref: 0039DAD7
AttachThreadInput.USER32(?,00000000,00000001), ref: 0039DAE8
AttachThreadInput.USER32(?,00000000,00000001), ref: 0039DAF0
AttachThreadInput.USER32(00000000,?,00000001), ref: 0039DAF8
SetForegroundWindow.USER32(?), ref: 0039DAFB
MapVirtualKeyW.USER32(00000012,00000000,00000000,00000000), ref: 0039DB10
keybd_event.USER32 ref: 0039DB1B
MapVirtualKeyW.USER32(00000012,00000000,00000002,00000000), ref: 0039DB25
keybd_event.USER32 ref: 0039DB2A
MapVirtualKeyW.USER32(00000012,00000000,00000000,00000000), ref: 0039DB33
keybd_event.USER32 ref: 0039DB38
MapVirtualKeyW.USER32(00000012,00000000,00000002,00000000), ref: 0039DB42
keybd_event.USER32 ref: 0039DB47
SetForegroundWindow.USER32(?), ref: 0039DB4A
AttachThreadInput.USER32(?,?,00000000), ref: 0039DB71

Strings

Shell_TrayWnd, xrefs: 0039DA89

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 78c036553aa0d4663ab2cdea78f5d0e5f3f674fd4e5599d1805ab5012069f4dc
Instruction ID: 51103f06f0bbf3a20a652786c968dde99c12403a167bc6a22e581e8e89a2a4fc
Opcode Fuzzy Hash: 78c036553aa0d4663ab2cdea78f5d0e5f3f674fd4e5599d1805ab5012069f4dc
Instruction Fuzzy Hash: 99315371A40358BFEF326FA19C8AF7F3E6CEB54B50F114125FA04EA1D1C6B15D50AAA0

Uniqueness

Uniqueness Score: -1.00%

Function 003B8858 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 003B8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B8D0D
Part of subcall function 003B8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B8D3A
Part of subcall function 003B8CC3: GetLastError.KERNEL32 ref: 003B8D47

_memset.LIBCMT ref: 003B889B
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 003B88ED
CloseHandle.KERNEL32(?), ref: 003B88FE
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003B8915
GetProcessWindowStation.USER32 ref: 003B892E
SetProcessWindowStation.USER32(00000000), ref: 003B8938
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003B8952

Part of subcall function 003B8713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003B8851), ref: 003B8728
Part of subcall function 003B8713: CloseHandle.KERNEL32(?,?,003B8851), ref: 003B873A

Strings

, xrefs: 003B88AA
default, xrefs: 003B894D
winsta0, xrefs: 003B8910

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
String ID: $default$winsta0
API String ID: 2063423040-1027155976
Opcode ID: 6b15a6135d52a17eca36d8861add9a3063c5a6b62b4d270f06b122adfaf1bea1
Instruction ID: 67ec57bd2982476b61dd764c546d69d0d31c36d11c9b48b1c2e4b4b427c34f85
Opcode Fuzzy Hash: 6b15a6135d52a17eca36d8861add9a3063c5a6b62b4d270f06b122adfaf1bea1
Instruction Fuzzy Hash: 91816171900249BFDF12DFA4DC45AEEBB7CEF04308F18466AFA10A65A1DB718E15DB60

Uniqueness

Uniqueness Score: -1.00%

Function 003D425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 003D4284
IsClipboardFormatAvailable.USER32(0000000D), ref: 003D4292
GetClipboardData.USER32(0000000D), ref: 003D429A
CloseClipboard.USER32 ref: 003D42A6
GlobalLock.KERNEL32 ref: 003D42C2
CloseClipboard.USER32 ref: 003D42CC
GlobalUnlock.KERNEL32(00000000,00000000), ref: 003D42E1
IsClipboardFormatAvailable.USER32(00000001), ref: 003D42EE
GetClipboardData.USER32(00000001), ref: 003D42F6
GlobalLock.KERNEL32 ref: 003D4303
GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 003D4337
CloseClipboard.USER32(00000001,00000000), ref: 003D4447

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
String ID:
API String ID: 3222323430-0
Opcode ID: 944b5dbc6cd3afa0861b9d691fc6cb214b814794a9a4a84febef213bf5d738c8
Instruction ID: de7e169666d575053358dba4675336e66f4a6c228fbe293a43b1036f46aac347
Opcode Fuzzy Hash: 944b5dbc6cd3afa0861b9d691fc6cb214b814794a9a4a84febef213bf5d738c8
Instruction Fuzzy Hash: 9851A775204341AFD713BF61EC85F6E77ACAF84700F008A2AF555DA2E1DBB0D9048B62

Uniqueness

Uniqueness Score: -1.00%

Function 003CC9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 003CC9F8
FindClose.KERNEL32(00000000), ref: 003CCA4C
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003CCA71
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003CCA88
FileTimeToSystemTime.KERNEL32(?,?), ref: 003CCAAF
__swprintf.LIBCMT ref: 003CCAFB
__swprintf.LIBCMT ref: 003CCB3E

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

__swprintf.LIBCMT ref: 003CCB92

Part of subcall function 003838D8: __woutput_l.LIBCMT ref: 00383931

__swprintf.LIBCMT ref: 003CCBE0

Part of subcall function 003838D8: __flsbuf.LIBCMT ref: 00383953
Part of subcall function 003838D8: __flsbuf.LIBCMT ref: 0038396B

__swprintf.LIBCMT ref: 003CCC2F
__swprintf.LIBCMT ref: 003CCC7E
__swprintf.LIBCMT ref: 003CCCCD

Strings

%4d, xrefs: 003CCB38
%02d, xrefs: 003CCB86, 003CCB90, 003CCBDE, 003CCC2D, 003CCC7C, 003CCCCB
%4d%02d%02d%02d%02d%02d, xrefs: 003CCAF5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 3953360268-2428617273
Opcode ID: 40d4b4e26d117b535f2ed0d3bb5b3a6a86b8f3a606392cf499981ac4e9ad392f
Instruction ID: b39d6b0463dae3028024ee83c2b22a1e84a7339af518c0f3c5dfe4cce2cd9efd
Opcode Fuzzy Hash: 40d4b4e26d117b535f2ed0d3bb5b3a6a86b8f3a606392cf499981ac4e9ad392f
Instruction Fuzzy Hash: A3A121B2518344ABC712EB94C895EAFB7ECAF94704F40491EF586CB195EB34DA08C762

Uniqueness

Uniqueness Score: -1.00%

Function 003CF200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 003CF221
_wcscmp.LIBCMT ref: 003CF236
_wcscmp.LIBCMT ref: 003CF24D
GetFileAttributesW.KERNEL32(?), ref: 003CF25F
SetFileAttributesW.KERNEL32(?,?), ref: 003CF279
FindNextFileW.KERNEL32(00000000,?), ref: 003CF291
FindClose.KERNEL32(00000000), ref: 003CF29C
FindFirstFileW.KERNEL32(*.*,?), ref: 003CF2B8
_wcscmp.LIBCMT ref: 003CF2DF
_wcscmp.LIBCMT ref: 003CF2F6
SetCurrentDirectoryW.KERNEL32(?), ref: 003CF308
SetCurrentDirectoryW.KERNEL32(0041A5A0), ref: 003CF326
FindNextFileW.KERNEL32(00000000,00000010), ref: 003CF330
FindClose.KERNEL32(00000000), ref: 003CF33D
FindClose.KERNEL32(00000000), ref: 003CF34F

Strings

*.*, xrefs: 003CF2B3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1803514871-438819550
Opcode ID: 456a52d4df8fedf039e9f8bb0bce09e8e3dd99673b4c0c71267627c35c90c085
Instruction ID: ca088fb4fcf1e7378af12e1435c0b36b2721c6b647a688cc22855d800f981471
Opcode Fuzzy Hash: 456a52d4df8fedf039e9f8bb0bce09e8e3dd99673b4c0c71267627c35c90c085
Instruction Fuzzy Hash: C331C17A5012597EDB22EBB0DC88FDE77AD9F48360F1046BAE904D7090EB70DE458B54

Uniqueness

Uniqueness Score: -1.00%

Function 003E0AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E0BDE
RegCreateKeyExW.ADVAPI32(?,?,00000000,003EF910,00000000,?,00000000,?,?), ref: 003E0C4C
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 003E0C94
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 003E0D1D
RegCloseKey.ADVAPI32(?), ref: 003E103D
RegCloseKey.ADVAPI32(00000000), ref: 003E104A

Strings

REG_QWORD, xrefs: 003E0F8B
REG_DWORD, xrefs: 003E0F0E
REG_SZ, xrefs: 003E0D5B
REG_BINARY, xrefs: 003E0FD8
REG_EXPAND_SZ, xrefs: 003E0CBA
REG_MULTI_SZ, xrefs: 003E0E05

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: 603cb77e0b88713d798fe6f4e0e017066f96ed8a94791e830b7a4eebd8979cf6
Instruction ID: cec1b8ec41786eaeeb95434319215b86891e3b85ec4d0e56601f81bfaae58030
Opcode Fuzzy Hash: 603cb77e0b88713d798fe6f4e0e017066f96ed8a94791e830b7a4eebd8979cf6
Instruction Fuzzy Hash: AF0269752006519FCB16EF15C891E2AB7E9FF88714F05895DF88A9B3A2CB74EC41CB81

Uniqueness

Uniqueness Score: -1.00%

Function 003CF35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 003CF37E
_wcscmp.LIBCMT ref: 003CF393
_wcscmp.LIBCMT ref: 003CF3AA

Part of subcall function 003C45C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003C45DC

FindNextFileW.KERNEL32(00000000,?), ref: 003CF3D9
FindClose.KERNEL32(00000000), ref: 003CF3E4
FindFirstFileW.KERNEL32(*.*,?), ref: 003CF400
_wcscmp.LIBCMT ref: 003CF427
_wcscmp.LIBCMT ref: 003CF43E
SetCurrentDirectoryW.KERNEL32(?), ref: 003CF450
SetCurrentDirectoryW.KERNEL32(0041A5A0), ref: 003CF46E
FindNextFileW.KERNEL32(00000000,00000010), ref: 003CF478
FindClose.KERNEL32(00000000), ref: 003CF485
FindClose.KERNEL32(00000000), ref: 003CF497

Strings

*.*, xrefs: 003CF3FB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 1824444939-438819550
Opcode ID: 9f5fc132e4676ea5557d2808bae39cef18ad1e77fb73906b06cd1cf1ac80bbdf
Instruction ID: 60b12c3dcd195ff2e422900e17e0dcacb962471ad0242e8891f2c2d073be361f
Opcode Fuzzy Hash: 9f5fc132e4676ea5557d2808bae39cef18ad1e77fb73906b06cd1cf1ac80bbdf
Instruction Fuzzy Hash: E631E4365012597FCB26AB65EC88FDE73AD9F49324F1102BAE800E61A0D770DE44CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00376843 Relevance: 22.1, Strings: 17, Instructions: 883COMMON

Download Yara Rule

Strings

LIMIT_MATCH=, xrefs: 003B15A9
ANY), xrefs: 003B1717
CRLF), xrefs: 003B16FA
CR), xrefs: 003B16C0
PJ@, xrefs: 003768B3
ANYCRLF), xrefs: 003B1734
UCP), xrefs: 003B1546
NO_START_OPT), xrefs: 003B1588
UTF), xrefs: 003B1533
-es, xrefs: 003B172B, 003B17E8
Oa7, xrefs: 003B1888, 003B192F, 003B19DD
LIMIT_RECURSION=, xrefs: 003B1635
BSR_ANYCRLF), xrefs: 003B1757
UTF16), xrefs: 003B1508
NO_AUTO_POSSESS), xrefs: 003B1567
LF), xrefs: 003B16DD
BSR_UNICODE), xrefs: 003B1771

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: -es$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$Oa7$PJ@$UCP)$UTF)$UTF16)
API String ID: 0-2077196993
Opcode ID: 65b65a5d546ffa41b3ec7e81352c1b47521cc78310d00c96149f17600488880a
Instruction ID: 03503dc2e89cb5c8a4e17354a1d128167193b5fbbb502e06202c3a56edbcc3e3
Opcode Fuzzy Hash: 65b65a5d546ffa41b3ec7e81352c1b47521cc78310d00c96149f17600488880a
Instruction Fuzzy Hash: 7C72C171E00619CBDB26CF58C8A17EEB7B5FF48314F55806AE909EB680DB349D81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003B81F7 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003B874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B8766
Part of subcall function 003B874A: GetLastError.KERNEL32(?,003B822A,?,?,?), ref: 003B8770
Part of subcall function 003B874A: GetProcessHeap.KERNEL32(00000008,?,?,003B822A,?,?,?), ref: 003B877F
Part of subcall function 003B874A: HeapAlloc.KERNEL32(00000000,?,003B822A,?,?,?), ref: 003B8786
Part of subcall function 003B874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B879D

Part of subcall function 003B87E7: GetProcessHeap.KERNEL32(00000008,003B8240,00000000,00000000,?,003B8240,?), ref: 003B87F3
Part of subcall function 003B87E7: HeapAlloc.KERNEL32(00000000,?,003B8240,?), ref: 003B87FA
Part of subcall function 003B87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003B8240,?), ref: 003B880B

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003B825B
_memset.LIBCMT ref: 003B8270
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003B828F
GetLengthSid.ADVAPI32(?), ref: 003B82A0
GetAce.ADVAPI32(?,00000000,?), ref: 003B82DD
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003B82F9
GetLengthSid.ADVAPI32(?), ref: 003B8316
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003B8325
HeapAlloc.KERNEL32(00000000), ref: 003B832C
GetLengthSid.ADVAPI32(?,00000008,?), ref: 003B834D
CopySid.ADVAPI32(00000000), ref: 003B8354
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003B8385
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003B83AB
SetUserObjectSecurity.USER32 ref: 003B83BF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 8395670e53fc56e7ca74a30924f0dd620e0182abf6fd8bc5e0faef05f353cc48
Instruction ID: a66f567d33001b62dd49799b99e17ee342da0aeabd9967c43334f7c4de10b85e
Opcode Fuzzy Hash: 8395670e53fc56e7ca74a30924f0dd620e0182abf6fd8bc5e0faef05f353cc48
Instruction Fuzzy Hash: 52616F75A00209AFCF12DF94DC85AEEBBBDFF04704F048229E915AA291DB749A01CF50

Uniqueness

Uniqueness Score: -1.00%

Function 003E0665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 003E10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E0038,?,?), ref: 003E10BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E0737

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003E07D6
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003E086E
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 003E0AAD
RegCloseKey.ADVAPI32(00000000), ref: 003E0ABA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
String ID:
API String ID: 1240663315-0
Opcode ID: 573dbea0ab3bc7ebde51af5f307751972c9553ba77af74a2dfc5b698f0d19379
Instruction ID: da702984774312eb1c0d1f91d78a66a68c6d9b83b0c5e056fd9e53f7e006abbf
Opcode Fuzzy Hash: 573dbea0ab3bc7ebde51af5f307751972c9553ba77af74a2dfc5b698f0d19379
Instruction Fuzzy Hash: B0E16C31204354AFCB16DF25C891E6ABBE8EF89714F04856DF48ADB2A2DB70ED41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003C0219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 003C0241
GetAsyncKeyState.USER32 ref: 003C02C2
GetKeyState.USER32(000000A0), ref: 003C02DD
GetAsyncKeyState.USER32 ref: 003C02F7
GetKeyState.USER32(000000A1), ref: 003C030C
GetAsyncKeyState.USER32 ref: 003C0324
GetKeyState.USER32(00000011), ref: 003C0336
GetAsyncKeyState.USER32 ref: 003C034E
GetKeyState.USER32(00000012), ref: 003C0360
GetAsyncKeyState.USER32 ref: 003C0378
GetKeyState.USER32(0000005B), ref: 003C038A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 9a97ec5156dc907c6270dd865c0a64bb0dd93c2f9ef02a4386ab881ad99fef5e
Instruction ID: 6df48aed8899e9645d8fa0cffe5f35f5b51695f25586692efd7d73ce1a58a1a7
Opcode Fuzzy Hash: 9a97ec5156dc907c6270dd865c0a64bb0dd93c2f9ef02a4386ab881ad99fef5e
Instruction Fuzzy Hash: F441C9245047C9EEFF3B8BA4C848BA5BEA46F12340F09459DD5C6DA1C2EBD49DC487A2

Uniqueness

Uniqueness Score: -1.00%

Function 00374140 Relevance: 15.1, APIs: 1, Strings: 7, Instructions: 1132COMMON

Download Yara Rule

Strings

-es, xrefs: 003A7AC6
VUUU, xrefs: 003744DB
Oa7, xrefs: 00374984, 003A8173
VUUU, xrefs: 003744ED
ERCP, xrefs: 0037421F
VUUU, xrefs: 003A7B0C
VUUU, xrefs: 00374520

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: -es$ERCP$Oa7$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1065517484
Opcode ID: 83dee184f28b2ade969dea0bc2b75a2beee3f9b0f23444b4267f697c7b7b7c26
Instruction ID: d21c24ea2c857642e867d386d1f8b5e3b4faa4ca4dfbe4d7f5c5db049116f8b3
Opcode Fuzzy Hash: 83dee184f28b2ade969dea0bc2b75a2beee3f9b0f23444b4267f697c7b7b7c26
Instruction Fuzzy Hash: 6AA27C70E0421ACBDF36CF58C9907ADB7B1FB55314F1581AAD95AA7680E738AE81CB40

Uniqueness

Uniqueness Score: -1.00%

Function 003D4458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 003D447F
EmptyClipboard.USER32 ref: 003D4485
GlobalAlloc.KERNEL32(00000002,?), ref: 003D449A
CloseClipboard.USER32 ref: 003D4539

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: fab49bcb524763223e1813b1f17b4160b99808ce65d3e6c83499e85670152058
Instruction ID: 8cc3c110077fcb882037fb62aee5f7ab887c7319e44236bdff8f5621badadf8b
Opcode Fuzzy Hash: fab49bcb524763223e1813b1f17b4160b99808ce65d3e6c83499e85670152058
Instruction Fuzzy Hash: 17219F362002109FDB23AF60EC49B6977ACEF44714F15C06AF906DF2A1DB74AD01CB54

Uniqueness

Uniqueness Score: -1.00%

Function 003C3A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003648AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003648A1,?,?,003637C0,?), ref: 003648CE

Part of subcall function 003C4CD3: GetFileAttributesW.KERNEL32(?,003C3947), ref: 003C4CD4

FindFirstFileW.KERNEL32(?,?), ref: 003C3ADF
DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 003C3B87
MoveFileW.KERNEL32 ref: 003C3B9A
DeleteFileW.KERNEL32(?,?,?,?,?), ref: 003C3BB7
FindNextFileW.KERNEL32(00000000,00000010), ref: 003C3BD9
FindClose.KERNEL32(00000000,?,?,?,?), ref: 003C3BF5

Strings

\*.*, xrefs: 003C3A8A, 003C3A93, 003C3AA8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 4002782344-1173974218
Opcode ID: 61dea83a2ed90f32c3facf3beaa865bb88e954474ffb7709d23f11655d7e9994
Instruction ID: acd06ff0cb3519287ee38fe6af4ea7a4d1e5a48fd893376aea13b65373dd4283
Opcode Fuzzy Hash: 61dea83a2ed90f32c3facf3beaa865bb88e954474ffb7709d23f11655d7e9994
Instruction Fuzzy Hash: 00516E358052489ACF17EBA0CD92EEDB778AF15304F64C1A9E442BB095DF316F09CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003CF65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 003CF6AB
Sleep.KERNEL32(0000000A), ref: 003CF6DB
_wcscmp.LIBCMT ref: 003CF6EF
_wcscmp.LIBCMT ref: 003CF70A
FindNextFileW.KERNEL32(?,?), ref: 003CF7A8
FindClose.KERNEL32(00000000), ref: 003CF7BE

Strings

*.*, xrefs: 003CF690

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
String ID: *.*
API String ID: 713712311-438819550
Opcode ID: 4dbebd7c67e52a1e5ad8c1dcc5dfeec8ba000afd370f18a1e944678b75306d3b
Instruction ID: e02c6fdaab57e3758825a4a71ad7890c2987aab83db6a9684077a531b47e8206
Opcode Fuzzy Hash: 4dbebd7c67e52a1e5ad8c1dcc5dfeec8ba000afd370f18a1e944678b75306d3b
Instruction Fuzzy Hash: B3416C7190021AAFCF16DF64CC85FEEBBB9FF05350F14456AE815A62A1DB309E54CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003758C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00375A05
_memmove.LIBCMT ref: 00375A55
_memmove.LIBCMT ref: 00375ABB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 11ca2bc5f50b2bcdfd952cb209a3c8b85cf859e2151720fc973bd679b6dc6950
Instruction ID: aeb28c3f6e2642bcd2d65540fb17a39264baa5e2a7f7cc1b2ce5f2a56d436ba0
Opcode Fuzzy Hash: 11ca2bc5f50b2bcdfd952cb209a3c8b85cf859e2151720fc973bd679b6dc6950
Instruction Fuzzy Hash: F4129B70A00609DFDF1ADFA4D981AEEB7B5FF48304F108669E406EB651EB39AD11CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00375680 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 516COMMON

Download Yara Rule

APIs

Part of subcall function 00380FF6: std::exception::exception.LIBCMT ref: 0038102C
Part of subcall function 00380FF6: __CxxThrowException@8.LIBCMT ref: 00381041

_memmove.LIBCMT ref: 003B062F
_memmove.LIBCMT ref: 003B0744
_memmove.LIBCMT ref: 003B07EB

Strings

yZ7, xrefs: 003B0881, 003B07FF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove$Exception@8Throwstd::exception::exception
String ID: yZ7
API String ID: 1300846289-1552456220
Opcode ID: 7e4bd7af5c895fbe26eeaffca5121c46561efa5abe6429fbb3093e7791a9393a
Instruction ID: 6fc9d114de9288e3201d93586499e5342ca03d14b59fe691cd2c3b16c2c756ed
Opcode Fuzzy Hash: 7e4bd7af5c895fbe26eeaffca5121c46561efa5abe6429fbb3093e7791a9393a
Instruction Fuzzy Hash: E802F1B0A00209DBCF1ADF64D9816AEBBB5FF44304F15C0A9E80ADF255EB35DA51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003C545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B8D0D
Part of subcall function 003B8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B8D3A
Part of subcall function 003B8CC3: GetLastError.KERNEL32 ref: 003B8D47

ExitWindowsEx.USER32(?,00000000), ref: 003C549B

Strings

SeShutdownPrivilege, xrefs: 003C546B
, xrefs: 003C5489
@, xrefs: 003C548E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 94951ffc8d48df394ae8ef15df41a9f21a3e92e3fbb2e7ba04b9306e917fceb0
Instruction ID: efad4537cf84f305db1e59a7b6ca49ea6acf5c52937ecbf16d4f1711686bf4d7
Opcode Fuzzy Hash: 94951ffc8d48df394ae8ef15df41a9f21a3e92e3fbb2e7ba04b9306e917fceb0
Instruction Fuzzy Hash: 1A014231755A052EE73E637AEC8BFBA725CEB00342F210129FD06DA0C2DA903CC083A0

Uniqueness

Uniqueness Score: -1.00%

Function 00373190 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON

Download Yara Rule

Strings

Oa7, xrefs: 00373482

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __itow__swprintf
String ID: Oa7
API String ID: 674341424-1088220166
Opcode ID: ef5988b50593342bd09a6c0ecb7d3551d48ce4418d54900cc3dc5e7931621799
Instruction ID: 62fdb060e4dcf3e5b7e6e28c4df7c7d88850368cc6b450c1f83f08532da97082
Opcode Fuzzy Hash: ef5988b50593342bd09a6c0ecb7d3551d48ce4418d54900cc3dc5e7931621799
Instruction Fuzzy Hash: C922BD716083019FC726DF24C891BAFB7E8EF85314F11891DF48A9B291DB74EA04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003D6596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006), ref: 003D65EF
WSAGetLastError.WSOCK32(00000000), ref: 003D65FE
bind.WSOCK32(00000000,?,00000010), ref: 003D661A
listen.WSOCK32(00000000,00000005), ref: 003D6629
WSAGetLastError.WSOCK32(00000000), ref: 003D6643
closesocket.WSOCK32(00000000), ref: 003D6657

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: 534405d038233de5a3a74b1df8903a505d55ef9e7adedd886fe907bd91636f16
Instruction ID: abd5309a845fe610ebf785b47cfa52e24446deed6ee47cb08739650fc7749f5e
Opcode Fuzzy Hash: 534405d038233de5a3a74b1df8903a505d55ef9e7adedd886fe907bd91636f16
Instruction Fuzzy Hash: A72191312002009FDB12AF64D886B6EB7EDEF44720F15815AE966AB3D1CB70AD058B51

Uniqueness

Uniqueness Score: -1.00%

Function 00361287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

DefDlgProcW.USER32(?,?,?,?,?), ref: 003619FA
GetSysColor.USER32 ref: 00361A4E
SetBkColor.GDI32 ref: 00361A61

Part of subcall function 00361290: DefDlgProcW.USER32(?,00000020,?), ref: 003612D8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ColorProc$LongWindow
String ID:
API String ID: 3744519093-0
Opcode ID: 218d5838037b5d5fd44016b14a3d000930d26fe7869f97df0c1368b2d8c20d82
Instruction ID: 1190ef71f196deb6e9529fd83302daaebecd842e47474f7359838cf468a293a4
Opcode Fuzzy Hash: 218d5838037b5d5fd44016b14a3d000930d26fe7869f97df0c1368b2d8c20d82
Instruction Fuzzy Hash: E3A18A71105494BEEB3BAB69ED48DBF359CDB42346B1EC219F402DA5DACB208C02C2B5

Uniqueness

Uniqueness Score: -1.00%

Function 003D6A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON

Download Yara Rule

APIs

Part of subcall function 003D80A0: inet_addr.WSOCK32(00000000), ref: 003D80CB

socket.WSOCK32(00000002,00000002,00000011), ref: 003D6AB1
WSAGetLastError.WSOCK32(00000000), ref: 003D6ADA
bind.WSOCK32(00000000,?,00000010), ref: 003D6B13
WSAGetLastError.WSOCK32(00000000), ref: 003D6B20
closesocket.WSOCK32(00000000), ref: 003D6B34

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorLast$bindclosesocketinet_addrsocket
String ID:
API String ID: 99427753-0
Opcode ID: e41e3230e0445b3a1c2fb673b6dbb9029a3a77bbc58754dfdc539170695696de
Instruction ID: 5b3d538867dcf95fcd6a72b75c6e00a3e3d4ac55d7d841cf387db3867454af32
Opcode Fuzzy Hash: e41e3230e0445b3a1c2fb673b6dbb9029a3a77bbc58754dfdc539170695696de
Instruction Fuzzy Hash: 78418275B00210AFEB12AF64DC86F6E77EDAB48710F04C15AF95AAF3D2DA709D008791

Uniqueness

Uniqueness Score: -1.00%

Function 003E55FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 003E564C
IsWindowEnabled.USER32 ref: 003E565A
GetForegroundWindow.USER32(?,?,00000001), ref: 003E5667
IsIconic.USER32 ref: 003E5675
IsZoomed.USER32 ref: 003E5683

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 3c882b746e6cfc70dd5022009181b80b98db18b4362754c70d3440aaabebeeac
Instruction ID: ea08243334256c1cf8d55b987819600847a9460bff0881a83d2a7018af568270
Opcode Fuzzy Hash: 3c882b746e6cfc70dd5022009181b80b98db18b4362754c70d3440aaabebeeac
Instruction Fuzzy Hash: C511B2313009A06FEB231F27DC44B6BB79CEF54725F458629E806DB2C1CB7499018AA4

Uniqueness

Uniqueness Score: -1.00%

Function 003CC602 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 003CC69D
CoCreateInstance.OLE32(003F2D6C,00000000,00000001,003F2BDC,?), ref: 003CC6B5

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

CoUninitialize.OLE32 ref: 003CC922

Strings

.lnk, xrefs: 003CC631, 003CC659, 003CC663

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_memmove
String ID: .lnk
API String ID: 2683427295-24824748
Opcode ID: 7f28441989cd5b17c74b6d7148bcd3404b3630e981b3eb9ae4749968c2bf3f77
Instruction ID: 6d377e887290cf0e87b879559ba25dfdbca00e7b57c039e7f3662d384c0066e6
Opcode Fuzzy Hash: 7f28441989cd5b17c74b6d7148bcd3404b3630e981b3eb9ae4749968c2bf3f77
Instruction Fuzzy Hash: 55A14C71108205AFD301EF54C891EABB7ECEF94714F04892DF1969B1A2DB70EE49CB62

Uniqueness

Uniqueness Score: -1.00%

Function 003DC304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,003A1D88,?), ref: 003DC312
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 003DC324

Strings

kernel32.dll, xrefs: 003DC30D
GetSystemWow64DirectoryW, xrefs: 003DC31E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 2574300362-1816364905
Opcode ID: c101ec21742dbe863228bf4fc29b54b9557a6f1156fd0fe0dcaf1d65d26aa4a6
Instruction ID: 37945b678ef771ece87247a433aea937a1221ceb176220fdd139cc44b1143ba0
Opcode Fuzzy Hash: c101ec21742dbe863228bf4fc29b54b9557a6f1156fd0fe0dcaf1d65d26aa4a6
Instruction Fuzzy Hash: 81E0C279620713CFCB325F25E844A86B6D8EF08304F91C53AE886C6390E7B8D880CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003DF121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 003DF151
Process32FirstW.KERNEL32 ref: 003DF15F

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Process32NextW.KERNEL32(00000000,?), ref: 003DF21F
CloseHandle.KERNEL32(00000000,?,?,?), ref: 003DF22E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
String ID:
API String ID: 2576544623-0
Opcode ID: ba14a6e95d68f68b39d3fba15474c3e4cb37d3c529ffa7628627d2b86200f793
Instruction ID: f2ef249a0b1bd1d0e1e0cd5ec4c29e9d1a7cbc5c55c4b293f12bb875dc0193f1
Opcode Fuzzy Hash: ba14a6e95d68f68b39d3fba15474c3e4cb37d3c529ffa7628627d2b86200f793
Instruction Fuzzy Hash: AD5182725043019FD312EF20DC85E6BB7E8FF98710F54892DF4969B291DB709904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003BEB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 003BEB19

Strings

|, xrefs: 003BEB49
(, xrefs: 003BEB5F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: d66d71ba4f5ac2f5f2633a734d6ad3bba14660b7aceff617ce80e0fbae023bdd
Instruction ID: e65504ede73e6f32cc2598b54203d985517b532cc20e7cfa728ba00958bf73d4
Opcode Fuzzy Hash: d66d71ba4f5ac2f5f2633a734d6ad3bba14660b7aceff617ce80e0fbae023bdd
Instruction Fuzzy Hash: 5D324775A047059FC729DF19C4819AAB7F0FF48314B12C56EE59ACB7A1D770E941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 003D25E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 003D26D5
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 003D270C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: c09706498347fe1bccd00c48820ac8bbebbbd642301dfbf33d3606bf91e70c63
Instruction ID: 0dc89c3bec29a561f97ba14fcb429300aee663f81188026a2ab993a8b1ccfab1
Opcode Fuzzy Hash: c09706498347fe1bccd00c48820ac8bbebbbd642301dfbf33d3606bf91e70c63
Instruction Fuzzy Hash: 6B41F572500309BFEB22DE55EC85EBBB7BCEB50714F10406BF601AA741EAB1DE419754

Uniqueness

Uniqueness Score: -1.00%

Function 003CB59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 003CB5AE
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003CB608
SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 003CB655

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: ca0a77df257a517f82bbc3d65fdf181400b01c6821c7c5a89c7c377a7ac4e593
Instruction ID: ab25602ebefa4420ff94c34b6d5f1a92af59b50b444d94e3b9cddabc12fbb2ba
Opcode Fuzzy Hash: ca0a77df257a517f82bbc3d65fdf181400b01c6821c7c5a89c7c377a7ac4e593
Instruction Fuzzy Hash: 94218C35A00508EFCB01EFA5D881EEDBBB8FF48310F0480AAE905EB351CB31A915CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003B8CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00380FF6: std::exception::exception.LIBCMT ref: 0038102C
Part of subcall function 00380FF6: __CxxThrowException@8.LIBCMT ref: 00381041

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B8D0D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B8D3A
GetLastError.KERNEL32 ref: 003B8D47

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
String ID:
API String ID: 1922334811-0
Opcode ID: 511faf51eb6d9e02ef41972bfb2ed083699b9b1d785eb2be25d0b2bed01c68ec
Instruction ID: 703d5a91520cb3086e5aa2d4cf4570a0770a934dceb7ac26f04907dedb25782c
Opcode Fuzzy Hash: 511faf51eb6d9e02ef41972bfb2ed083699b9b1d785eb2be25d0b2bed01c68ec
Instruction Fuzzy Hash: C9119DB1814308AFD729AF54DC85D6BB7BCFB44714B20852EF54686651EB70AC40CB20

Uniqueness

Uniqueness Score: -1.00%

Function 003C4021 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003C404B
DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 003C4088
CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003C4091

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: f0577a129f16e5d805fef0b22f2fbd296f132238b77d6d4e150e94ce0946f97c
Instruction ID: ab46ac5e9513954a0c2d3b0621a2b1e99516c65f42b8d06fe95707a0a3f31508
Opcode Fuzzy Hash: f0577a129f16e5d805fef0b22f2fbd296f132238b77d6d4e150e94ce0946f97c
Instruction Fuzzy Hash: 6F11A1B1D40228BEE7219BE8DC44FBFBBBCEB08710F00465ABA04E7190D2B45D0587E1

Uniqueness

Uniqueness Score: -1.00%

Function 003C4C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003C4C2C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003C4C43
FreeSid.ADVAPI32(?), ref: 003C4C53

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 6fb0085660597593d6cc54980098a3eb455b1decca8d21d9dbecc21f76d33a66
Instruction ID: 2068e571aec4df4b33d3cafda83ca3c20fe884f7e311c2e3fbeff40e81660892
Opcode Fuzzy Hash: 6fb0085660597593d6cc54980098a3eb455b1decca8d21d9dbecc21f76d33a66
Instruction Fuzzy Hash: 5DF04975A1130CBFDF14DFF0DC89ABEBBBCEF08311F0045A9A901E6181E6B06A048B50

Uniqueness

Uniqueness Score: -1.00%

Function 003C8B13 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 003C8B25

Part of subcall function 0038543A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,003C91F8,00000000,?,?,?,?,003C93A9,00000000,?), ref: 00385443
Part of subcall function 0038543A: __aulldiv.LIBCMT ref: 00385463

Strings

0uB, xrefs: 003C8B1C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64
String ID: 0uB
API String ID: 2893107130-296784269
Opcode ID: 9c0ed0275ff8a596614eb6c90251b5943c152f76285b4ab8fca63ea9be09f528
Instruction ID: 1983ca90c7de0546837bb996346bd9a344d4f7cf560b2b8da9d02f3b1610d8f0
Opcode Fuzzy Hash: 9c0ed0275ff8a596614eb6c90251b5943c152f76285b4ab8fca63ea9be09f528
Instruction Fuzzy Hash: C821A2726256108BC72ACF25D841B52F3E1EFA5311B698E6CD0E5CB2D0CA74BD45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0036E060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d27e1d4e42d5424e5d578cb827b2e1657286de80edda2979fa209deb7c1233
Instruction ID: bb8562816d7dbd7de78bf7194476a899ebcd8a4ac444c14137c322335e512df1
Opcode Fuzzy Hash: 48d27e1d4e42d5424e5d578cb827b2e1657286de80edda2979fa209deb7c1233
Instruction Fuzzy Hash: C322C078A00215CFCB26DF58C490AAEB7F5FF09300F25C469E856AB355E770AD89CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003CC93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 003CC966
FindClose.KERNEL32(00000000), ref: 003CC996

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 89a36794d27ed05d01a65fce5a048268ce602f757981085015b05ad272448697
Instruction ID: 79cab09152f8665b4d9fef4281e3ed86b7cab05e2166dd9879876b6cda9c03a1
Opcode Fuzzy Hash: 89a36794d27ed05d01a65fce5a048268ce602f757981085015b05ad272448697
Instruction Fuzzy Hash: 981165756106009FD711EF29D855A2AF7E9FF44324F04C51EF9A9DB291DB74AC00CB81

Uniqueness

Uniqueness Score: -1.00%

Function 003CA2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,003D977D,?,003EFB84,?), ref: 003CA302
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,003D977D,?,003EFB84,?), ref: 003CA314

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 41305292f34eb3283e82689e218795dd589902e3bfca6fd6febf74325f54cbda
Instruction ID: c886a09754f9c9b4dae48248f6daff76b21bd612adbf8aa4c8883747a0b5194d
Opcode Fuzzy Hash: 41305292f34eb3283e82689e218795dd589902e3bfca6fd6febf74325f54cbda
Instruction Fuzzy Hash: B2F0823954426DABDB229FA4CC48FEA776DBF08761F008269B908DA181D7709D40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003B8713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003B8851), ref: 003B8728
CloseHandle.KERNEL32(?,?,003B8851), ref: 003B873A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 439c51e1df14d24e8379feec7d5caceb6254744163578723607282de9db75391
Instruction ID: 6ddee0538aee3e0abd8d56639c83e7e620edacf2411ad799173e70cda042cfe3
Opcode Fuzzy Hash: 439c51e1df14d24e8379feec7d5caceb6254744163578723607282de9db75391
Instruction Fuzzy Hash: 8CE0B676010650EEEB372B60EC09D777BADEB04354B248969B596844B0DB62AC91DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0038A395 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00388F97,?,?,?,00000001), ref: 0038A39A
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0038A3A3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8723645a10973f231d96ef33a92cbcdda9447381201735653944b5600148869a
Instruction ID: 9fc0a2891c899cf2d6d1949a25d3538415185ed22bc6b4ace57dc8f43b9fc39c
Opcode Fuzzy Hash: 8723645a10973f231d96ef33a92cbcdda9447381201735653944b5600148869a
Instruction Fuzzy Hash: 1BB09235054248AFCA122B91EC49B883F6CEB44BA2F404120F60D886A4CBA255508A91

Uniqueness

Uniqueness Score: -1.00%

Function 0038F419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2199619d16f740ab76fb638b3abcf49d51b0caa7720228d85a1b1a6fa612c310
Instruction ID: 9daec43139b9c8fd04f611d58eb5add5f4430cf1c913041d6a3a13916e1f7f69
Opcode Fuzzy Hash: 2199619d16f740ab76fb638b3abcf49d51b0caa7720228d85a1b1a6fa612c310
Instruction Fuzzy Hash: 99321721D69F014DD723A634D832336A65DAFB73D4F15D737F819B5AA6EB28C9834200

Uniqueness

Uniqueness Score: -1.00%

Function 0039267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: decd6550ab92198d31e0cbbcb3af51534fdacd6af618eec7309e553489792ad1
Instruction ID: cc61df9a83bb920c558cc31767b048c2a3258ebc65c784c97f5c1d5eb923ea67
Opcode Fuzzy Hash: decd6550ab92198d31e0cbbcb3af51534fdacd6af618eec7309e553489792ad1
Instruction Fuzzy Hash: 33B11361D2AF414DD72396398831336BB4CAFBB2C5F52D71BFC1A74E22EB2185838141

Uniqueness

Uniqueness Score: -1.00%

Function 003D41FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 003D4218

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 52215ffc6e9f31290393fe0228234bd13ff6c93a463f92b66cd8e990fc842778
Instruction ID: a4d9ed271788dfbf0d1ba4faaf2ab08045872362bfb9b62ccff8dda739bfd077
Opcode Fuzzy Hash: 52215ffc6e9f31290393fe0228234bd13ff6c93a463f92b66cd8e990fc842778
Instruction Fuzzy Hash: 7AE04F322402149FC711EF59E844A9AF7ECAF94760F05C427FC49DB352DAB0E8448BA0

Uniqueness

Uniqueness Score: -1.00%

Function 003C4EF5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32 ref: 003C4F18

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 6ff009d2b279441c6a97cb35a03b81993ad9206ad87727d5269ea66aa9b326bd
Instruction ID: 9e59314092ac002d9c886c11788bd98e706f03a6e53eeca25de0b47b057a8cb8
Opcode Fuzzy Hash: 6ff009d2b279441c6a97cb35a03b81993ad9206ad87727d5269ea66aa9b326bd
Instruction Fuzzy Hash: 39D09EB41646057DFC2A4B20AC3FF76111DE351791F95598DB201D99C2D8E66C50B235

Uniqueness

Uniqueness Score: -1.00%

Function 003B8C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,003B88D1), ref: 003B8CB3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: 03347e4bede9531efaf88cc6c81895b00b487ef9b566c0ed51be88aa4e7d57fe
Instruction ID: 541b6b2f24b8e14358d83f7396721b263442b47654fd56005efedeff33904bad
Opcode Fuzzy Hash: 03347e4bede9531efaf88cc6c81895b00b487ef9b566c0ed51be88aa4e7d57fe
Instruction Fuzzy Hash: 2ED05E3226050EAFEF118EA4DC01EBE3B69EB04B01F408111FE15C50A1C7B5D835AB60

Uniqueness

Uniqueness Score: -1.00%

Function 003A2230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 003A2242

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: d18e60235283eab00702d2bd12e4ccad4e07519464208ea4d736be286ddf8b3d
Instruction ID: 23e7f99a215a78c7e83818982a0c56e1cab9260cdc78c823c41df13fec7a0b84
Opcode Fuzzy Hash: d18e60235283eab00702d2bd12e4ccad4e07519464208ea4d736be286ddf8b3d
Instruction Fuzzy Hash: 6AC04CF1800109DBDB16DB90D988DEE77BCAB04304F104155A101F2140D7749B448A71

Uniqueness

Uniqueness Score: -1.00%

Function 0038A364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 0038A36A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b073c756e92ecc296baa838702e8edc59671edab1e8e67f3e0e1b0f5f52250be
Instruction ID: bf7c1880107007591ae2039c9e61e98cffcde5d1b02fee211000810603d6b043
Opcode Fuzzy Hash: b073c756e92ecc296baa838702e8edc59671edab1e8e67f3e0e1b0f5f52250be
Instruction Fuzzy Hash: 1BA0113000020CAB8A022B82EC08888BFACEA002A0B008020F80C882228BB2A8208A80

Uniqueness

Uniqueness Score: -1.00%

Function 00378A0E Relevance: .6, Instructions: 608COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16447433196620df89c816674785afa7f8cf014fa1b7cde1ebbfc572d08cfad6
Instruction ID: 5f29c4a84abc6e49b6fe7c95cb0e8f0915a21c4a8bf1e6012812c77723523adc
Opcode Fuzzy Hash: 16447433196620df89c816674785afa7f8cf014fa1b7cde1ebbfc572d08cfad6
Instruction Fuzzy Hash: 45221A30A41616CBDF3B8F14C5987BDB7E1EB41308F26C46AD54ADBA91DB389D81CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00382405 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction ID: 43c954cd10f423b19a9ca988fa1d01faad680b991df6ba9ed5b05fd665815cbb
Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction Fuzzy Hash: 8DC180322052A30ADF2E563A943403FFAE55AA27B131B07DDE8B2CB5D5EF24D525D720

Uniqueness

Uniqueness Score: -1.00%

Function 0038283A Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction ID: d63035e4f946a18907fc36a9863d3774ffc19f80168ef7604d20f62d0358441d
Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction Fuzzy Hash: 31C172322052A30ADF6F563A843403FBAE55AA27B131B07EDE4B2DB5D4EF24D525D720

Uniqueness

Uniqueness Score: -1.00%

Function 003EA849 Relevance: 59.8, APIs: 33, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 003EA89F
GetSysColorBrush.USER32(0000000F), ref: 003EA8D0
GetSysColor.USER32 ref: 003EA8DC
SetBkColor.GDI32 ref: 003EA8F6
SelectObject.GDI32(?,?), ref: 003EA905
InflateRect.USER32 ref: 003EA930
GetSysColor.USER32 ref: 003EA938
CreateSolidBrush.GDI32(00000000), ref: 003EA93F
FrameRect.USER32 ref: 003EA94E
DeleteObject.GDI32 ref: 003EA955
InflateRect.USER32 ref: 003EA9A0
FillRect.USER32 ref: 003EA9D2
GetWindowLongW.USER32(?,000000F0), ref: 003EA9FD

Part of subcall function 003EAB60: GetSysColor.USER32 ref: 003EAB99
Part of subcall function 003EAB60: SetTextColor.GDI32(?,?), ref: 003EAB9D
Part of subcall function 003EAB60: GetSysColorBrush.USER32(0000000F), ref: 003EABB3
Part of subcall function 003EAB60: GetSysColor.USER32 ref: 003EABBE
Part of subcall function 003EAB60: GetSysColor.USER32 ref: 003EABDB
Part of subcall function 003EAB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003EABE9
Part of subcall function 003EAB60: SelectObject.GDI32(?,00000000), ref: 003EABFA
Part of subcall function 003EAB60: SetBkColor.GDI32 ref: 003EAC03
Part of subcall function 003EAB60: SelectObject.GDI32(?,?), ref: 003EAC10
Part of subcall function 003EAB60: InflateRect.USER32 ref: 003EAC2F
Part of subcall function 003EAB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003EAC46
Part of subcall function 003EAB60: GetWindowLongW.USER32(00000000,000000F0), ref: 003EAC5B

Strings

@U=u, xrefs: 003EAA4E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID: @U=u
API String ID: 4124339563-2594219639
Opcode ID: 46fe7b4b2c2f21c6b194cc63608d77b931caa3a1e08f4fbcf6558e669087dd44
Instruction ID: 4368567241892aad030dcbf06954c09f2a000b2f4b1013ed6caa73fea5b9f53a
Opcode Fuzzy Hash: 46fe7b4b2c2f21c6b194cc63608d77b931caa3a1e08f4fbcf6558e669087dd44
Instruction Fuzzy Hash: 07A1C071008795AFD7229F64DC48A6B7BADFF89320F104B29F9629A1E1C770E940CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003E37F3 Relevance: 52.9, APIs: 6, Strings: 24, Instructions: 365windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,003EF910), ref: 003E38AF
IsWindowVisible.USER32(?), ref: 003E38D3

Strings

GETCURRENTSELECTION, xrefs: 003E3A6B
@U=u, xrefs: 003E3B6B, 003E3B92, 003E3C1B
GETLINE, xrefs: 003E3C23
GETCURRENTCOL, xrefs: 003E3BB0
SETCURRENTSELECTION, xrefs: 003E3A3E
CHECK, xrefs: 003E3AF5
GETLINECOUNT, xrefs: 003E3B4E
TABRIGHT, xrefs: 003E3925
SHOWDROPDOWN, xrefs: 003E3968
GETCURRENTLINE, xrefs: 003E3B75
GETSELECTED, xrefs: 003E3B2B
CURRENTTAB, xrefs: 003E3945
EDITPASTE, xrefs: 003E3BE7
TABLEFT, xrefs: 003E390F
HIDEDROPDOWN, xrefs: 003E3988
DELSTRING, xrefs: 003E39D1
ISCHECKED, xrefs: 003E3AC1
FINDSTRING, xrefs: 003E39FE
UNCHECK, xrefs: 003E3B0B
ISENABLED, xrefs: 003E38F3
SELECTSTRING, xrefs: 003E3A8E
SENDCOMMANDID, xrefs: 003E3C62
ADDSTRING, xrefs: 003E399E
ISVISIBLE, xrefs: 003E38BF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharUpperVisibleWindow
String ID: @U=u$ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 4105515805-3469695742
Opcode ID: b6eb9a40f1c6a4639c4605cae13c189f8479675c2f980c83d645e7eff395014e
Instruction ID: bfba1ed4d9460595778aca53941639b437147e07984c327a1dc61f2dad1c38c5
Opcode Fuzzy Hash: b6eb9a40f1c6a4639c4605cae13c189f8479675c2f980c83d645e7eff395014e
Instruction Fuzzy Hash: 1ED1C130204355CBCB16EF21C455BAAB7AAEF94344F108559B8865F7E3CB34EE4ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 00362C18 Relevance: 51.2, APIs: 27, Strings: 2, Instructions: 486windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?), ref: 00362CA2
DeleteObject.GDI32 ref: 00362CE8
DeleteObject.GDI32 ref: 00362CF3
DestroyIcon.USER32(00000000,?,?,?), ref: 00362CFE
DestroyWindow.USER32(00000000,?,?,?), ref: 00362D09
SendMessageW.USER32(?,00001308,?,00000000), ref: 0039C68B
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0039C6C4
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0039CAED

Part of subcall function 00361B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00362036,?,00000000,?,?,?,?,003616CB,00000000,?), ref: 00361B9A

SendMessageW.USER32(?,00001053), ref: 0039CB2A
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0039CB41
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0039CB57
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0039CB62

Strings

@U=u, xrefs: 0039C68B, 0039C792, 0039CA6D
0, xrefs: 0039C981

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
String ID: 0$@U=u
API String ID: 464785882-975001249
Opcode ID: b2c126526b6de5d87572bb3fc7c4bad00027215065deffb9eb125171c3aff473
Instruction ID: 804112614dfe3f6d074005dd70c66d7a96683ac451a90b28bdef3d6f9b53e350
Opcode Fuzzy Hash: b2c126526b6de5d87572bb3fc7c4bad00027215065deffb9eb125171c3aff473
Instruction Fuzzy Hash: F812CE30614641EFDF22CF24C884BAABBE5BF45310F569569F885DB6A2C771EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003D77BE Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 284windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 003D77F1
SystemParametersInfoW.USER32 ref: 003D78B0
SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 003D78EE
AdjustWindowRectEx.USER32 ref: 003D7900
CreateWindowExW.USER32 ref: 003D7946
GetClientRect.USER32(00000000,?), ref: 003D7952
CreateWindowExW.USER32 ref: 003D7996
CreateDCW.GDI32 ref: 003D79A5
GetStockObject.GDI32(00000011), ref: 003D79B5
SelectObject.GDI32(00000000,00000000), ref: 003D79B9
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 003D79C9
GetDeviceCaps.GDI32 ref: 003D79D2
DeleteDC.GDI32(00000000), ref: 003D79DB
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003D7A07
SendMessageW.USER32(00000030,00000000,00000001), ref: 003D7A1E
CreateWindowExW.USER32 ref: 003D7A59
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003D7A6D
SendMessageW.USER32(00000404,00000001,00000000), ref: 003D7A7E
CreateWindowExW.USER32 ref: 003D7AAE
GetStockObject.GDI32(00000011), ref: 003D7AB9
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003D7AC4
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 003D7ACE

Strings

@U=u, xrefs: 003D7A0D
AutoIt v3, xrefs: 003D793E
msctls_progress32, xrefs: 003D7A4F
static, xrefs: 003D7990, 003D7AA8
DISPLAY, xrefs: 003D799B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: @U=u$AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-2771358697
Opcode ID: be25922350f2ac9d6247e47e42f2a9644788e73294df5edcc878ca01c3973652
Instruction ID: 5fbef01d00de5e39c62cc64e289c7c51031ff6a71d507b105e68aadcde64a909
Opcode Fuzzy Hash: be25922350f2ac9d6247e47e42f2a9644788e73294df5edcc878ca01c3973652
Instruction Fuzzy Hash: 10A18271A00215BFEB259F64DC4AFAE7BBDEB44710F118215FA15AB2E0D7B0AD01CB64

Uniqueness

Uniqueness Score: -1.00%

Function 003EAB60 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32 ref: 003EAB99
SetTextColor.GDI32(?,?), ref: 003EAB9D
GetSysColorBrush.USER32(0000000F), ref: 003EABB3
GetSysColor.USER32 ref: 003EABBE
CreateSolidBrush.GDI32(?), ref: 003EABC3
GetSysColor.USER32 ref: 003EABDB
CreatePen.GDI32(00000000,00000001,00743C00), ref: 003EABE9
SelectObject.GDI32(?,00000000), ref: 003EABFA
SetBkColor.GDI32 ref: 003EAC03
SelectObject.GDI32(?,?), ref: 003EAC10
InflateRect.USER32 ref: 003EAC2F
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003EAC46
GetWindowLongW.USER32(00000000,000000F0), ref: 003EAC5B
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003EACA7
GetWindowTextW.USER32 ref: 003EACCE
InflateRect.USER32 ref: 003EACEC
DrawFocusRect.USER32 ref: 003EACF7
GetSysColor.USER32 ref: 003EAD05
SetTextColor.GDI32(?,00000000), ref: 003EAD0D
DrawTextW.USER32 ref: 003EAD21
SelectObject.GDI32(?,003EA869), ref: 003EAD38
DeleteObject.GDI32 ref: 003EAD43
SelectObject.GDI32(?,?), ref: 003EAD49
DeleteObject.GDI32 ref: 003EAD4E
SetTextColor.GDI32(?,?), ref: 003EAD54
SetBkColor.GDI32 ref: 003EAD5E

Strings

@U=u, xrefs: 003EACA7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID: @U=u
API String ID: 1996641542-2594219639
Opcode ID: 29050f477c0c014a0debc7af152a741a3fb7b0b1836a26a58fdfd853c059a91d
Instruction ID: b60ea65ca591aafcc92e76ca7260ba16d0fbea6c05dfa5973034e25f57002728
Opcode Fuzzy Hash: 29050f477c0c014a0debc7af152a741a3fb7b0b1836a26a58fdfd853c059a91d
Instruction Fuzzy Hash: 94616271900658EFDF129FA5DC88EAE7B79EB08320F114225F915AB2E1D6B1AD40DB90

Uniqueness

Uniqueness Score: -1.00%

Function 003CAF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 003CAF89
GetDriveTypeW.KERNEL32(?,003EFAC0,?,\\.\,003EF910), ref: 003CB066
SetErrorMode.KERNEL32(00000000,003EFAC0,?,\\.\,003EF910), ref: 003CB1C4

Strings

Network, xrefs: 003CB0A4
Fixed, xrefs: 003CB0AE
SSA, xrefs: 003CB14D
iSCSI, xrefs: 003CB169
Unknown, xrefs: 003CB086, 003CB12A
SCSI, xrefs: 003CB131
Virtual, xrefs: 003CB18C
FileBackedVirtual, xrefs: 003CB193
PhysicalDrive, xrefs: 003CB012
USB, xrefs: 003CB15B
Removable, xrefs: 003CB0B8
ATA, xrefs: 003CB13F
SSD, xrefs: 003CB0F1
MMC, xrefs: 003CB185
1394, xrefs: 003CB146
SAS, xrefs: 003CB170
SATA, xrefs: 003CB177
Fibre, xrefs: 003CB154
\\.\, xrefs: 003CAFDB
CDROM, xrefs: 003CB09A
RAID, xrefs: 003CB162
ATAPI, xrefs: 003CB138
RAMDisk, xrefs: 003CB090

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 0cbee5f1e64a4c939355d07b824802badb66645c011e66491609b5f3beb6d46b
Instruction ID: 30a1ce440531ff986103edc521d950691b09072f5f520b4b90cd90b1cb850c6f
Opcode Fuzzy Hash: 0cbee5f1e64a4c939355d07b824802badb66645c011e66491609b5f3beb6d46b
Instruction Fuzzy Hash: 2251A530A812459BCB12DB10C963FBDB3B4AB14346F38801EE417EB5D1C7799E918B46

Uniqueness

Uniqueness Score: -1.00%

Function 00366A3C Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00366A91
__wcsnicmp.LIBCMT ref: 00366AA9
__wcsnicmp.LIBCMT ref: 00366AC1
__wcsnicmp.LIBCMT ref: 00366AD9
__wcsnicmp.LIBCMT ref: 00366AF1
__wcsnicmp.LIBCMT ref: 00366B09
__wcsnicmp.LIBCMT ref: 00366B21
__wcsnicmp.LIBCMT ref: 00366B35
__wcsnicmp.LIBCMT ref: 00366B76
__wcsnicmp.LIBCMT ref: 00366B8A
__wcsnicmp.LIBCMT ref: 00366B9E
__wcsnicmp.LIBCMT ref: 00366BB2

Strings

#requireadmin, xrefs: 00366ABB
#ce, xrefs: 00366BAC
#include, xrefs: 00366B03
#comments-end, xrefs: 00366B98
#OnAutoItStartRegister, xrefs: 00366AD3
#include-once, xrefs: 00366AEB
Unterminated group of comments, xrefs: 0039E82C
Cannot parse #include, xrefs: 0039E819
#cs, xrefs: 00366B2F, 00366B84
#comments-start, xrefs: 00366B1B, 00366B70
Bad directive syntax error, xrefs: 0039E743
#notrayicon, xrefs: 00366AA3
#pragma compile, xrefs: 00366A8B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 1038674560-86951937
Opcode ID: d4239e1b745c811968d061f348f89ea63f230a0443df0daa12db3f7017cc412a
Instruction ID: f46e6032424cfed100536cb0910f33fa69f5124f9d217ff06c7d8e620198479b
Opcode Fuzzy Hash: d4239e1b745c811968d061f348f89ea63f230a0443df0daa12db3f7017cc412a
Instruction Fuzzy Hash: 318107B0640355EBCB27BBA1CC93FEF7768AF15740F048025F945AE1CAEB60EA51C661

Uniqueness

Uniqueness Score: -1.00%

Function 003E8C44 Relevance: 40.7, APIs: 21, Strings: 2, Instructions: 401windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003E8D34
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E8D45
CharNextW.USER32(0000014E), ref: 003E8D74
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003E8DB5
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003E8DCB
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E8DDC
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 003E8DF9
SetWindowTextW.USER32(?,0000014E), ref: 003E8E45
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 003E8E5B
SendMessageW.USER32(?,00001002,00000000,?), ref: 003E8E8C
_memset.LIBCMT ref: 003E8EB1
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 003E8EFA
_memset.LIBCMT ref: 003E8F59
SendMessageW.USER32(?,00001053,000000FF,?), ref: 003E8F83
SendMessageW.USER32(?,00001074,?,00000001), ref: 003E8FDB
SendMessageW.USER32(?,0000133D,?,?), ref: 003E9088
InvalidateRect.USER32(?,00000000,00000001), ref: 003E90AA
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003E90F4
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003E9121
DrawMenuBar.USER32(?), ref: 003E9130
SetWindowTextW.USER32(?,0000014E), ref: 003E9158

Strings

@U=u, xrefs: 003E8D34, 003E8D45, 003E8D7A, 003E8DF9, 003E8E5B, 003E8E8C, 003E8EFA, 003E8F83, 003E8FDB, 003E9088
0, xrefs: 003E90C2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
String ID: 0$@U=u
API String ID: 1073566785-975001249
Opcode ID: a39a195c6a703fa6aa035dc9810290d831a15708bca0e59a76c948d281bbfc47
Instruction ID: eaf705d74789682ee6013684369703a23bffe627fc6e1b84af7d3fdcd4b16563
Opcode Fuzzy Hash: a39a195c6a703fa6aa035dc9810290d831a15708bca0e59a76c948d281bbfc47
Instruction Fuzzy Hash: 4AE184709002A9AFDF229F61CC84EEF7B79EF05710F118256F919AA2D0DB709A41DF61

Uniqueness

Uniqueness Score: -1.00%

Function 003E4B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 003E4C51
GetDesktopWindow.USER32 ref: 003E4C66
GetWindowRect.USER32 ref: 003E4C6D
GetWindowLongW.USER32(?,000000F0), ref: 003E4CCF
DestroyWindow.USER32(?), ref: 003E4CFB
CreateWindowExW.USER32 ref: 003E4D24
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003E4D42
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 003E4D68
SendMessageW.USER32(?,00000421,?,?), ref: 003E4D7D
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 003E4D90
IsWindowVisible.USER32(?), ref: 003E4DB0
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 003E4DCB
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 003E4DDF
GetWindowRect.USER32 ref: 003E4DF7
MonitorFromPoint.USER32(?,?,00000002), ref: 003E4E1D
GetMonitorInfoW.USER32 ref: 003E4E37
CopyRect.USER32(?,?), ref: 003E4E4E
SendMessageW.USER32(?,00000412,00000000), ref: 003E4EB9

Strings

tooltips_class32, xrefs: 003E4D1D
0, xrefs: 003E4BFC
(, xrefs: 003E4E2A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: a4a90206654a371a74d26fe85b8c6d2ccfce89490f6dabc4b0de7c824bb94d75
Instruction ID: 9d1ab1bf2e643018e1e5fe4c056a24f565e9748e83f38c822feff5783b7c4c7c
Opcode Fuzzy Hash: a4a90206654a371a74d26fe85b8c6d2ccfce89490f6dabc4b0de7c824bb94d75
Instruction Fuzzy Hash: 40B18C71604391AFDB15DF65C888B6ABBE8FF88310F008A1DF5999B2A1D771EC04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003627D9 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 286windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32 ref: 003628BC
GetSystemMetrics.USER32 ref: 003628C4
SystemParametersInfoW.USER32 ref: 003628EF
GetSystemMetrics.USER32 ref: 003628F7
GetSystemMetrics.USER32 ref: 0036291C
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00362939
AdjustWindowRectEx.USER32 ref: 00362949
CreateWindowExW.USER32 ref: 0036297C
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00362990
GetClientRect.USER32(00000000,000000FF), ref: 003629AE
GetStockObject.GDI32(00000011), ref: 003629CA
SendMessageW.USER32(00000000,00000030,00000000), ref: 003629D5

Part of subcall function 00362344: GetCursorPos.USER32(?), ref: 00362357
Part of subcall function 00362344: ScreenToClient.USER32(004267B0,?), ref: 00362374
Part of subcall function 00362344: GetAsyncKeyState.USER32 ref: 00362399
Part of subcall function 00362344: GetAsyncKeyState.USER32 ref: 003623A7

SetTimer.USER32(00000000,00000000,00000028,00361256), ref: 003629FC

Strings

@U=u, xrefs: 003629D5
AutoIt v3 GUI, xrefs: 00362974
-es, xrefs: 00362912

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: -es$@U=u$AutoIt v3 GUI
API String ID: 1458621304-2401640424
Opcode ID: 408c7d5d8b4eaa534154f95a287e2ca5f6973a6c95c3cd8647c3543552d3ec70
Instruction ID: 0b58421a3931248f5d434b8b8b23b7334dffa366629fd01c7ec9c7c6e5b06e74
Opcode Fuzzy Hash: 408c7d5d8b4eaa534154f95a287e2ca5f6973a6c95c3cd8647c3543552d3ec70
Instruction Fuzzy Hash: 49B170756002499FDF26DFA8DC85BAE7BB4FB48310F128225FA15EB2D4CB749841CB54

Uniqueness

Uniqueness Score: -1.00%

Function 003C46D6 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 003C46E8
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 003C470E
_wcscpy.LIBCMT ref: 003C473C
_wcscmp.LIBCMT ref: 003C4747
_wcscat.LIBCMT ref: 003C475D
_wcsstr.LIBCMT ref: 003C4768
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 003C4784
_wcscat.LIBCMT ref: 003C47CD
_wcscat.LIBCMT ref: 003C47D4
_wcsncpy.LIBCMT ref: 003C47FF

Strings

StringFileInfo\, xrefs: 003C4757
\VarFileInfo\Translation, xrefs: 003C477C
%u.%u.%u.%u, xrefs: 003C4862
DefaultLangCodepage, xrefs: 003C47E7
04090000, xrefs: 003C47BA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 699586101-1459072770
Opcode ID: 9354a7604b81e9c5e774daa0bc68f6766a26984e6d9c7b4a3d8e9914c621daab
Instruction ID: 4a33523a225b6a325e356583ca2cf33cf7b3f92e482d19ee4a2e9c6dd8b2909d
Opcode Fuzzy Hash: 9354a7604b81e9c5e774daa0bc68f6766a26984e6d9c7b4a3d8e9914c621daab
Instruction Fuzzy Hash: E641F572A003147BDB23B7648C42FBF77ACDF41710F1041AAF904EA182EB75AA0197A5

Uniqueness

Uniqueness Score: -1.00%

Function 003BC4C1 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 169windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 003BC4D4
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003BC4E6
SetWindowTextW.USER32(?,?), ref: 003BC4FD
GetDlgItem.USER32 ref: 003BC512
SetWindowTextW.USER32(00000000,?), ref: 003BC518
GetDlgItem.USER32 ref: 003BC528
SetWindowTextW.USER32(00000000,?), ref: 003BC52E
SendDlgItemMessageW.USER32 ref: 003BC54F
SendDlgItemMessageW.USER32 ref: 003BC569
GetWindowRect.USER32 ref: 003BC572
SetWindowTextW.USER32(?,?), ref: 003BC5DD
GetDesktopWindow.USER32 ref: 003BC5E3
GetWindowRect.USER32 ref: 003BC5EA
MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 003BC636
GetClientRect.USER32(?,?), ref: 003BC643
PostMessageW.USER32(?,00000005,00000000,00000000), ref: 003BC668
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003BC693

Strings

@U=u, xrefs: 003BC4E6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
String ID: @U=u
API String ID: 3869813825-2594219639
Opcode ID: b265776ac8421b81e651c6e7ff2b213bf8e088eaf76122f2d713c118d5b09f5f
Instruction ID: 22c9d82a000f9f6bc0268db2af1dfae285ebc223f840af053159f0a56baddaf9
Opcode Fuzzy Hash: b265776ac8421b81e651c6e7ff2b213bf8e088eaf76122f2d713c118d5b09f5f
Instruction Fuzzy Hash: 79516370900709AFDB32DFA9DD85BAEBBF5FF04705F004629E686A69A0C774B904CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003E4069 Relevance: 30.0, APIs: 3, Strings: 14, Instructions: 283windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 003E40F6
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 003E41B6

Strings

@U=u, xrefs: 003E41B6, 003E41E8
GETSELECTEDCOUNT, xrefs: 003E4199
SELECTALL, xrefs: 003E421D
ISSELECTED, xrefs: 003E41C1
FINDITEM, xrefs: 003E4329
GETSELECTED, xrefs: 003E42E4
GETITEMCOUNT, xrefs: 003E4128
VIEWCHANGE, xrefs: 003E4375
GETSUBITEMCOUNT, xrefs: 003E4141
SELECT, xrefs: 003E4250
GETTEXT, xrefs: 003E415F
SELECTINVERT, xrefs: 003E4286
DESELECT, xrefs: 003E42A4
SELECTCLEAR, xrefs: 003E4235

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: @U=u$DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-1753161424
Opcode ID: 79a9ce95130c6da75f21f5bf13c51f17292cc933639612e43a4b141a6ab48fd2
Instruction ID: f60293af7ea014139dd38f6e9085787e9836ca2d934bb4c13d541e0c0d50d502
Opcode Fuzzy Hash: 79a9ce95130c6da75f21f5bf13c51f17292cc933639612e43a4b141a6ab48fd2
Instruction Fuzzy Hash: D3A192302143519FCB16EF21C851B6AB3E9AF88314F148A69B9965F7D2DB30EC09CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003EC8EE Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

DragQueryPoint.SHELL32 ref: 003EC917

Part of subcall function 003EADF1: ClientToScreen.USER32 ref: 003EAE1A
Part of subcall function 003EADF1: GetWindowRect.USER32 ref: 003EAE90
Part of subcall function 003EADF1: PtInRect.USER32 ref: 003EAEA0

SendMessageW.USER32(?,000000B0,?,?), ref: 003EC980
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003EC98B
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003EC9AE
_wcscat.LIBCMT ref: 003EC9DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 003EC9F5
SendMessageW.USER32(?,000000B0,?,?), ref: 003ECA0E
SendMessageW.USER32(?,000000B1,?,?), ref: 003ECA25
SendMessageW.USER32(?,000000B1,?,?), ref: 003ECA47
DragFinish.SHELL32(?), ref: 003ECA4E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003ECB41

Strings

@U=u, xrefs: 003EC980, 003EC9F5, 003ECA0E, 003ECA25, 003ECA47
prB, xrefs: 003ECA8B
@GUI_DRAGFILE, xrefs: 003ECAF0
@GUI_DRAGID, xrefs: 003ECAB9
@GUI_DROPID, xrefs: 003ECA6E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$@U=u$prB
API String ID: 169749273-3253241097
Opcode ID: db922857a6e241e3aa8a2b066c8e37a97128f652b27e6fc71657c6a927aa0927
Instruction ID: 791147bb14e0313898d33b4586394c79d32104457fa380e3a4502f11ba983398
Opcode Fuzzy Hash: db922857a6e241e3aa8a2b066c8e37a97128f652b27e6fc71657c6a927aa0927
Instruction Fuzzy Hash: 4C617B71108381AFC712EF65DC85D9FBBE8EF88710F004A2EF5919B1A1DB709A49CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003D52F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 003D5309
LoadCursorW.USER32 ref: 003D5314
LoadCursorW.USER32 ref: 003D531F
LoadCursorW.USER32 ref: 003D532A
LoadCursorW.USER32 ref: 003D5335
LoadCursorW.USER32 ref: 003D5340
LoadCursorW.USER32 ref: 003D534B
LoadCursorW.USER32 ref: 003D5356
LoadCursorW.USER32 ref: 003D5361
LoadCursorW.USER32 ref: 003D536C
LoadCursorW.USER32 ref: 003D5377
LoadCursorW.USER32 ref: 003D5382
LoadCursorW.USER32 ref: 003D538D
LoadCursorW.USER32 ref: 003D5398
LoadCursorW.USER32 ref: 003D53A3
LoadCursorW.USER32 ref: 003D53AE
GetCursorInfo.USER32(?), ref: 003D53BE
GetLastError.KERNEL32(00000001,00000000), ref: 003D53E9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 02ce86c67ec6cfb623f23977b091b918139dfc8b00290e670c70282273490697
Instruction ID: f871e7d29a140bd646af8a4d10d41b6f1d4f68121043d411febdc0e874e4adba
Opcode Fuzzy Hash: 02ce86c67ec6cfb623f23977b091b918139dfc8b00290e670c70282273490697
Instruction Fuzzy Hash: 1E418371E04319AADB109FBA9C4996EFFFCEF41B10B10452FE509EB290DAB895008E51

Uniqueness

Uniqueness Score: -1.00%

Function 003BAA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 003BAAA5
__swprintf.LIBCMT ref: 003BAB46
_wcscmp.LIBCMT ref: 003BAB59
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 003BABAE
_wcscmp.LIBCMT ref: 003BABEA
GetClassNameW.USER32(?,?,00000400), ref: 003BAC21
GetDlgCtrlID.USER32 ref: 003BAC73
GetWindowRect.USER32 ref: 003BACA9
GetParent.USER32(?), ref: 003BACC7
ScreenToClient.USER32(00000000), ref: 003BACCE
GetClassNameW.USER32(?,?,00000100), ref: 003BAD48
_wcscmp.LIBCMT ref: 003BAD5C
GetWindowTextW.USER32 ref: 003BAD82
_wcscmp.LIBCMT ref: 003BAD96

Part of subcall function 0038386C: _iswctype.LIBCMT ref: 00383874

Strings

%s%u, xrefs: 003BAB40

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
String ID: %s%u
API String ID: 3744389584-679674701
Opcode ID: bd44c6558df9baca7bdda9b65825657adf961b831fb1397c99ad0cd38f9cf8f6
Instruction ID: 0761f33a9375ee47dad194065548062d04aba1a6cd4d1dc7c68b9e6d619a2b2d
Opcode Fuzzy Hash: bd44c6558df9baca7bdda9b65825657adf961b831fb1397c99ad0cd38f9cf8f6
Instruction Fuzzy Hash: 68A1C031204B46AFD716DF24C894BEAB7A8FF04319F00462DFAA9C6990D730E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003BB397 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 003BB3DB
_wcscmp.LIBCMT ref: 003BB3EC
GetWindowTextW.USER32 ref: 003BB414
CharUpperBuffW.USER32(?,00000000), ref: 003BB431
_wcscmp.LIBCMT ref: 003BB44F
_wcsstr.LIBCMT ref: 003BB460
GetClassNameW.USER32(00000018,?,00000400), ref: 003BB498
_wcscmp.LIBCMT ref: 003BB4A8
GetWindowTextW.USER32 ref: 003BB4CF
GetClassNameW.USER32(00000018,?,00000400), ref: 003BB518
_wcscmp.LIBCMT ref: 003BB528
GetClassNameW.USER32(00000010,?,00000400), ref: 003BB550
GetWindowRect.USER32 ref: 003BB5B9

Strings

@, xrefs: 003BB3BC
ThumbnailClass, xrefs: 003BB4A3, 003BB523

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
String ID: @$ThumbnailClass
API String ID: 1788623398-1539354611
Opcode ID: b5aa672838ae7a28d65e644a31f30caf35b7f84e40fa4fb087ca1a2c649770c4
Instruction ID: d0a3544f17915f20bd6f347849e182cf87050adc488689a3bbd56f04de0e010e
Opcode Fuzzy Hash: b5aa672838ae7a28d65e644a31f30caf35b7f84e40fa4fb087ca1a2c649770c4
Instruction Fuzzy Hash: D6819C710083059FDB16DF11C885FAAB7E8EF44718F04856AFE898A492DFB4DE45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003EA428 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 205windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003EA4C8
DestroyWindow.USER32(?,?), ref: 003EA542

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

CreateWindowExW.USER32 ref: 003EA5BC
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003EA5DE
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003EA5F1
DestroyWindow.USER32(00000000), ref: 003EA613
CreateWindowExW.USER32 ref: 003EA64A
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003EA663
GetDesktopWindow.USER32 ref: 003EA67C
GetWindowRect.USER32 ref: 003EA683
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003EA69B
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003EA6B3

Part of subcall function 003625DB: GetWindowLongW.USER32(?,000000EB), ref: 003625EC

Strings

@U=u, xrefs: 003EA5DE, 003EA5F1, 003EA663, 003EA68D
0, xrefs: 003EA4DE
tooltips_class32, xrefs: 003EA5B5, 003EA643

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
String ID: 0$@U=u$tooltips_class32
API String ID: 1297703922-1130792468
Opcode ID: 5f768bef441f9a86ea108f4f31ae9ef5fedd3091233cdd58d2631320e5ae75fb
Instruction ID: c0775988247228f2f1338ffb99a0e24b36d41ea5322a9081da062cd559ba9e46
Opcode Fuzzy Hash: 5f768bef441f9a86ea108f4f31ae9ef5fedd3091233cdd58d2631320e5ae75fb
Instruction Fuzzy Hash: 7C71C170240685AFD722DF28CC49F6677E9FB89304F49462DF9858B2E0C7B0E902CB16

Uniqueness

Uniqueness Score: -1.00%

Function 003BB1E0 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 003BB23F

Strings

[LAST, xrefs: 003BB2EC
ACTIVE, xrefs: 003BB21A
LAST, xrefs: 003BB204
ALL, xrefs: 003BB2D3
[REGEXPTITLE:, xrefs: 003BB267
[ACTIVE, xrefs: 003BB22C
CLASSNAME=, xrefs: 003BB27C
HANDLE=, xrefs: 003BB238
[CLASS:, xrefs: 003BB28F
[ALL, xrefs: 003BB2E5
[HANDLE:, xrefs: 003BB24B
REGEXP=, xrefs: 003BB254

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: 9c20af4ed87840eb85255e3b4a2d61f667845558f4fa9ca8fa62746dae3650b8
Instruction ID: 2488a09ce1bb4fa6a4a9bc82a06e2ba382229834c2c2929f8220213b44fd05b0
Opcode Fuzzy Hash: 9c20af4ed87840eb85255e3b4a2d61f667845558f4fa9ca8fa62746dae3650b8
Instruction Fuzzy Hash: 42310130A04305E6DB06FA60CD63FEEB7A89F10B44F70052AF551798D6EFA5AE04C669

Uniqueness

Uniqueness Score: -1.00%

Function 003E4619 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 251windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 003E46AB
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003E46F6

Strings

ISCHECKED, xrefs: 003E4879
EXISTS, xrefs: 003E475F
@U=u, xrefs: 003E46F6
CHECK, xrefs: 003E4716
UNCHECK, xrefs: 003E48D2
GETTOTALCOUNT, xrefs: 003E46DD
SELECT, xrefs: 003E48A7
COLLAPSE, xrefs: 003E473C
GETTEXT, xrefs: 003E4849
GETSELECTED, xrefs: 003E4806
EXPAND, xrefs: 003E47A8
GETITEMCOUNT, xrefs: 003E47D8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: @U=u$CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-383632319
Opcode ID: 498b9bec68ba38f44b0001a44d44f3fe85b9f4d7888775093d8728643aaf7068
Instruction ID: e44e22dc0d1a31c0aeeae02493bdb9bc1a28652a2e7ad846fd342b9d58e9fea9
Opcode Fuzzy Hash: 498b9bec68ba38f44b0001a44d44f3fe85b9f4d7888775093d8728643aaf7068
Instruction Fuzzy Hash: 6891AE342043518FCB16EF21C451AAAB7EAAF88314F04855DF8965F7A2CB35ED4ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 003CA0B5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 156COMMON

Download Yara Rule

APIs

LoadStringW.USER32 ref: 003CA0FC

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

LoadStringW.USER32 ref: 003CA11E
__swprintf.LIBCMT ref: 003CA177
__swprintf.LIBCMT ref: 003CA190
_wprintf.LIBCMT ref: 003CA246
_wprintf.LIBCMT ref: 003CA264

Strings

Line %d (File "%s"):, xrefs: 003CA171, 003CA18A
^ ERROR, xrefs: 003CA1E8
%?, xrefs: 003CA0C9
"%s" (%d) : ==> %s:, xrefs: 003CA25F
Error: , xrefs: 003CA20E
"%s" (%d) : ==> %s:%s%s, xrefs: 003CA241

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LoadString__swprintf_wprintf$_memmove
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR$%?
API String ID: 311963372-3550860160
Opcode ID: 8838ba94c10ee803c175f634648827daac1a594c4982a9c9ac402726361ad087
Instruction ID: e6cf1617a54fb9446f344df0f257e6f885141586990e3c9b28b6c2842a7c6682
Opcode Fuzzy Hash: 8838ba94c10ee803c175f634648827daac1a594c4982a9c9ac402726361ad087
Instruction Fuzzy Hash: 02519132904209ABCF17EBE0CD82EEEB779AF04308F5045A5F505B61A1EB316F59CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003CA5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

CharLowerBuffW.USER32(?,?), ref: 003CA636
GetDriveTypeW.KERNEL32 ref: 003CA683
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CA6CB
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CA702
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CA730

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Strings

open, xrefs: 003CA65D
close, xrefs: 003CA63C
set cd door , xrefs: 003CA6D1
open , xrefs: 003CA692
closed, xrefs: 003CA64A, 003CA653
close cd wait, xrefs: 003CA71B
wait, xrefs: 003CA6ED
type cdaudio alias cd wait, xrefs: 003CA6AE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 2698844021-4113822522
Opcode ID: 8b49ef064ed6e54d9b3c0ccd7391342df414dd1a2419fc058e486be179cc7649
Instruction ID: 86e1d1e6a5a90ff02e7c643d74b2598ba1e842fdb43a63614de52638cbc6eda7
Opcode Fuzzy Hash: 8b49ef064ed6e54d9b3c0ccd7391342df414dd1a2419fc058e486be179cc7649
Instruction Fuzzy Hash: FC5139711047049FC702EF20C89196AB7F8FF94718F54896DF8969B2A1DB31AE1ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 003CA45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003CA47A
__swprintf.LIBCMT ref: 003CA49C
CreateDirectoryW.KERNEL32(?,00000000), ref: 003CA4D9
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003CA4FE
_memset.LIBCMT ref: 003CA51D
_wcsncpy.LIBCMT ref: 003CA559
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 003CA58E
CloseHandle.KERNEL32(00000000), ref: 003CA599
RemoveDirectoryW.KERNEL32(?), ref: 003CA5A2
CloseHandle.KERNEL32(00000000), ref: 003CA5AC

Strings

\, xrefs: 003CA4B2
\??\%s, xrefs: 003CA496
:, xrefs: 003CA4BD

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
String ID: :$\$\??\%s
API String ID: 2733774712-3457252023
Opcode ID: a67c63b2e9f7a2b333073784164cf2dcdc0331795908f520713929d4bd04f982
Instruction ID: be102493e8b8265c637f52b73f8eeef8a08ba04d08ed0de19d81dbc1b307b6a9
Opcode Fuzzy Hash: a67c63b2e9f7a2b333073784164cf2dcdc0331795908f520713929d4bd04f982
Instruction Fuzzy Hash: 31318275900249ABDB229FA0DC49FEB73BCEF89705F1041BAF908D6190E7709A458B25

Uniqueness

Uniqueness Score: -1.00%

Function 003EC49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003EC4EC
GetFocus.USER32 ref: 003EC4FC
GetDlgCtrlID.USER32 ref: 003EC507
_memset.LIBCMT ref: 003EC632
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 003EC65D
GetMenuItemCount.USER32 ref: 003EC67D
GetMenuItemID.USER32 ref: 003EC690
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 003EC6C4
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 003EC70C
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003EC744
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 003EC779

Strings

0, xrefs: 003EC62A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
String ID: 0
API String ID: 1296962147-4108050209
Opcode ID: d4bde5f57e789d3f73a7c7b1accccd001d17a416ee7ed401bd959b311fc3e5cf
Instruction ID: 01fb6b8ff9d553f5a287651d9d0f038a74277c6a5baa8dcf468dfe99e7c4474c
Opcode Fuzzy Hash: d4bde5f57e789d3f73a7c7b1accccd001d17a416ee7ed401bd959b311fc3e5cf
Instruction Fuzzy Hash: C181AC702183A19FD722DF16C884AAFBBE8FB89314F01562DF995972D1C770D906CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003B83F4 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003B874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B8766
Part of subcall function 003B874A: GetLastError.KERNEL32(?,003B822A,?,?,?), ref: 003B8770
Part of subcall function 003B874A: GetProcessHeap.KERNEL32(00000008,?,?,003B822A,?,?,?), ref: 003B877F
Part of subcall function 003B874A: HeapAlloc.KERNEL32(00000000,?,003B822A,?,?,?), ref: 003B8786
Part of subcall function 003B874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B879D

Part of subcall function 003B87E7: GetProcessHeap.KERNEL32(00000008,003B8240,00000000,00000000,?,003B8240,?), ref: 003B87F3
Part of subcall function 003B87E7: HeapAlloc.KERNEL32(00000000,?,003B8240,?), ref: 003B87FA
Part of subcall function 003B87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003B8240,?), ref: 003B880B

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003B8458
_memset.LIBCMT ref: 003B846D
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003B848C
GetLengthSid.ADVAPI32(?), ref: 003B849D
GetAce.ADVAPI32(?,00000000,?), ref: 003B84DA
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003B84F6
GetLengthSid.ADVAPI32(?), ref: 003B8513
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003B8522
HeapAlloc.KERNEL32(00000000), ref: 003B8529
GetLengthSid.ADVAPI32(?,00000008,?), ref: 003B854A
CopySid.ADVAPI32(00000000), ref: 003B8551
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003B8582
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003B85A8
SetUserObjectSecurity.USER32 ref: 003B85BC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 7968441f256edde36c7249029d2bc5f3806e8010e5b72bb0b889ef816a24f039
Instruction ID: 94cd2849550de0e892e9dfc7788be9f60d2f67a85dfad1b8913cb5734c3214da
Opcode Fuzzy Hash: 7968441f256edde36c7249029d2bc5f3806e8010e5b72bb0b889ef816a24f039
Instruction Fuzzy Hash: C4613F71900109BFDF22DF94DC85AEEBB7DFF05304F14826AE915AA291DB719A05CF60

Uniqueness

Uniqueness Score: -1.00%

Function 003D762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 003D76A2
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 003D76AE
CreateCompatibleDC.GDI32(?), ref: 003D76BA
SelectObject.GDI32(00000000,?), ref: 003D76C7
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 003D771B
GetDIBits.GDI32 ref: 003D7757
GetDIBits.GDI32 ref: 003D777B
SelectObject.GDI32(00000006,?), ref: 003D7783
DeleteObject.GDI32 ref: 003D778C
DeleteDC.GDI32(00000006), ref: 003D7793
ReleaseDC.USER32(00000000,?), ref: 003D779E

Strings

(, xrefs: 003D7723

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: db10cd7504ee0748c8dd5b41fce09217455d405c84d02601e5251784fb253966
Instruction ID: c0693a5e088db60bb250e3e367143809191e1c844214558647f7f7460753231e
Opcode Fuzzy Hash: db10cd7504ee0748c8dd5b41fce09217455d405c84d02601e5251784fb253966
Instruction Fuzzy Hash: 6E514C76904349EFCB26CFA8DC85EAEBBB9EF48310F14852EF94997350D771A9408B50

Uniqueness

Uniqueness Score: -1.00%

Function 003C5217 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 003C521C

Part of subcall function 00380719: timeGetTime.WINMM(?,753DB400,00370FF9), ref: 0038071D

Sleep.KERNEL32(0000000A), ref: 003C5248
EnumThreadWindows.USER32 ref: 003C526C
FindWindowExW.USER32 ref: 003C528E
SetActiveWindow.USER32 ref: 003C52AD
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003C52BB
SendMessageW.USER32(00000010,00000000,00000000), ref: 003C52DA
Sleep.KERNEL32(000000FA), ref: 003C52E5
IsWindow.USER32 ref: 003C52F1
EndDialog.USER32(00000000), ref: 003C5302

Strings

@U=u, xrefs: 003C52BB, 003C52DA
BUTTON, xrefs: 003C5280

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: @U=u$BUTTON
API String ID: 1194449130-2582809321
Opcode ID: a60b6584b56c07bdf1314c633210a899f70f90d3521a794195cbe16eb08c0512
Instruction ID: 8e3614beec7dff8d1cf3a99cf8f6a60f18281f65b2075be8c9a30c37d84fb35a
Opcode Fuzzy Hash: a60b6584b56c07bdf1314c633210a899f70f90d3521a794195cbe16eb08c0512
Instruction Fuzzy Hash: D0218E71204784BFE7236B20ECC9F267BADEB5538AF410578F401CA5F1CBA1AD818B25

Uniqueness

Uniqueness Score: -1.00%

Function 00366BEC Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 00380B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00366C6C,?,00008000), ref: 00380BB7

Part of subcall function 003648AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003648A1,?,?,003637C0,?), ref: 003648CE

SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00366D0D
SetCurrentDirectoryW.KERNEL32(?), ref: 00366E5A

Part of subcall function 003659CD: _wcscpy.LIBCMT ref: 00365A05

Part of subcall function 0038387D: _iswctype.LIBCMT ref: 00383885

Strings

Unterminated string, xrefs: 0039EC0D
#include depth exceeded. Make sure there are no recursive includes, xrefs: 0039E84A
Error opening the file, xrefs: 0039E866, 0039E8E1
EA06, xrefs: 0039E87B
Bad directive syntax error, xrefs: 0039EBC6
>>>AUTOIT SCRIPT<<<, xrefs: 0039E8BF
AU3!, xrefs: 00366CC1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 537147316-1018226102
Opcode ID: a9b3386a16931c479adf1024053fa1b1b749b4b4475986e41582d892f07aef90
Instruction ID: a6b3be37f71cccdeea0ac8f9a113cd6bccfd2b95f08e548d168405a524ed930d
Opcode Fuzzy Hash: a9b3386a16931c479adf1024053fa1b1b749b4b4475986e41582d892f07aef90
Instruction Fuzzy Hash: BC02B1311083419FCB26EF24C891AAFBBE5BF95354F04892DF4C69B2A1DB31D949CB42

Uniqueness

Uniqueness Score: -1.00%

Function 003645DF Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003645F9
GetMenuItemCount.USER32 ref: 0039D7CD
GetMenuItemCount.USER32 ref: 0039D87D
GetCursorPos.USER32(?), ref: 0039D8C1
SetForegroundWindow.USER32(00000000), ref: 0039D8CA
TrackPopupMenuEx.USER32(00426890,00000000,?,00000000,00000000,00000000), ref: 0039D8DD
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0039D8E9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 2751501086-0
Opcode ID: c9c3312efac6c00187ef141e5e4092ec3ff213c4ef1f5192ebac04dbaba4d0dd
Instruction ID: 2a203ccdbce4e4ba703829d2c930f73fb4831f206743b395c88cacf0887904dc
Opcode Fuzzy Hash: c9c3312efac6c00187ef141e5e4092ec3ff213c4ef1f5192ebac04dbaba4d0dd
Instruction Fuzzy Hash: DC71D470A04255BEEF329F64DC86FAABF68FF05364F204216F525AA1E1C7B15C20DB94

Uniqueness

Uniqueness Score: -1.00%

Function 003D8BC0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 003D8BEC
CoInitialize.OLE32(00000000), ref: 003D8C19
CoUninitialize.OLE32 ref: 003D8C23
GetRunningObjectTable.OLE32(00000000,?), ref: 003D8D23
SetErrorMode.KERNEL32(00000001,00000029), ref: 003D8E50
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,003F2C0C), ref: 003D8E84
CoGetObject.OLE32(?,00000000,003F2C0C,?), ref: 003D8EA7
SetErrorMode.KERNEL32(00000000), ref: 003D8EBA
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003D8F3A
VariantClear.OLEAUT32(?), ref: 003D8F4A

Strings

,,?, xrefs: 003D8BD6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID: ,,?
API String ID: 2395222682-1094787077
Opcode ID: 4a2824b0518cb7d3b07923fadd9f77eb897e6f1bb28a900c6ada324f5ce99823
Instruction ID: 4963cbf89e3f5d75063b06b52341ae1e28ab598c28b50f4a24c51c85a8faecf9
Opcode Fuzzy Hash: 4a2824b0518cb7d3b07923fadd9f77eb897e6f1bb28a900c6ada324f5ce99823
Instruction Fuzzy Hash: B9C11472608305AFC702DF64D884A6AB7E9BF88348F00496EF5899B291DB71ED05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003EC27C Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

Part of subcall function 00362344: GetCursorPos.USER32(?), ref: 00362357
Part of subcall function 00362344: ScreenToClient.USER32(004267B0,?), ref: 00362374
Part of subcall function 00362344: GetAsyncKeyState.USER32 ref: 00362399
Part of subcall function 00362344: GetAsyncKeyState.USER32 ref: 003623A7

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 003EC2E4
ImageList_EndDrag.COMCTL32 ref: 003EC2EA
ReleaseCapture.USER32 ref: 003EC2F0
SetWindowTextW.USER32(?,00000000), ref: 003EC39A
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 003EC3AD
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 003EC48F

Strings

@U=u, xrefs: 003EC3AD
@GUI_DRAGFILE, xrefs: 003EC424
prB, xrefs: 003EC3FD
prB, xrefs: 003EC438
@GUI_DROPID, xrefs: 003EC3E1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID$@U=u$prB$prB
API String ID: 1924731296-609177270
Opcode ID: 61fd7832b43cf0a56ecf818611b04f7d478cf2cf960b8a2cd05e3f6df854a04f
Instruction ID: 4b6a879848dded458e1ffe268222af589fb2b5cce7a8189722bd12be313f08a6
Opcode Fuzzy Hash: 61fd7832b43cf0a56ecf818611b04f7d478cf2cf960b8a2cd05e3f6df854a04f
Instruction Fuzzy Hash: 42518E70204394AFD712EF15CC95FAA7BE5FB88310F408A2DF5958B2E1CB70A955CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003E10A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E0038,?,?), ref: 003E10BC

Strings

HKEY_CLASSES_ROOT, xrefs: 003E114F
HKCC, xrefs: 003E118A
HKCU, xrefs: 003E11AC
HKEY_LOCAL_MACHINE, xrefs: 003E1125
HKLM, xrefs: 003E113A
HKEY_CURRENT_USER, xrefs: 003E119B
HKCR, xrefs: 003E1164
HKU, xrefs: 003E11CE
HKEY_CURRENT_CONFIG, xrefs: 003E1179
HKEY_USERS, xrefs: 003E11BD

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: 574f4f6dfceae9c2faab2ded76cec6441706993e1b0604f43ca83a05066378d8
Instruction ID: bcea4e778a6b84ee4375fb10c91ea3ea34d41cd83c786bc365de432c396e9ae0
Opcode Fuzzy Hash: 574f4f6dfceae9c2faab2ded76cec6441706993e1b0604f43ca83a05066378d8
Instruction Fuzzy Hash: D2419C3024029E9BCF16EFA1DC91AEA3725EF15340F418595FD915F292DB30AD5ECBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E772A Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 003E77CD
CreateCompatibleDC.GDI32(00000000), ref: 003E77D4
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 003E77E7
SelectObject.GDI32(00000000,00000000), ref: 003E77EF
GetPixel.GDI32 ref: 003E77FA
DeleteDC.GDI32(00000000), ref: 003E7803
GetWindowLongW.USER32(?,000000EC), ref: 003E780D
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 003E7821
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 003E782D

Strings

@U=u, xrefs: 003E77E7
static, xrefs: 003E7765

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: @U=u$static
API String ID: 2559357485-3553413495
Opcode ID: 50f35989389e740666968f294fff105df37350ee8611d0d630bd2cba5103035a
Instruction ID: d6722f02cfea97734e8875782af822b804c5859de4a44e274178a9db2697057c
Opcode Fuzzy Hash: 50f35989389e740666968f294fff105df37350ee8611d0d630bd2cba5103035a
Instruction Fuzzy Hash: 853169311051A5AFDF229F65DC49FEA3B6DEF09324F110324FA15AA1E0C771A811DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003C5569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON

Download Yara Rule

APIs

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Part of subcall function 00367A84: _memmove.LIBCMT ref: 00367B0D

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003C55D2
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003C55E8
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003C55F9
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003C560B
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003C561C

Strings

alias PlayMe, xrefs: 003C55AB
play PlayMe, xrefs: 003C5617
close PlayMe, xrefs: 003C55E3, 003C5610
status PlayMe mode, xrefs: 003C55CD
open , xrefs: 003C5581
play PlayMe wait, xrefs: 003C5606

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: SendString$_memmove
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2279737902-1007645807
Opcode ID: 809b46710a615e585b77ad3136d91b109f5cd386834603c6261ddf113f0b5820
Instruction ID: 20cc657fb4267249d98c9b253b860156a3bd0259fcc9f906427406828a9b921f
Opcode Fuzzy Hash: 809b46710a615e585b77ad3136d91b109f5cd386834603c6261ddf113f0b5820
Instruction Fuzzy Hash: A9110830A5115D79D721B6A1CC49FFFBB7CEF92B00F50042AB811E60C6DEA51D94C6A5

Uniqueness

Uniqueness Score: -1.00%

Function 003C48F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 003C490E
gethostname.WSOCK32(?,00000100), ref: 003C4928
gethostbyname.WSOCK32(?), ref: 003C4935
_wcscpy.LIBCMT ref: 003C495D
_memmove.LIBCMT ref: 003C4970
inet_ntoa.WSOCK32(?), ref: 003C497B
_strcat.LIBCMT ref: 003C4989
_wcscpy.LIBCMT ref: 003C49A0
WSACleanup.WSOCK32 ref: 003C49AE
_wcscpy.LIBCMT ref: 003C49BC

Strings

0.0.0.0, xrefs: 003C4957

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 208665112-3771769585
Opcode ID: 1174e30ea9a879e19b0704f9884b41aeaa24c5a8e2c5751162a0e81071392b32
Instruction ID: 4f7e3edc421228ae0c927f5a21079911ca24f6477c8c583ec5e277e4fd9e8079
Opcode Fuzzy Hash: 1174e30ea9a879e19b0704f9884b41aeaa24c5a8e2c5751162a0e81071392b32
Instruction Fuzzy Hash: C811D231904229AFCB32BB64EC4AFDB77ACDB41710F0502BAF544DA091EFB09E818761

Uniqueness

Uniqueness Score: -1.00%

Function 003CD7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON

Download Yara Rule

APIs

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

CoInitialize.OLE32(00000000), ref: 003CD855
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003CD8E8
SHGetDesktopFolder.SHELL32(?), ref: 003CD8FC
CoCreateInstance.OLE32(003F2D7C,00000000,00000001,0041A89C,?), ref: 003CD948
SHCreateShellItem.SHELL32 ref: 003CD9B7
CoTaskMemFree.OLE32(?,?), ref: 003CDA0F
_memset.LIBCMT ref: 003CDA4C
SHBrowseForFolderW.SHELL32 ref: 003CDA88
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003CDAAB
CoTaskMemFree.OLE32(00000000), ref: 003CDAB2
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 003CDAE9
CoUninitialize.OLE32(00000001,00000000), ref: 003CDAEB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
String ID:
API String ID: 1246142700-0
Opcode ID: 9e40884c16a3e2d9be3484e4752716a3affe77681dc3f7de20f8aaa697e75b3e
Instruction ID: 92164ba5f2f7ed80ef7d1b6b30b1b58d5b1d155d1d6457b0ea0df73a8f6ebf16
Opcode Fuzzy Hash: 9e40884c16a3e2d9be3484e4752716a3affe77681dc3f7de20f8aaa697e75b3e
Instruction Fuzzy Hash: 53B1EB75A00209AFDB15DFA5C889EAEBBF9EF48304F148569F509EB251DB30ED41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003C052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 003C05A7
SetKeyboardState.USER32(?), ref: 003C0612
GetAsyncKeyState.USER32 ref: 003C0632
GetKeyState.USER32(000000A0), ref: 003C0649
GetAsyncKeyState.USER32 ref: 003C0678
GetKeyState.USER32(000000A1), ref: 003C0689
GetAsyncKeyState.USER32 ref: 003C06B5
GetKeyState.USER32(00000011), ref: 003C06C3
GetAsyncKeyState.USER32 ref: 003C06EC
GetKeyState.USER32(00000012), ref: 003C06FA
GetAsyncKeyState.USER32 ref: 003C0723
GetKeyState.USER32(0000005B), ref: 003C0731

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 68d5755d5ad7b66de526a843ebbf08dd7a9bd275fb003ca6cacb2783cdd3fc1b
Instruction ID: 420566ec9d2cb671428f77dd929afd602ae431309a27b827e29de35f0063a482
Opcode Fuzzy Hash: 68d5755d5ad7b66de526a843ebbf08dd7a9bd275fb003ca6cacb2783cdd3fc1b
Instruction Fuzzy Hash: C651AA60A087C85AFB3ADBA08455FEABFB49F13340F09459D95C29A1C2DA64AF4CCB51

Uniqueness

Uniqueness Score: -1.00%

Function 003BC72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 003BC746
GetWindowRect.USER32 ref: 003BC758
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 003BC7B6
GetDlgItem.USER32 ref: 003BC7C1
GetWindowRect.USER32 ref: 003BC7D3
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 003BC827
GetDlgItem.USER32 ref: 003BC835
GetWindowRect.USER32 ref: 003BC846
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 003BC889
GetDlgItem.USER32 ref: 003BC897
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003BC8B4
InvalidateRect.USER32(?,00000000,00000001), ref: 003BC8C1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 5bc63f73efca4f3e5d63334ab7ff9499d4651afc3b222d9bc9b679d2c14af982
Instruction ID: 801ce8e26e588d51f18d7088add462757f07bf367d9486131729617d6dd89a60
Opcode Fuzzy Hash: 5bc63f73efca4f3e5d63334ab7ff9499d4651afc3b222d9bc9b679d2c14af982
Instruction Fuzzy Hash: 93512171B10205AFDB19CF69DD99AAEBBBAEB88311F14822DF615D72D0D7B09D008B50

Uniqueness

Uniqueness Score: -1.00%

Function 0036201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00361B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00362036,?,00000000,?,?,?,?,003616CB,00000000,?), ref: 00361B9A

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 003620D3
KillTimer.USER32(-00000001,?,?,?,?,003616CB,00000000,?,?,00361AE2,?,?), ref: 0036216E
DestroyAcceleratorTable.USER32(00000000), ref: 0039BEF6
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003616CB,00000000,?,?,00361AE2,?,?), ref: 0039BF27
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003616CB,00000000,?,?,00361AE2,?,?), ref: 0039BF3E
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003616CB,00000000,?,?,00361AE2,?,?), ref: 0039BF5A
DeleteObject.GDI32 ref: 0039BF6C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: f7c136f28405ee0ee925a2ad40069cb8118ae88fe2d068a5b9797b02c4d689e8
Instruction ID: a98c49f8169ed1595cba6a309e6093c8f2750882f45a2cb57c82380c571b7280
Opcode Fuzzy Hash: f7c136f28405ee0ee925a2ad40069cb8118ae88fe2d068a5b9797b02c4d689e8
Instruction Fuzzy Hash: 8661AC30205A50DFCB37AF14ED88B2AB7F5FB40312F538529E5429B9A8C7B5A891DF50

Uniqueness

Uniqueness Score: -1.00%

Function 003621A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 003625DB: GetWindowLongW.USER32(?,000000EB), ref: 003625EC

GetSysColor.USER32 ref: 003621D3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 556e548121ebccdd9228323a2f24dc629b2cc0ebb61bff09fca7928587e42411
Instruction ID: 0dd9ef48690b64bfc18a162377e59b90b501a656dea48d0a92df221161f51a00
Opcode Fuzzy Hash: 556e548121ebccdd9228323a2f24dc629b2cc0ebb61bff09fca7928587e42411
Instruction Fuzzy Hash: 8941C2311009849FDB235F28DC98BBA3B69EB06331F168365FD658E1EAC7718D42DB15

Uniqueness

Uniqueness Score: -1.00%

Function 003CAB12 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,003EF910), ref: 003CAB76
GetDriveTypeW.KERNEL32(00000061,0041A620,00000061), ref: 003CAC40
_wcscpy.LIBCMT ref: 003CAC6A

Strings

ramdisk, xrefs: 003CABEA
removable, xrefs: 003CABA8
all, xrefs: 003CAB7C
fixed, xrefs: 003CABBE
cdrom, xrefs: 003CAB92
unknown, xrefs: 003CAC01
network, xrefs: 003CABD4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharDriveLowerType_wcscpy
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2820617543-1000479233
Opcode ID: 5b25b203b7e98db383572d40b5beab4b56ba8020c07b04b192244abe11b4fdf8
Instruction ID: 847173af4918d4fb852244491b3b8fa020342b042c87dfd80db17506804affc6
Opcode Fuzzy Hash: 5b25b203b7e98db383572d40b5beab4b56ba8020c07b04b192244abe11b4fdf8
Instruction Fuzzy Hash: CB5194301087059FC716EF14C891FAAB7AAEF84718F54881DF4969B2A2DB31AD49CB53

Uniqueness

Uniqueness Score: -1.00%

Function 003E88B4 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003E896E

Strings

@U=u, xrefs: 003E89A4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InvalidateRect
String ID: @U=u
API String ID: 634782764-2594219639
Opcode ID: 01704f96f63207762130104a1fe4552caf31dd0e795033bbb7f025053e618d34
Instruction ID: b9baa21fb061e4855627800db0e89da079cfeeab0e425b409fd3ddc51f4f609e
Opcode Fuzzy Hash: 01704f96f63207762130104a1fe4552caf31dd0e795033bbb7f025053e618d34
Instruction Fuzzy Hash: 2151A430E002E4FFDF329F2ACC85BA93B69AB05314F514722F918EA5E1CF71A9808741

Uniqueness

Uniqueness Score: -1.00%

Function 00362B72 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 161windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0039C547
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0039C569
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0039C581
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0039C59F
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0039C5C0
DestroyIcon.USER32(00000000), ref: 0039C5CF
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0039C5EC
DestroyIcon.USER32(?), ref: 0039C5FB

Part of subcall function 003EA71E: DeleteObject.GDI32 ref: 003EA757

Strings

@U=u, xrefs: 0039C5C0, 0039C5EC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
String ID: @U=u
API String ID: 2819616528-2594219639
Opcode ID: f63c01eff4b787de72bf944385a39c2592aa80ddad21fd7dcadaa484737a7d73
Instruction ID: abebf2ae11fb4042352ce1c97f8d44403ff9442ff7ee44cad3255e6d63eb8a02
Opcode Fuzzy Hash: f63c01eff4b787de72bf944385a39c2592aa80ddad21fd7dcadaa484737a7d73
Instruction Fuzzy Hash: E6516A70610609AFDB26DF25CC45FAB3BB9EB55350F128528F9429B6E0DBB0ED80DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00369997 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 003699C2
__swprintf.LIBCMT ref: 00369A0C
__i64tow.LIBCMT ref: 0039FA0F

Strings

0x%p, xrefs: 0039F9F1
False, xrefs: 0039F9D7
True, xrefs: 0039F9D0
%.15g, xrefs: 00369A06

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __i64tow__itow__swprintf
String ID: %.15g$0x%p$False$True
API String ID: 421087845-2263619337
Opcode ID: a8333bc8d5e08eda36b0819729b31247d23532022c2b38c076fc3e5b5e349225
Instruction ID: 1317b48445290ce9ed32b660370c955b6d3c5119ca04f2a094d51482273f0cc2
Opcode Fuzzy Hash: a8333bc8d5e08eda36b0819729b31247d23532022c2b38c076fc3e5b5e349225
Instruction Fuzzy Hash: 6A41BF71604305AFDF26AB78D842F7A73ECEB45310F2084AFE549DB299EB719941CB11

Uniqueness

Uniqueness Score: -1.00%

Function 003E73C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003E73D9
CreateMenu.USER32 ref: 003E73F4
SetMenu.USER32(?,00000000), ref: 003E7403
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003E7490
IsMenu.USER32 ref: 003E74A6
CreatePopupMenu.USER32 ref: 003E74B0
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003E74DD
DrawMenuBar.USER32 ref: 003E74E5

Strings

F, xrefs: 003E74D1
0, xrefs: 003E73CF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
String ID: 0$F
API String ID: 176399719-3044882817
Opcode ID: c49066b3c227811cfe88bbcf7670a06b0e0c89e3fb199a83df8e673f02203409
Instruction ID: fb2c34c9790f6f275ed3fb214ae7e23bf8e71bbb1d44423d9cf77e8bb1a2a099
Opcode Fuzzy Hash: c49066b3c227811cfe88bbcf7670a06b0e0c89e3fb199a83df8e673f02203409
Instruction Fuzzy Hash: 77416B74A01295EFDB22DF66D884AAABBB9FF49300F154128E905A73D0DB70A910DF50

Uniqueness

Uniqueness Score: -1.00%

Function 003B9471 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 003B94F6
GetDlgCtrlID.USER32 ref: 003B9501
GetParent.USER32 ref: 003B951D
SendMessageW.USER32(00000000,?,00000111,?), ref: 003B9520
GetDlgCtrlID.USER32 ref: 003B9529
GetParent.USER32(?), ref: 003B9545
SendMessageW.USER32(00000000,?,?,00000111), ref: 003B9548

Strings

@U=u, xrefs: 003B9548
ComboBox, xrefs: 003B947E
ListBox, xrefs: 003B94B3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: @U=u$ComboBox$ListBox
API String ID: 1536045017-2258501812
Opcode ID: bda3b21b1095d66c06fe5ff6e930d8252288c031c05bab2844aaee65678ea855
Instruction ID: 561edc895fb515cd6081827b26abdb9f7cb1f055f0c793bfe2f95cdc8bc4a10a
Opcode Fuzzy Hash: bda3b21b1095d66c06fe5ff6e930d8252288c031c05bab2844aaee65678ea855
Instruction Fuzzy Hash: 8821B270900148BFCF16AB64CCD5EFEBB69EF45300F104226B6619B2E2DB7599199A20

Uniqueness

Uniqueness Score: -1.00%

Function 003B955C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 81windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 003B95DF
GetDlgCtrlID.USER32 ref: 003B95EA
GetParent.USER32 ref: 003B9606
SendMessageW.USER32(00000000,?,00000111,?), ref: 003B9609
GetDlgCtrlID.USER32 ref: 003B9612
GetParent.USER32(?), ref: 003B962E
SendMessageW.USER32(00000000,?,?,00000111), ref: 003B9631

Strings

@U=u, xrefs: 003B9631
ComboBox, xrefs: 003B9569
ListBox, xrefs: 003B959E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: @U=u$ComboBox$ListBox
API String ID: 1536045017-2258501812
Opcode ID: 6c58418a091c105c980525cccf91043f7d0a831bb94f40359df94a7ae673dd54
Instruction ID: 402d39ca432f9c723abe79cedf6c79a6905ccc01822a9357d02048f6327fa7c1
Opcode Fuzzy Hash: 6c58418a091c105c980525cccf91043f7d0a831bb94f40359df94a7ae673dd54
Instruction Fuzzy Hash: D421D371900244BFDF12ABA4CCD5FFEBB79EF48300F104116FA519B1E5DBB599199A20

Uniqueness

Uniqueness Score: -1.00%

Function 003B9645 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 003B9651
GetClassNameW.USER32(00000000,?,00000100), ref: 003B9666
_wcscmp.LIBCMT ref: 003B9678
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003B96F3

Strings

@U=u, xrefs: 003B96F3
smallicons, xrefs: 003B96BB
SHELLDLL_DefView, xrefs: 003B9672
largeicons, xrefs: 003B9687
details, xrefs: 003B96A1
list, xrefs: 003B96D5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassMessageNameParentSend_wcscmp
String ID: @U=u$SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1704125052-1428604138
Opcode ID: 67af76f714e311463e7ed33d0dc732770bd3f49797b4ebf654a9652f1303d526
Instruction ID: 371dc4a0870dd01a76ad3e8da51377bd84893bfcfe21dd634882e6c86b2fad9f
Opcode Fuzzy Hash: 67af76f714e311463e7ed33d0dc732770bd3f49797b4ebf654a9652f1303d526
Instruction Fuzzy Hash: 6D11E377248347BAEA133620DC1BFE6779C8B05B74F200167FB04A98D1FEA56D504A59

Uniqueness

Uniqueness Score: -1.00%

Function 00387040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0038707B

Part of subcall function 00388D68: __getptd_noexit.LIBCMT ref: 00388D68

__gmtime64_s.LIBCMT ref: 00387114
__gmtime64_s.LIBCMT ref: 0038714A
__gmtime64_s.LIBCMT ref: 00387167
__allrem.LIBCMT ref: 003871BD
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003871D9
__allrem.LIBCMT ref: 003871F0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0038720E
__allrem.LIBCMT ref: 00387225
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00387243
__invoke_watson.LIBCMT ref: 003872B4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
Instruction ID: 1af7285e056f6ab2191e5cbe8b18a6a50b112defa44f3286edea10a528ea4ddb
Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
Instruction Fuzzy Hash: EE71EBB1A04717ABDB26FF79CC81B5AB3A9AF10324F24427AF514DB681E770DD408790

Uniqueness

Uniqueness Score: -1.00%

Function 003C2A16 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003C2A31
GetMenuItemInfoW.USER32(00426890,000000FF,00000000,00000030), ref: 003C2A92
SetMenuItemInfoW.USER32(00426890,00000004,00000000,00000030), ref: 003C2AC8
Sleep.KERNEL32(000001F4), ref: 003C2ADA
GetMenuItemCount.USER32 ref: 003C2B1E
GetMenuItemID.USER32 ref: 003C2B3A
GetMenuItemID.USER32 ref: 003C2B64
GetMenuItemID.USER32 ref: 003C2BA9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003C2BEF
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C2C03
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C2C24

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 5ea4c7d28c3f0d8be3e663aaf8545edb1ce78348291879456aa063a2113ad794
Instruction ID: b2a1280aaa1b1d0f357a89e2e251621a226410d1a978faef903d4d02d3560c5e
Opcode Fuzzy Hash: 5ea4c7d28c3f0d8be3e663aaf8545edb1ce78348291879456aa063a2113ad794
Instruction Fuzzy Hash: C7617CB1900249EFDB22DF64C888EAFBBB8EB41304F15456DE841EB291DB71AD45DB21

Uniqueness

Uniqueness Score: -1.00%

Function 003E7192 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003E7214
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003E7217
GetWindowLongW.USER32(?,000000F0), ref: 003E723B
_memset.LIBCMT ref: 003E724C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003E725E
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003E72D6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID:
API String ID: 830647256-0
Opcode ID: cd450769a13fa5e2e3babfddc69c67cefd44b3f2b78df43fd574e18c68704299
Instruction ID: 0ab2d6962f07831ffbb64f2b9e48c3c3242763b41e2d96c43f93c70156369f5e
Opcode Fuzzy Hash: cd450769a13fa5e2e3babfddc69c67cefd44b3f2b78df43fd574e18c68704299
Instruction Fuzzy Hash: C8617F75A00258AFDB21DFA4CC81EEE77F8EB09700F150269FA14A72E1D770AD41DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003B710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 003B7135
SafeArrayAllocData.OLEAUT32(?), ref: 003B718E
VariantInit.OLEAUT32(?), ref: 003B71A0
SafeArrayAccessData.OLEAUT32(?,?), ref: 003B71C0
VariantCopy.OLEAUT32(?,?), ref: 003B7213
SafeArrayUnaccessData.OLEAUT32(?), ref: 003B7227
VariantClear.OLEAUT32(?), ref: 003B723C
SafeArrayDestroyData.OLEAUT32(?), ref: 003B7249
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003B7252
VariantClear.OLEAUT32(?), ref: 003B7264
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003B726F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 930212d70c14d4c24a5a6fb15e86d6496264e7b8404c4e38641b5dc061fcb6c4
Instruction ID: 35299920e455d9be823971ccf07f86bad8267c956c5cef19e71484d5b4e664d8
Opcode Fuzzy Hash: 930212d70c14d4c24a5a6fb15e86d6496264e7b8404c4e38641b5dc061fcb6c4
Instruction Fuzzy Hash: F5415131A001199FCF12DF65D884DEEBBB8EF48354F008565FA55AB6A1CB70A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 003ED74C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 257windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

GetSystemMetrics.USER32 ref: 003ED78A
GetSystemMetrics.USER32 ref: 003ED7AA
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 003ED9E5
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 003EDA03
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 003EDA24
ShowWindow.USER32(00000003,00000000), ref: 003EDA43
InvalidateRect.USER32(?,00000000,00000001), ref: 003EDA68
DefDlgProcW.USER32(?,00000005,?,?), ref: 003EDA8B

Strings

@U=u, xrefs: 003EDA03, 003EDA24

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID: @U=u
API String ID: 1211466189-2594219639
Opcode ID: bc328802788dda4cbe6eb854bd854d2e9b83ef39b05784154af014e722ce4072
Instruction ID: 35037c2dbd658c80fcf05c769c76b44ca94e0d0471d1a7ad8879e02f13c7ab1c
Opcode Fuzzy Hash: bc328802788dda4cbe6eb854bd854d2e9b83ef39b05784154af014e722ce4072
Instruction Fuzzy Hash: 13B188316002A5EFDF26CF6AC9C57B97BB5BF04701F0A8279EC489A295D734AA50CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003D86D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

CoInitialize.OLE32 ref: 003D8718
CoUninitialize.OLE32 ref: 003D8723
CoCreateInstance.OLE32(?,00000000,00000017,003F2BEC,?), ref: 003D8783
IIDFromString.OLE32(?,?), ref: 003D87F6
VariantInit.OLEAUT32(?), ref: 003D8890
VariantClear.OLEAUT32(?), ref: 003D88F1

Strings

Invalid parameter, xrefs: 003D880F
NULL Pointer assignment, xrefs: 003D87C8
Failed to create object, xrefs: 003D878E, 003D8844

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 834269672-1287834457
Opcode ID: d10468fe24d53407dcf98bcf3bcea75ed2f69128158fc7126bc5146348b85b50
Instruction ID: 981ec6d4bf46f54f72f0a8ffaa4706864479356720cdaf4d258fd3f3c349df8e
Opcode Fuzzy Hash: d10468fe24d53407dcf98bcf3bcea75ed2f69128158fc7126bc5146348b85b50
Instruction Fuzzy Hash: 1861AE726083019FD712DF24E988F6ABBE8AF44714F14491EF9859B391DB70ED48CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00362E26 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 186windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00362EAE

Part of subcall function 00361DB3: GetClientRect.USER32(?,?), ref: 00361DDC
Part of subcall function 00361DB3: GetWindowRect.USER32 ref: 00361E1D
Part of subcall function 00361DB3: ScreenToClient.USER32(?,?), ref: 00361E45

GetDC.USER32 ref: 0039CF82
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0039CF95
SelectObject.GDI32(00000000,00000000), ref: 0039CFA3
SelectObject.GDI32(00000000,00000000), ref: 0039CFB8
ReleaseDC.USER32(?,00000000), ref: 0039CFC0
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0039D04B

Strings

@U=u, xrefs: 0039CF95
U, xrefs: 0039CF20

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: @U=u$U
API String ID: 4009187628-4110099822
Opcode ID: de9c6fe41b1242890659074be80cbd9bbafebdb92d4ae4aa2b188953fcbf5f2d
Instruction ID: e7485ed29f9f7415b981c47eaea0e513fa8455c20148a2b25103dd4d684f47ed
Opcode Fuzzy Hash: de9c6fe41b1242890659074be80cbd9bbafebdb92d4ae4aa2b188953fcbf5f2d
Instruction Fuzzy Hash: 6F71C531500205DFCF23DF64C885AEA7BBAFF49350F15827AED565A2AAC7318C52DB60

Uniqueness

Uniqueness Score: -1.00%

Function 003CB72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 003CB73B
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003CB7B1
GetLastError.KERNEL32 ref: 003CB7BB
SetErrorMode.KERNEL32(00000000,READY), ref: 003CB828

Strings

READONLY, xrefs: 003CB7F3
INVALID, xrefs: 003CB7FA
UNKNOWN, xrefs: 003CB7E0
READY, xrefs: 003CB801
NOTREADY, xrefs: 003CB7E7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 386374763cb41c9d34350543b79b908fa63bc911e3536fba9b3ee94e4d3f590b
Instruction ID: 72f14842d02165461e65bee2a5a1086a9832d1c3327082ffe6170f2ccdb8ea68
Opcode Fuzzy Hash: 386374763cb41c9d34350543b79b908fa63bc911e3536fba9b3ee94e4d3f590b
Instruction Fuzzy Hash: A6318335A002099FDB12EF64C886FEEBBB8EF44700F14812AE901DB291DB719D42C751

Uniqueness

Uniqueness Score: -1.00%

Function 003E6442 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 003E645A
GetDC.USER32 ref: 003E6462
GetDeviceCaps.GDI32 ref: 003E646D
ReleaseDC.USER32(00000000,00000000), ref: 003E6479
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 003E64B5
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003E64C6
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003E9299,?,?,000000FF,00000000,?,000000FF,?), ref: 003E6500
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003E6520

Strings

@U=u, xrefs: 003E64C6, 003E6520

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID: @U=u
API String ID: 3864802216-2594219639
Opcode ID: d48efdde5918ca5b9e0bf8b8bb135ff6956bcf88129f9859528a6a708d6e2361
Instruction ID: 5318f5138a2cc46456e19230ba5adc016e332a3574e5f6ebd42f1b162d985b3d
Opcode Fuzzy Hash: d48efdde5918ca5b9e0bf8b8bb135ff6956bcf88129f9859528a6a708d6e2361
Instruction Fuzzy Hash: 49317071200154AFEB228F51CC86FEA3BADEF19761F054165FE089E1D1C6B59C41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003C4189 Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 003C419D
__swprintf.LIBCMT ref: 003C41AA

Part of subcall function 003838D8: __woutput_l.LIBCMT ref: 00383931

FindResourceW.KERNEL32(?,?,0000000E), ref: 003C41D4
LoadResource.KERNEL32(?,00000000), ref: 003C41E0
LockResource.KERNEL32(00000000), ref: 003C41ED
FindResourceW.KERNEL32(?,?,00000003), ref: 003C420D
LoadResource.KERNEL32(?,00000000), ref: 003C421F
SizeofResource.KERNEL32(?,00000000), ref: 003C422E
LockResource.KERNEL32(?), ref: 003C423A
CreateIconFromResourceEx.USER32 ref: 003C429B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
String ID:
API String ID: 1433390588-0
Opcode ID: 79eacb77a8435e62660a196acbaaac5bd6658be23d23f3231e2f6969600a3526
Instruction ID: 9c162fb0e98e55debba54e6cc6bd8e239652a05088b72a90c0b952e83a392991
Opcode Fuzzy Hash: 79eacb77a8435e62660a196acbaaac5bd6658be23d23f3231e2f6969600a3526
Instruction Fuzzy Hash: D631AE76A0124AAFCB229F60DC99EBF7BACEF08301F048929F901D6150D774DE51CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003C16DE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 003C1700
GetForegroundWindow.USER32(00000000,?,?,?,?,?,003C0778,?,00000001), ref: 003C1714
GetWindowThreadProcessId.USER32 ref: 003C171B
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003C0778,?,00000001), ref: 003C172A
GetWindowThreadProcessId.USER32 ref: 003C173C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003C0778,?,00000001), ref: 003C1755
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003C0778,?,00000001), ref: 003C1767
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003C0778,?,00000001), ref: 003C17AC
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,003C0778,?,00000001), ref: 003C17C1
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,003C0778,?,00000001), ref: 003C17CC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: f89d1e69c219dfa3e8baf7ec9dff31d26438e6ea17f5314262a519d027142d85
Instruction ID: 8573f4c46a717306b4d324acb5127fed6edd9f9a7903226a1db6853f4324689c
Opcode Fuzzy Hash: f89d1e69c219dfa3e8baf7ec9dff31d26438e6ea17f5314262a519d027142d85
Instruction Fuzzy Hash: C831C175608208BFEB339F14DD84F797BEDEB56711F128028F900CA2A1D7B49D409B64

Uniqueness

Uniqueness Score: -1.00%

Function 003D9428 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 263COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003D947C
VariantInit.OLEAUT32(?), ref: 003D954D
VariantInit.OLEAUT32(?), ref: 003D964E
VariantClear.OLEAUT32(?), ref: 003D9658
VariantClear.OLEAUT32(?), ref: 003D96B5

Strings

Incorrect Object type in FOR..IN loop, xrefs: 003D9631
Null Object assignment in FOR..IN loop, xrefs: 003D94DD, 003D960B, 003D96C3
,,?, xrefs: 003D94FA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$ClearInit$_memset
String ID: ,,?$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2862541840-1974717164
Opcode ID: 954fa9d93798c355ad351ab2798ca62c860c3f3196a0d5349c59bbb608559931
Instruction ID: 482d496c8b09773d144cd5e837cf1c4ab6e37c314cae8b12555ad628ab384b86
Opcode Fuzzy Hash: 954fa9d93798c355ad351ab2798ca62c860c3f3196a0d5349c59bbb608559931
Instruction Fuzzy Hash: 2891AF72A00205AFDF22DFA5E844FAEBBB8EF45724F10815BF515AB280D7709945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 003BA693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,003BAA64), ref: 003BA9A2

Strings

INSTANCE, xrefs: 003BA8B0
CLASSNN, xrefs: 003BA744
NAME, xrefs: 003BA7D4
TEXT, xrefs: 003BA8D9
CLASS, xrefs: 003BA721
REGEXPCLASS, xrefs: 003BA767

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: 58a928f5adba99c31670774ef701049320376751b14e20661433fed2b058bfda
Instruction ID: 6cfe6b4bfd6715857a26cddb5ccc13386175574f7f1d421348294345c10dfc39
Opcode Fuzzy Hash: 58a928f5adba99c31670774ef701049320376751b14e20661433fed2b058bfda
Instruction Fuzzy Hash: A791DB30600E0AEBDB1AEF70C481BEDFB75BF04308F518119D699AB941DF306999DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003EB60B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 199windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00F95FC8), ref: 003EB6A5
IsWindowEnabled.USER32 ref: 003EB6B1
SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 003EB795
SendMessageW.USER32(00F95FC8,000000B0,?,?), ref: 003EB7CC
IsDlgButtonChecked.USER32 ref: 003EB809
GetWindowLongW.USER32(00F95FC8,000000EC), ref: 003EB82B
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 003EB843

Strings

@U=u, xrefs: 003EB795, 003EB7CC, 003EB843

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID: @U=u
API String ID: 4072528602-2594219639
Opcode ID: d07cb17f1822899e9585890bdd6edb05642412a39e9c2f168f175f6d1ee48e4c
Instruction ID: 591861249311a3f8009e5b7e36e83d4892b6becae2d10529e1990c5648eb3a32
Opcode Fuzzy Hash: d07cb17f1822899e9585890bdd6edb05642412a39e9c2f168f175f6d1ee48e4c
Instruction Fuzzy Hash: 7F7191346002A4AFDB239F56C8D4FABBBB9FF49300F164269E945973E1C731A951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003E6FEF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003E7093
SendMessageW.USER32(?,00001036,00000000,?), ref: 003E70A7
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003E70C1
_wcscat.LIBCMT ref: 003E711C
SendMessageW.USER32(?,00001057,00000000,?), ref: 003E7133
SendMessageW.USER32(?,00001061,?,0000000F), ref: 003E7161

Strings

@U=u, xrefs: 003E7093, 003E70A7
SysListView32, xrefs: 003E7065

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Window_wcscat
String ID: @U=u$SysListView32
API String ID: 307300125-1908207174
Opcode ID: ec4f6ea748a87c80a213eb95de289e2ba13ebaa8c5d2b7d3bc3ba3444b1994fb
Instruction ID: 27903c69a58281de7e1c88bd455ff5c8db0d34bee37ff3229d126d5be0e2f74e
Opcode Fuzzy Hash: ec4f6ea748a87c80a213eb95de289e2ba13ebaa8c5d2b7d3bc3ba3444b1994fb
Instruction Fuzzy Hash: C241C570A04398AFEB229F65CC85BEE77A8EF08350F11462AF544E71D1D7719D848B50

Uniqueness

Uniqueness Score: -1.00%

Function 003E653C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003E655B
GetWindowLongW.USER32(00F95FC8,000000F0), ref: 003E658E
GetWindowLongW.USER32(00F95FC8,000000F0), ref: 003E65C3
SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 003E65F5
SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 003E661F
GetWindowLongW.USER32(00000000,000000F0), ref: 003E6630
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 003E664A

Strings

@U=u, xrefs: 003E655B, 003E65F5, 003E661F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID: @U=u
API String ID: 2178440468-2594219639
Opcode ID: 6b49646932e15dd1ab88acaa91a1b68ff15c83511697b2bf0739691385e0fd4d
Instruction ID: c023f5902830f5673994ba38d9b1846be9ff4d07201dd8d9286b6e3a167e32bb
Opcode Fuzzy Hash: 6b49646932e15dd1ab88acaa91a1b68ff15c83511697b2bf0739691385e0fd4d
Instruction Fuzzy Hash: C831E4307042A0AFDB329F19DC86F5537E5BB5A790F1A0268F5118F2F6CB61A8409B51

Uniqueness

Uniqueness Score: -1.00%

Function 003D8F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,003EF910), ref: 003D903D
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,003EF910), ref: 003D9071
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 003D91EB
SysFreeString.OLEAUT32(?), ref: 003D9215

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: 82a99edadd74f881525543b3bb72fbaa9dfa9ad8a9381c1baaac30d8c84baa2c
Instruction ID: c59116680eb11a8c000998a2876e44b2e8b289d438fa28d35f37def7a40f9a7f
Opcode Fuzzy Hash: 82a99edadd74f881525543b3bb72fbaa9dfa9ad8a9381c1baaac30d8c84baa2c
Instruction Fuzzy Hash: 31F13876A00209EFCF05DF94D888EAEB7B9FF49314F11815AF515AB290CB31AE46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003DF9A8 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003DF9C9
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003DFB5C
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003DFB80
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003DFBC0
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003DFBE2
CreateProcessW.KERNEL32 ref: 003DFD5E
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 003DFD90
CloseHandle.KERNEL32(?), ref: 003DFDBF
CloseHandle.KERNEL32(?), ref: 003DFE36

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
String ID:
API String ID: 4090791747-0
Opcode ID: 7cb0c3763c1e4e4504905dbbfcc19dc09e8fe95f5301087dddb721a414c85bbc
Instruction ID: 7fa9b93a4ba44bd288a90ba05cb39efab64d8572c97cc01fa2605a75a7f87e24
Opcode Fuzzy Hash: 7cb0c3763c1e4e4504905dbbfcc19dc09e8fe95f5301087dddb721a414c85bbc
Instruction Fuzzy Hash: EEE193322043419FC716EF24D891B6ABBE5AF84314F15856EF89A8F3A2DB31DC45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003C4F63 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003C48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003C38D3,?), ref: 003C48C7

Part of subcall function 003C48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003C38D3,?), ref: 003C48E0

Part of subcall function 003C4CD3: GetFileAttributesW.KERNEL32(?,003C3947), ref: 003C4CD4

lstrcmpiW.KERNEL32(?,?), ref: 003C4FE2
_wcscmp.LIBCMT ref: 003C4FFC
MoveFileW.KERNEL32 ref: 003C5017

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
String ID:
API String ID: 793581249-0
Opcode ID: 30fa2e87655ca39b4fac5eb63977bbf578007a8a3beb35ae7d01cae0259b973c
Instruction ID: 47170f164278ec37dd69feee5b194e7fe966f49e83c89ee7c64bcf0545430ded
Opcode Fuzzy Hash: 30fa2e87655ca39b4fac5eb63977bbf578007a8a3beb35ae7d01cae0259b973c
Instruction Fuzzy Hash: BF5155B20087855BC726EB50C895EDFB3DCAF84341F04492EF585D7151EF74B5888766

Uniqueness

Uniqueness Score: -1.00%

Function 003B8E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,003B8A84,00000B00,?,?), ref: 003B8E0C
HeapAlloc.KERNEL32(00000000,?,003B8A84,00000B00,?,?), ref: 003B8E13
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003B8A84,00000B00,?,?), ref: 003B8E28
GetCurrentProcess.KERNEL32(?,00000000,?,003B8A84,00000B00,?,?), ref: 003B8E30
DuplicateHandle.KERNEL32(00000000,?,003B8A84,00000B00,?,?), ref: 003B8E33
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,003B8A84,00000B00,?,?), ref: 003B8E43
GetCurrentProcess.KERNEL32(003B8A84,00000000,?,003B8A84,00000B00,?,?), ref: 003B8E4B
DuplicateHandle.KERNEL32(00000000,?,003B8A84,00000B00,?,?), ref: 003B8E4E
CreateThread.KERNEL32 ref: 003B8E68

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: e8a1f30a810c1617bbb3bef2de562d8a5f786933116f0c4a861d0bb289937438
Instruction ID: dcc84786cf39bf410b9419ce0fb28625f6f666dd9ae760f68aae92199c4435f4
Opcode Fuzzy Hash: e8a1f30a810c1617bbb3bef2de562d8a5f786933116f0c4a861d0bb289937438
Instruction Fuzzy Hash: 7101AC75240348FFE621AB65DC89F573B6CEB89711F018521FA05DF1D1CAB09800CA20

Uniqueness

Uniqueness Score: -1.00%

Function 003D9A72 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 003B7652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?,?,003B799D), ref: 003B766F
Part of subcall function 003B7652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?), ref: 003B768A
Part of subcall function 003B7652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?), ref: 003B7698
Part of subcall function 003B7652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?), ref: 003B76A8

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 003D9B1B
_memset.LIBCMT ref: 003D9B28
_memset.LIBCMT ref: 003D9C6B
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 003D9C97
CoTaskMemFree.OLE32(?), ref: 003D9CA2

Strings

NULL Pointer assignment, xrefs: 003D9CF0

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
String ID: NULL Pointer assignment
API String ID: 1300414916-2785691316
Opcode ID: ab6cf6a125d464c9b13380a02b0862972fcc89afa5d54dcad0f406482018eb3f
Instruction ID: 2fc61802556f606233bf26ccf3c6c39295a23816b9c0fe0fc6574443006b2931
Opcode Fuzzy Hash: ab6cf6a125d464c9b13380a02b0862972fcc89afa5d54dcad0f406482018eb3f
Instruction Fuzzy Hash: D8913D72D00219EBDB12DFA4DC81EDEBBB9EF08710F10815AF519AB281DB715A44CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 003DEC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 003C3E91: CreateToolhelp32Snapshot.KERNEL32 ref: 003C3EB6
Part of subcall function 003C3E91: Process32FirstW.KERNEL32 ref: 003C3EC4
Part of subcall function 003C3E91: CloseHandle.KERNEL32(00000000), ref: 003C3F8E

OpenProcess.KERNEL32(00000001,00000000,?), ref: 003DECB8
GetLastError.KERNEL32 ref: 003DECCB
OpenProcess.KERNEL32(00000001,00000000,?), ref: 003DECFA
TerminateProcess.KERNEL32(00000000,00000000), ref: 003DED77
GetLastError.KERNEL32(00000000), ref: 003DED82
CloseHandle.KERNEL32(00000000), ref: 003DEDB7

Strings

SeDebugPrivilege, xrefs: 003DECD6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 2bad19e9691fbb0051f0735b97631f7e664dfd8fffe31b6017a100d9974266f7
Instruction ID: fd42ec561a1ab87ab5b1fd8baf42a74beedf5dd7cc24b7b8069f3dd0da1efa29
Opcode Fuzzy Hash: 2bad19e9691fbb0051f0735b97631f7e664dfd8fffe31b6017a100d9974266f7
Instruction Fuzzy Hash: 9541AE712002009FDB26EF24DC96F6DBBA9AF40714F08805AF9469F3D2DFB5A814CB95

Uniqueness

Uniqueness Score: -1.00%

Function 003EB958 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(004267B0,00000000,00F95FC8,?,?,004267B0,?,003EB862,?,?), ref: 003EB9CC
EnableWindow.USER32(00000000,00000000,?,003EB862,?,?), ref: 003EB9F0
ShowWindow.USER32(004267B0,00000000,00F95FC8,?,?,004267B0,?,003EB862,?,?), ref: 003EBA50
ShowWindow.USER32(00000000,00000004,?,003EB862,?,?), ref: 003EBA62
EnableWindow.USER32(00000000,00000001,?,003EB862,?,?), ref: 003EBA86
SendMessageW.USER32(?,0000130C,?,00000000), ref: 003EBAA9

Strings

@U=u, xrefs: 003EBAA9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID: @U=u
API String ID: 642888154-2594219639
Opcode ID: c6e35b6ae0b2d069b458a409a2137fb600dc492a1922b0c8683a6b4a2f74b9ed
Instruction ID: 108b45f5c4920ff74665c908324021dd28b44efbe60d2053e190868f5f846b64
Opcode Fuzzy Hash: c6e35b6ae0b2d069b458a409a2137fb600dc492a1922b0c8683a6b4a2f74b9ed
Instruction Fuzzy Hash: 7F414F306002A1AFDB23CF55C489BA6BBE1BB05310F1943B9FA489F2E3C771A845CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003C3226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 003C32C5

Strings

question, xrefs: 003C327E
blank, xrefs: 003C3247
info, xrefs: 003C3266
stop, xrefs: 003C3296
warning, xrefs: 003C32AE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: ede6bcdcfa1d37951173921c8e51ac8062396cd278e276723eb62d5db1c66f82
Instruction ID: d23ef94130d87046f456c7622ccfe501e4f3a3307ed26e3e497c98314ba93dc4
Opcode Fuzzy Hash: ede6bcdcfa1d37951173921c8e51ac8062396cd278e276723eb62d5db1c66f82
Instruction Fuzzy Hash: C011EB31249346BAAB036A54DC42EAAB39CDF19B70F20446EF500DA2C1D6BA5F4047A5

Uniqueness

Uniqueness Score: -1.00%

Function 003C4534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003C454E
LoadStringW.USER32 ref: 003C4555
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003C456B
LoadStringW.USER32 ref: 003C4572
_wprintf.LIBCMT ref: 003C4598
MessageBoxW.USER32 ref: 003C45B6

Strings

%s (%d) : ==> %s: %s %s, xrefs: 003C4593

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: efedec33f430e4cbb2417ce39c31937df1a602057d5f3185d634b1c9deb1279e
Instruction ID: 778e47e5f88096cc514f14991a718e4527e67b7cbeda0399eb54fb20ee9ac0de
Opcode Fuzzy Hash: efedec33f430e4cbb2417ce39c31937df1a602057d5f3185d634b1c9deb1279e
Instruction Fuzzy Hash: 2E0162F6900248BFE722A7A0DD89FF7776CD708301F0006A5BB45D6091EAB49E858B74

Uniqueness

Uniqueness Score: -1.00%

Function 00362A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0039C417,00000004,00000000,00000000,00000000), ref: 00362ACF
ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,0039C417,00000004,00000000,00000000,00000000,000000FF), ref: 00362B17
ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,0039C417,00000004,00000000,00000000,00000000), ref: 0039C46A
ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0039C417,00000004,00000000,00000000,00000000), ref: 0039C4D6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 96225a7fd446dca6fc6759375e184bf777d47547212c1c6dc604a64323565490
Instruction ID: e523ffe0fe89c6b0729259a41ffb50e72ddcb087fa68a9392555973760760051
Opcode Fuzzy Hash: 96225a7fd446dca6fc6759375e184bf777d47547212c1c6dc604a64323565490
Instruction Fuzzy Hash: 62412830718BC09ECB378B69DCD877B7B9AAB45300F57C91DE0878B9A5CAB59841E710

Uniqueness

Uniqueness Score: -1.00%

Function 003C7368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 003C737F

Part of subcall function 00380FF6: std::exception::exception.LIBCMT ref: 0038102C
Part of subcall function 00380FF6: __CxxThrowException@8.LIBCMT ref: 00381041

ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 003C73B6
EnterCriticalSection.KERNEL32(?), ref: 003C73D2
_memmove.LIBCMT ref: 003C7420
_memmove.LIBCMT ref: 003C743D
LeaveCriticalSection.KERNEL32(?), ref: 003C744C
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 003C7461
InterlockedExchange.KERNEL32(?,000001F6), ref: 003C7480

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
String ID:
API String ID: 256516436-0
Opcode ID: 98c7681af4c0f974e2ebda4f534bbb5cd79d6fe1c2226703528259536549e865
Instruction ID: ed2811a1be8799218a214c05b029d48ac47b50d279ef200f7ca5571ed39dfedc
Opcode Fuzzy Hash: 98c7681af4c0f974e2ebda4f534bbb5cd79d6fe1c2226703528259536549e865
Instruction Fuzzy Hash: 3C31AD75900205EFCF11EF64DC85AAABB78EF44310F1481A9FA04EF286DB709E14CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003BC072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 003BC087
_memcmp.LIBCMT ref: 003BC0A9
_memcmp.LIBCMT ref: 003BC0C1
_memcmp.LIBCMT ref: 003BC0D4
_memcmp.LIBCMT ref: 003BC0EE
_memcmp.LIBCMT ref: 003BC101
_memcmp.LIBCMT ref: 003BC119
_memcmp.LIBCMT ref: 003BC134

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 1c558bf993be6d9655bf52c853d0805d223b260aa22254d614f4f879ae2c4e14
Instruction ID: d0d0898959b440549d70b335559f6f93a82916e5505e762e858b97105d100e75
Opcode Fuzzy Hash: 1c558bf993be6d9655bf52c853d0805d223b260aa22254d614f4f879ae2c4e14
Instruction Fuzzy Hash: 25219271B52209BBD637B5259D42FFB639CAF1039CB045020FF05AAA82F751DE1282A5

Uniqueness

Uniqueness Score: -1.00%

Function 003CED8E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

Part of subcall function 0037FEC6: _wcscpy.LIBCMT ref: 0037FEE9

_wcstok.LIBCMT ref: 003CEEFF
_wcscpy.LIBCMT ref: 003CEF8E
_memset.LIBCMT ref: 003CEFC1

Strings

X, xrefs: 003CEFFE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscpy$__itow__swprintf_memset_wcstok
String ID: X
API String ID: 774024439-3081909835
Opcode ID: d2d58de729d035b0d3075b77397fb2378862f6ded85cf740c29ec48f89333802
Instruction ID: 01b06bc30b4f75793055729cf1800ea1721715d2d66431472e46fa349de10180
Opcode Fuzzy Hash: d2d58de729d035b0d3075b77397fb2378862f6ded85cf740c29ec48f89333802
Instruction Fuzzy Hash: 9FC16C715083409FC726EF24C881F5AB7E9AF84314F15896DF899DB2A2DB70ED45CB82

Uniqueness

Uniqueness Score: -1.00%

Function 003D6E17 Relevance: 10.8, APIs: 7, Instructions: 250networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?), ref: 003D6F14
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003D6F35
WSAGetLastError.WSOCK32(00000000), ref: 003D6F48
htons.WSOCK32(?), ref: 003D6FFE
inet_ntoa.WSOCK32(?), ref: 003D6FBB

Part of subcall function 003BAE14: _strlen.LIBCMT ref: 003BAE1E
Part of subcall function 003BAE14: _memmove.LIBCMT ref: 003BAE40

_strlen.LIBCMT ref: 003D7058
_memmove.LIBCMT ref: 003D70C1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
String ID:
API String ID: 3619996494-0
Opcode ID: 28406e617eea27c1b1b6947665967ff1ae1748f3d297f9a4f80ee2ab84d65de3
Instruction ID: d4094840e109451e86af4e36694a794b09465d12eec526d663cd44694bfe9b9c
Opcode Fuzzy Hash: 28406e617eea27c1b1b6947665967ff1ae1748f3d297f9a4f80ee2ab84d65de3
Instruction Fuzzy Hash: F381DF72508300ABD712EB24DC86F6BB3EDAF84714F108A1EF5559B2D2DB71AD04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00361424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8577798fe1c8b4a2f464905f22d6abdac32a31ea7fbbfb3946ca737f527860e8
Instruction ID: 856c9ca73face7140979105b4af1888b1fed83e0813c3a3dc2f8a4f63a3d1f70
Opcode Fuzzy Hash: 8577798fe1c8b4a2f464905f22d6abdac32a31ea7fbbfb3946ca737f527860e8
Instruction Fuzzy Hash: 5E716A30900109EFCB16CF99CC89ABEBB79FF85310F29C159F915AB255C770AA51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003DF732 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003DF75C
_memset.LIBCMT ref: 003DF825
ShellExecuteExW.SHELL32 ref: 003DF86A

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

Part of subcall function 0037FEC6: _wcscpy.LIBCMT ref: 0037FEE9

GetProcessId.KERNEL32(00000000), ref: 003DF8E1
CloseHandle.KERNEL32(00000000), ref: 003DF910

Strings

@, xrefs: 003DF839

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
String ID: @
API String ID: 3522835683-2766056989
Opcode ID: 8ebef8a05c63b526f8aaa8f556d4a362ccff076aa83cb1db3b0afa156bc85831
Instruction ID: f6c5bb8a94a700f1ddccc70d67783eab5ae1e6cc41b459a0249b0678af3bf866
Opcode Fuzzy Hash: 8ebef8a05c63b526f8aaa8f556d4a362ccff076aa83cb1db3b0afa156bc85831
Instruction Fuzzy Hash: F8618D75A00619DFCF16EF54D481AAEBBF9FF48310F15846AE84AAB351CB30AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003C145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 003C149C
GetKeyboardState.USER32(?), ref: 003C14B1
SetKeyboardState.USER32(?), ref: 003C1512
PostMessageW.USER32(?,00000101,00000010,?), ref: 003C1540
PostMessageW.USER32(?,00000101,00000011,?), ref: 003C155F
PostMessageW.USER32(?,00000101,00000012,?), ref: 003C15A5
PostMessageW.USER32(?,00000101,0000005B,?), ref: 003C15C8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 187a6f7e707e9b19b4a42bec78dabf2ee2638f6df6c2e42e849974d2e736f087
Instruction ID: 1f697ee8bf2d220caedcc878b7672ace5734a085fa94a5826c2712696c37a6d0
Opcode Fuzzy Hash: 187a6f7e707e9b19b4a42bec78dabf2ee2638f6df6c2e42e849974d2e736f087
Instruction Fuzzy Hash: 1C51DEA0A046D53EFB3786248C45FBABEA96B47304F09858DE5D5DA8C3C2D8EC94E750

Uniqueness

Uniqueness Score: -1.00%

Function 003C1276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 003C12B5
GetKeyboardState.USER32(?), ref: 003C12CA
SetKeyboardState.USER32(?), ref: 003C132B
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003C1357
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003C1374
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003C13B8
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003C13D9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 153ff2766004976dec29a969f68c4d34128b2767c58521d885998223fc31581c
Instruction ID: a91158fe32d0fd5b68d6214435033d5a684854a1755219019dd832180771922a
Opcode Fuzzy Hash: 153ff2766004976dec29a969f68c4d34128b2767c58521d885998223fc31581c
Instruction Fuzzy Hash: 8451DFA09046D53DFB3782258C45FBABEA96B07304F08858DE1D4DA8C3D795AC98F760

Uniqueness

Uniqueness Score: -1.00%

Function 003C589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 003C58AC
_wcsncpy.LIBCMT ref: 003C58E1
_wcsncpy.LIBCMT ref: 003C5913
_wcsncpy.LIBCMT ref: 003C5946
_wcsncpy.LIBCMT ref: 003C5988
_wcsncpy.LIBCMT ref: 003C59C2
_wcsncpy.LIBCMT ref: 003C59F1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcsncpy$LocalTime
String ID:
API String ID: 2945705084-0
Opcode ID: aa5a5cdc8ed1158cf52bcdeab992f390c6de4e3d265b2a29b59bf6e9b0afa9ce
Instruction ID: 09dbe5a21bc9e878b9e7f062946d2ae9110857aafcdf9fe7ad585570f44dc66e
Opcode Fuzzy Hash: aa5a5cdc8ed1158cf52bcdeab992f390c6de4e3d265b2a29b59bf6e9b0afa9ce
Instruction Fuzzy Hash: B9418669C2061476CB12F7B4888AECF73B89F04710F509996F914E7212E734E755C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 003EA2C5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

@U=u, xrefs: 003EA3BE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: @U=u
API String ID: 0-2594219639
Opcode ID: 546591fc79d599cdb217b1948c6c75e4782ea3d39d3fb9fa873e707eb266008b
Instruction ID: afb20de57d9d7e4eda78ff5ed4f3294f5c404f1b0059f1c06010ab4c0dac765e
Opcode Fuzzy Hash: 546591fc79d599cdb217b1948c6c75e4782ea3d39d3fb9fa873e707eb266008b
Instruction Fuzzy Hash: E8413B399006A4AFC722DF2ACC84FE9BBA8FB09310F164365F855A72E1C770BD41DA51

Uniqueness

Uniqueness Score: -1.00%

Function 003C38AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003C48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003C38D3,?), ref: 003C48C7

Part of subcall function 003C48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003C38D3,?), ref: 003C48E0

lstrcmpiW.KERNEL32(?,?), ref: 003C38F3
_wcscmp.LIBCMT ref: 003C390F
MoveFileW.KERNEL32 ref: 003C3927
_wcscat.LIBCMT ref: 003C396F
SHFileOperationW.SHELL32(?), ref: 003C39DB

Strings

\*.*, xrefs: 003C3969

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
String ID: \*.*
API String ID: 1377345388-1173974218
Opcode ID: d68f92c9dffed1a61c5ffd85d2bd0948c8259e3f1439b90ec284e01ddc982a6c
Instruction ID: a7706d3b3cecd67f9180baa48a87f723bd6b2d63f70b190affd237048456a7b0
Opcode Fuzzy Hash: d68f92c9dffed1a61c5ffd85d2bd0948c8259e3f1439b90ec284e01ddc982a6c
Instruction Fuzzy Hash: 78416DB14093849AC753EF64C481FDBB7ECAF88340F00492EB499C7161EB74DA88C752

Uniqueness

Uniqueness Score: -1.00%

Function 003E7500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003E7519
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003E75C0
IsMenu.USER32 ref: 003E75D8
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003E7620
DrawMenuBar.USER32 ref: 003E7633

Strings

0, xrefs: 003E750D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert_memset
String ID: 0
API String ID: 3866635326-4108050209
Opcode ID: 62ba2897ccf702986e976de56072b612f18f7fc4e39ce304180e2865820c2791
Instruction ID: f8a6cb2b89f5a72176f95c5042840430b1eaeca9ef8175124cd041733a4c95d1
Opcode Fuzzy Hash: 62ba2897ccf702986e976de56072b612f18f7fc4e39ce304180e2865820c2791
Instruction Fuzzy Hash: 10416A70A04698EFDB21DF55D884E9ABBF8FF45314F058229E9159B290D730AD00CF90

Uniqueness

Uniqueness Score: -1.00%

Function 003E122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32 ref: 003E125C
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E1286
FreeLibrary.KERNEL32(00000000), ref: 003E133D

Part of subcall function 003E122D: RegCloseKey.ADVAPI32(?), ref: 003E12A3
Part of subcall function 003E122D: FreeLibrary.KERNEL32(?), ref: 003E12F5
Part of subcall function 003E122D: RegEnumKeyExW.ADVAPI32 ref: 003E1318

RegDeleteKeyW.ADVAPI32 ref: 003E12E0

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: 00538272afe4032e814bb04a7aa8625e403a4b53ac04868aebf7a58d830f5665
Instruction ID: 67ff6b3a1c7497b95c70bdfe7a9f1032242bfb19f3f3e8efc7bc57a7ce1bd572
Opcode Fuzzy Hash: 00538272afe4032e814bb04a7aa8625e403a4b53ac04868aebf7a58d830f5665
Instruction Fuzzy Hash: A4312BB5901159BFDB16DB91DC89AFEB7BCEF08300F00066AE502E6191EA749F459AA0

Uniqueness

Uniqueness Score: -1.00%

Function 003D6486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON

Download Yara Rule

APIs

Part of subcall function 003D80A0: inet_addr.WSOCK32(00000000), ref: 003D80CB

socket.WSOCK32(00000002,00000001,00000006), ref: 003D64D9
WSAGetLastError.WSOCK32(00000000), ref: 003D64E8
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 003D6521
connect.WSOCK32(00000000,?,00000010), ref: 003D652A
WSAGetLastError.WSOCK32 ref: 003D6534
closesocket.WSOCK32(00000000), ref: 003D655D
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 003D6576

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
String ID:
API String ID: 910771015-0
Opcode ID: ae7bf18bf6d14cd3a9bb633a707ad6cfc5b9f5c33654c3c100961b0c80935eb0
Instruction ID: 4548d49c40b9756b1fd2dc73e742001ab9c57a1c57de939e0cf821f2e9a27e76
Opcode Fuzzy Hash: ae7bf18bf6d14cd3a9bb633a707ad6cfc5b9f5c33654c3c100961b0c80935eb0
Instruction Fuzzy Hash: 7231D532600218AFDB129F54EC86BBE77BDEB45310F05806AF9159B391CB70AD44CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003B9372 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003B93F6
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003B9409
SendMessageW.USER32(?,00000189,?,00000000), ref: 003B9439

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Strings

@U=u, xrefs: 003B93F6, 003B9409, 003B9439
ComboBox, xrefs: 003B9380
ListBox, xrefs: 003B93B5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$_memmove$ClassName
String ID: @U=u$ComboBox$ListBox
API String ID: 365058703-2258501812
Opcode ID: 95a000a4ca56b8592960eb65277a33fe4cc4239cecb1062b1f7c5cea77fd0bcc
Instruction ID: 0ed6c52d4de8860533454398a1e35d577e1156ad9bb242c139f5b149dd36ec5a
Opcode Fuzzy Hash: 95a000a4ca56b8592960eb65277a33fe4cc4239cecb1062b1f7c5cea77fd0bcc
Instruction Fuzzy Hash: 9321E471900104BFDB16ABB1CC85EFFB76CDF05354F11822AFA259B5E1DB754A0A9620

Uniqueness

Uniqueness Score: -1.00%

Function 003BE0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003BE0FA
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003BE120
SysAllocString.OLEAUT32(00000000), ref: 003BE123
SysAllocString.OLEAUT32 ref: 003BE144
SysFreeString.OLEAUT32 ref: 003BE14D
StringFromGUID2.OLE32(?,?,00000028), ref: 003BE167
SysAllocString.OLEAUT32(?), ref: 003BE175

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 5dfae6d9902da6a7fb582d7662dc3f33548b160ca1b1b37e14e052500b391b4f
Instruction ID: 9378402f9fda2ab47ad27c1f59da5561a859c04ddd2e715aabbc08fdbe01720b
Opcode Fuzzy Hash: 5dfae6d9902da6a7fb582d7662dc3f33548b160ca1b1b37e14e052500b391b4f
Instruction Fuzzy Hash: 8621BB71200108AFDB11AFADDC84CEB77ECEB09764B108235FA14CB6E0DA70DC418B60

Uniqueness

Uniqueness Score: -1.00%

Function 003BB6AF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 003BB6C7
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003BB6E4
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003BB71C
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003BB742
_wcsstr.LIBCMT ref: 003BB74C

Strings

@U=u, xrefs: 003BB6E4, 003BB71C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
String ID: @U=u
API String ID: 3902887630-2594219639
Opcode ID: 1c2b56b2187bd00a7307dad778983889e68d3b0f6d9649353ee4643d47c701d6
Instruction ID: b5012e78260466cbd77147655275f1305adf9cf2dc4b1d330f81a8d771754657
Opcode Fuzzy Hash: 1c2b56b2187bd00a7307dad778983889e68d3b0f6d9649353ee4643d47c701d6
Instruction Fuzzy Hash: 47210771204244BBEB275B399C4AEBBBB9CDF85710F014069FD05CE1A1EFA1DC419360

Uniqueness

Uniqueness Score: -1.00%

Function 003B97E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003B9802

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003B9834
__itow.LIBCMT ref: 003B984C
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003B9874
__itow.LIBCMT ref: 003B9885

Strings

@U=u, xrefs: 003B9802, 003B9834, 003B9874

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$__itow$_memmove
String ID: @U=u
API String ID: 2983881199-2594219639
Opcode ID: 44d1d8d07ad30f08acaf4912e07105a909b8563e9e1f2b87988b5e93be933dd6
Instruction ID: b9f81c32032734db59899c145d9af1bf593841a3ac6591bd94ffad02bb2c2831
Opcode Fuzzy Hash: 44d1d8d07ad30f08acaf4912e07105a909b8563e9e1f2b87988b5e93be933dd6
Instruction Fuzzy Hash: 6D21C531B00248AFDB22AA658C86FEE7BADEF4A718F044026FB04DF291D671CD458791

Uniqueness

Uniqueness Score: -1.00%

Function 003E783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00361D35: CreateWindowExW.USER32 ref: 00361D73
Part of subcall function 00361D35: GetStockObject.GDI32(00000011), ref: 00361D87
Part of subcall function 00361D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00361D91

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003E78A1
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003E78AE
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003E78B9
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003E78C8
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003E78D4

Strings

Msctls_Progress32, xrefs: 003E7872

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: dc668fe5f4679e7bf5e12266c900266b586076af866914ba2d3926cf17f07cdb
Instruction ID: c7422fcac766ba5d35e526cadbfa5a6349a7e4b7dc8eb6b8f1c1dd95c640d592
Opcode Fuzzy Hash: dc668fe5f4679e7bf5e12266c900266b586076af866914ba2d3926cf17f07cdb
Instruction Fuzzy Hash: CD1194B2550229BFEF169F61CC86EE77F6DEF08758F014215FA04A6090C7729C21DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003841C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00384292,?), ref: 003841E3
GetProcAddress.KERNEL32(00000000), ref: 003841EA
EncodePointer.KERNEL32(00000000), ref: 003841F6
DecodePointer.KERNEL32(00000001,00384292,?), ref: 00384213

Strings

combase.dll, xrefs: 003841DE
RoInitialize, xrefs: 003841D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoInitialize$combase.dll
API String ID: 3489934621-340411864
Opcode ID: b92ea4106ae187eb449b995d34e8f6f144c2b786160c1240e939b6a28121655b
Instruction ID: 8f1dd149b29e4e5cfca019d4cf12beb4fcd84bd5d2d7c0e164ab81775d575006
Opcode Fuzzy Hash: b92ea4106ae187eb449b995d34e8f6f144c2b786160c1240e939b6a28121655b
Instruction Fuzzy Hash: 33E012B4690345DFDB326B70EC4DB6535A8F7A0B02F914534F521D90E0D7F540A28F04

Uniqueness

Uniqueness Score: -1.00%

Function 0038429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,003841B8), ref: 003842B8
GetProcAddress.KERNEL32(00000000), ref: 003842BF
EncodePointer.KERNEL32(00000000), ref: 003842CA
DecodePointer.KERNEL32(003841B8), ref: 003842E5

Strings

RoUninitialize, xrefs: 003842A7
combase.dll, xrefs: 003842B3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 3489934621-2819208100
Opcode ID: 3a3608df6abdb7dad28a3db18d8f70a7b291beefd4c4df78414101d198280d15
Instruction ID: 71381cd1e37824c91c3b1f8ef8416973b98c339b7886035ff5a6831bde8ab275
Opcode Fuzzy Hash: 3a3608df6abdb7dad28a3db18d8f70a7b291beefd4c4df78414101d198280d15
Instruction Fuzzy Hash: A6E0127C781305EFEA22AB20EC4DB613AA8F768742F504638F110E90E0CBB44651CB08

Uniqueness

Uniqueness Score: -1.00%

Function 003C675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003C68AD
_memmove.LIBCMT ref: 003C67E8

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

_memmove.LIBCMT ref: 003C685B
_memmove.LIBCMT ref: 003C6942
_memmove.LIBCMT ref: 003C695B
_memmove.LIBCMT ref: 003C6977

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove$__itow__swprintf
String ID:
API String ID: 3253778849-0
Opcode ID: 9878d26070b011936cad77e1676243b9e2a31e5d9705435f175891a5af6f413f
Instruction ID: 2c9e438446cdac9d13725b0e9e7cae4813463fe041553b765d94ceed6d0922d2
Opcode Fuzzy Hash: 9878d26070b011936cad77e1676243b9e2a31e5d9705435f175891a5af6f413f
Instruction Fuzzy Hash: DF61793150065A9BCF13EF60CC82FFE37A8AF45308F048559F95A9B296DB34AD46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003E046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003E10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E0038,?,?), ref: 003E10BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E0548
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E0588
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 003E05AB
RegEnumValueW.ADVAPI32 ref: 003E05D4
RegCloseKey.ADVAPI32(?,?,00000000), ref: 003E0617
RegCloseKey.ADVAPI32(00000000), ref: 003E0624

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
String ID:
API String ID: 4046560759-0
Opcode ID: f88c4b8424b08afa8c42dc47dd65bfd8b0608f0092a3bc31cb95a676b45060ee
Instruction ID: 23c4f5469a99493c255611e21bb4582262d146e031e6f895d4cf680062acf477
Opcode Fuzzy Hash: f88c4b8424b08afa8c42dc47dd65bfd8b0608f0092a3bc31cb95a676b45060ee
Instruction Fuzzy Hash: 61515B311083409FCB16EB55C885E6EBBE8FF85314F048A1DF5858B1A2DB71E945CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003E5A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 003E5A82
GetMenuItemCount.USER32 ref: 003E5AB9
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003E5AE1
GetMenuItemID.USER32 ref: 003E5B50
GetSubMenu.USER32 ref: 003E5B5E
PostMessageW.USER32(?,00000111,?,00000000), ref: 003E5BAF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: 2b4ead4f0ca4698fdbba3529f78549c2efba4b7dbf07a789b6898d4465fbb9e1
Instruction ID: 1b580cccf0158e86acf7c2579ca3abe9dc7d8b68c3c9d52c5793287524837972
Opcode Fuzzy Hash: 2b4ead4f0ca4698fdbba3529f78549c2efba4b7dbf07a789b6898d4465fbb9e1
Instruction Fuzzy Hash: EB518335A00665EFCF16EF65C845AAEB7B8EF48314F154569F801BB391CB70AE418B90

Uniqueness

Uniqueness Score: -1.00%

Function 003BF3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 003BF3F7
VariantClear.OLEAUT32(00000013), ref: 003BF469
VariantClear.OLEAUT32(00000000), ref: 003BF4C4
_memmove.LIBCMT ref: 003BF4EE
VariantClear.OLEAUT32(?), ref: 003BF53B
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003BF569

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType_memmove
String ID:
API String ID: 1101466143-0
Opcode ID: 818a85ff1e59b145644c5a6dbd88c9faf26283fc173bd2671437a449cce7cffd
Instruction ID: af596fae06ea3a774a8a19cc46b4b1c9b3feafd089113e5b9f9036ba537cf4e7
Opcode Fuzzy Hash: 818a85ff1e59b145644c5a6dbd88c9faf26283fc173bd2671437a449cce7cffd
Instruction Fuzzy Hash: 58515CB5A002099FCB21CF58D880EAAB7B8FF4C314B15816AEA59DB340D730E911CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 003C26F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003C2747
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C2792
IsMenu.USER32 ref: 003C27B2
CreatePopupMenu.USER32(00426890,00000000,753C1A30), ref: 003C27E6
GetMenuItemCount.USER32 ref: 003C2844
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 003C2875

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: 3da28aaeb3da9240eb76496d22ceddc57c4d0b93888eaf29321615804d4e6611
Instruction ID: 103455d35d26a570a0791a26ecfc64d962431797f391d7263f9bb8c691b86838
Opcode Fuzzy Hash: 3da28aaeb3da9240eb76496d22ceddc57c4d0b93888eaf29321615804d4e6611
Instruction Fuzzy Hash: 8D516670A0034AEBDB26DF68D888FAEBBE9AF45314F11426DE811DB291D7B09D44CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00361765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

BeginPaint.USER32(?,?,?,?,?,?), ref: 0036179A
GetWindowRect.USER32 ref: 003617FE
ScreenToClient.USER32(?,?), ref: 0036181B
SetViewportOrgEx.GDI32 ref: 0036182C
EndPaint.USER32(?,?), ref: 00361876

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectScreenViewport
String ID:
API String ID: 1827037458-0
Opcode ID: 4eed9ac7870e17cbd577c7ad8d2494d95f28f2472277da6c001bb8a8a8295984
Instruction ID: d2b6dbf428b9a55219a9af7e8c934ed350b299a8f27d3a9191e041c50631df23
Opcode Fuzzy Hash: 4eed9ac7870e17cbd577c7ad8d2494d95f28f2472277da6c001bb8a8a8295984
Instruction Fuzzy Hash: 0541AF70200340AFDB22DF25DC84FBA7BF8EB49724F184669F9958B2A1C7719C45DB61

Uniqueness

Uniqueness Score: -1.00%

Function 003D73B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,003D5134,?,?,00000000,00000001), ref: 003D73BF

Part of subcall function 003D3C94: GetWindowRect.USER32 ref: 003D3CA7

GetDesktopWindow.USER32 ref: 003D73E9
GetWindowRect.USER32 ref: 003D73F0
mouse_event.USER32 ref: 003D7422

Part of subcall function 003C54E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003C555E

GetCursorPos.USER32(?), ref: 003D744E
mouse_event.USER32 ref: 003D74AC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: 21849073911d54c6912ee7969e4aed3ba4bf208e51b6ef7ced203a6af7b015ce
Instruction ID: 724141c784359610e4bd59201f112f44188845602fa7c2afa20050faca0bfa6d
Opcode Fuzzy Hash: 21849073911d54c6912ee7969e4aed3ba4bf208e51b6ef7ced203a6af7b015ce
Instruction Fuzzy Hash: F931D472508345AFD722DF15D849F9BBBA9FF88314F00491AF5889B291D770ED48CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003B8D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003B85F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003B8608
Part of subcall function 003B85F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003B8612
Part of subcall function 003B85F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003B8621
Part of subcall function 003B85F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003B8628
Part of subcall function 003B85F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003B863E

GetLengthSid.ADVAPI32(?,00000000,003B8977), ref: 003B8DAC
GetProcessHeap.KERNEL32(00000008,00000000), ref: 003B8DB8
HeapAlloc.KERNEL32(00000000), ref: 003B8DBF
CopySid.ADVAPI32(00000000,00000000,?), ref: 003B8DD8
GetProcessHeap.KERNEL32(00000000,00000000,003B8977), ref: 003B8DEC
HeapFree.KERNEL32(00000000), ref: 003B8DF3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 2a0170c3c55639658e30f414285bb8eff53ba0b4c0b76a3b7bba94dd8955c20c
Instruction ID: a3520eef2c1a66d0eefb8b8b538a3155905a9b2eda87e5f473eba4f592b5fcf9
Opcode Fuzzy Hash: 2a0170c3c55639658e30f414285bb8eff53ba0b4c0b76a3b7bba94dd8955c20c
Instruction Fuzzy Hash: 7D11B171500609FFDF229F64CC49BEE776DEF5531AF10412EE9459B690CB719900CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003B8AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003B8B2A
OpenProcessToken.ADVAPI32(00000000), ref: 003B8B31
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003B8B40
CloseHandle.KERNEL32(00000004), ref: 003B8B4B
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003B8B7A
DestroyEnvironmentBlock.USERENV(00000000), ref: 003B8B8E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 4be3e7264e04a3dbff1430b5f859fbf088bd66d9f916776c8fa7a66cb9c86b55
Instruction ID: 0c70194f0d0ad039a54edf33fadf1819f891aee030b5e147bb88d2cc99272fbc
Opcode Fuzzy Hash: 4be3e7264e04a3dbff1430b5f859fbf088bd66d9f916776c8fa7a66cb9c86b55
Instruction Fuzzy Hash: B6114DB2601249AFDF12CFA4DD49FDA7BADEF44348F054164FA05A61A0C7719D60DB60

Uniqueness

Uniqueness Score: -1.00%

Function 003EC19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 003612F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0036134D
Part of subcall function 003612F3: SelectObject.GDI32(?,00000000), ref: 0036135C
Part of subcall function 003612F3: BeginPath.GDI32 ref: 00361373
Part of subcall function 003612F3: SelectObject.GDI32(?,00000000), ref: 0036139C

MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 003EC1C4
LineTo.GDI32 ref: 003EC1D8
MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003EC1E6
LineTo.GDI32 ref: 003EC1F6
EndPath.GDI32 ref: 003EC206
StrokePath.GDI32 ref: 003EC216

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 22ed717926d348adcf42b6b7f59502f32c79a960f0fb02d005e0c3b18b674796
Instruction ID: 3cfdf06ab6e652eb0b542a585a944de4aff5b2a41306f19292e78b82b4e9dbc6
Opcode Fuzzy Hash: 22ed717926d348adcf42b6b7f59502f32c79a960f0fb02d005e0c3b18b674796
Instruction Fuzzy Hash: FE11397600014CFFDF229F91DC88FAA3FADEB08350F048521BA084A1A1C7B19E55DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003803A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000,?,?,?,0036F937), ref: 003803D3
MapVirtualKeyW.USER32(00000010,00000000,?,?,?,0036F937), ref: 003803DB
MapVirtualKeyW.USER32(000000A0,00000000,?,?,?,0036F937), ref: 003803E6
MapVirtualKeyW.USER32(000000A1,00000000,?,?,?,0036F937), ref: 003803F1
MapVirtualKeyW.USER32(00000011,00000000,?,?,?,0036F937), ref: 003803F9
MapVirtualKeyW.USER32(00000012,00000000,?,?,?,0036F937), ref: 00380401

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 7d9aee579bf85c9785d2a99fdb6754be86cc6ae6583e36400bf1829b534da787
Instruction ID: be299c1bf68662e3222b418616f309ab265967ace5dca6e90feca8e1ff6e2c04
Opcode Fuzzy Hash: 7d9aee579bf85c9785d2a99fdb6754be86cc6ae6583e36400bf1829b534da787
Instruction Fuzzy Hash: A7016CB09017597DE3008F5A8C85B52FFA8FF19354F00411BA15C4B941C7F5A864CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 003C568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003C569B
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003C56B1
GetWindowThreadProcessId.USER32 ref: 003C56C0
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C56CF
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C56D9
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C56E0

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: d8969d4662ba8801b5d5db573662c42ab4dc84dfbbb9df1162af396cf14e9b12
Instruction ID: 18d891c32b8a2a4e6c3f965f2bcb54e08770cfbb0cfb8f73b5bb25727bb74562
Opcode Fuzzy Hash: d8969d4662ba8801b5d5db573662c42ab4dc84dfbbb9df1162af396cf14e9b12
Instruction Fuzzy Hash: 6FF01D32241198BFE7325BA29C4EEAB7B7CEBC6B11F000269FA04D50D096E11A0186B5

Uniqueness

Uniqueness Score: -1.00%

Function 003C74D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 003C74E5
EnterCriticalSection.KERNEL32(?,?,00371044,?,?), ref: 003C74F6
TerminateThread.KERNEL32(00000000,000001F6,?,00371044,?,?), ref: 003C7503
WaitForSingleObject.KERNEL32(00000000,000003E8,?,00371044,?,?), ref: 003C7510

Part of subcall function 003C6ED7: CloseHandle.KERNEL32(00000000,?,003C751D,?,00371044,?,?), ref: 003C6EE1

InterlockedExchange.KERNEL32(?,000001F6), ref: 003C7523
LeaveCriticalSection.KERNEL32(?,?,00371044,?,?), ref: 003C752A

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 5dcd690cfa5e0869155a159ffaca1f318c18183fec779dc06d93bf1932f7d4b9
Instruction ID: 515b5dea5ee2a8ec7d40a9b6d9125c340dfd28e200af2af795805636fcd87fe0
Opcode Fuzzy Hash: 5dcd690cfa5e0869155a159ffaca1f318c18183fec779dc06d93bf1932f7d4b9
Instruction Fuzzy Hash: CDF03A7A540652AFDB231B64ED88AEA773EAF45302F010A36F602990E1CBB55901CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003B8E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 003B8E7F
UnloadUserProfile.USERENV(?,?), ref: 003B8E8B
CloseHandle.KERNEL32(?), ref: 003B8E94
CloseHandle.KERNEL32(?), ref: 003B8E9C
GetProcessHeap.KERNEL32(00000000,?), ref: 003B8EA5
HeapFree.KERNEL32(00000000), ref: 003B8EAC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: be6537131d4d31244034727dde5c43d3c6da3037d99b1584062560295b422f8b
Instruction ID: 77d57e52c63b2e6ac818ebc984d61c6fe9b62518031c46ac105a4f7155e0cf64
Opcode Fuzzy Hash: be6537131d4d31244034727dde5c43d3c6da3037d99b1584062560295b422f8b
Instruction Fuzzy Hash: AEE0C236004049FFDA121FE1EC4C91ABB6DFB89362B108330F219890F0CBB29460DB50

Uniqueness

Uniqueness Score: -1.00%

Function 003B7A78 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,003F2C7C,?), ref: 003B7C32
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,003F2C7C,?), ref: 003B7C4A
CLSIDFromProgID.OLE32(?,?,00000000,003EFB80,000000FF,?,00000000,00000800,00000000,?,003F2C7C,?), ref: 003B7C6F
_memcmp.LIBCMT ref: 003B7C90

Strings

,,?, xrefs: 003B7A85

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID: ,,?
API String ID: 314563124-1094787077
Opcode ID: 360491278b80aa69515f22235c00fe83ad9fdf08766ed8e80ec635d45dd5a5a8
Instruction ID: 49f4820da0dd0589a51f0e947a27840a8198de3c8e5d6fc24c6d046cbf71ef53
Opcode Fuzzy Hash: 360491278b80aa69515f22235c00fe83ad9fdf08766ed8e80ec635d45dd5a5a8
Instruction Fuzzy Hash: 06810B75A00109EFCB05DF94C984EEEB7B9FF89315F204598F616AB250DB71AE06CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003D8902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 003D8928
CharUpperBuffW.USER32(?,?), ref: 003D8A37
VariantClear.OLEAUT32(?), ref: 003D8BAF

Part of subcall function 003C7804: VariantInit.OLEAUT32(00000000), ref: 003C7844
Part of subcall function 003C7804: VariantCopy.OLEAUT32(00000000,?), ref: 003C784D
Part of subcall function 003C7804: VariantClear.OLEAUT32(00000000), ref: 003C7859

Strings

Incorrect Parameter format, xrefs: 003D8960, 003D8B22
AUTOIT.ERROR, xrefs: 003D8A3D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: 69355c3baad9e54033d7e86cbbee711f73215eb6fa953272766bfb2df73eedc5
Instruction ID: a97e2fb83a2e62f01f1925fc1e5e55212c5cd015c1aeb82cd73537eb2d569ca9
Opcode Fuzzy Hash: 69355c3baad9e54033d7e86cbbee711f73215eb6fa953272766bfb2df73eedc5
Instruction Fuzzy Hash: 5E918C716083019FC712EF24D48096ABBF8EF89714F14896FF89A8B361DB31E945CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003C2F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0037FEC6: _wcscpy.LIBCMT ref: 0037FEE9

_memset.LIBCMT ref: 003C3077
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003C30A6
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003C3159
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003C3187

Strings

0, xrefs: 003C3063

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ItemMenu$Info$Default_memset_wcscpy
String ID: 0
API String ID: 4152858687-4108050209
Opcode ID: feab5051b3e126e04570cdaba87de92eb45a55e1537fd041dfa9fb6863c50bb4
Instruction ID: 8be0197b8d84e93ba9d1125ad8c2fab9e0829dfd6dcff02e34cbe59a4df6db25
Opcode Fuzzy Hash: feab5051b3e126e04570cdaba87de92eb45a55e1537fd041dfa9fb6863c50bb4
Instruction Fuzzy Hash: 8351D1716083109ED727AF28D845F6BB7E8EF45320F098A2DF886D7191DB70CE448792

Uniqueness

Uniqueness Score: -1.00%

Function 003E9A63 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 003E9AD2
ScreenToClient.USER32(00000002,00000002), ref: 003E9B05
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 003E9B72

Strings

@U=u, xrefs: 003E9BCD

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID: @U=u
API String ID: 3880355969-2594219639
Opcode ID: d67a640babb6544bdcff23111f08f08210fc28d2897de74e492063f8cdd96423
Instruction ID: c2dea5c0657ac718077342f46e893a245a1663c485464f0ce5d13b96582b34f5
Opcode Fuzzy Hash: d67a640babb6544bdcff23111f08f08210fc28d2897de74e492063f8cdd96423
Instruction Fuzzy Hash: BD515234A00299EFCF26DF59D880AAE7BB5FF45320F15826AF8159B2D0D730AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003C2C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003C2CAF
GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 003C2CCB
DeleteMenu.USER32(?,00000007,00000000), ref: 003C2D11
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00426890,00000000), ref: 003C2D5A

Strings

0, xrefs: 003C2CA4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 0ae1c41c00d566a9374db9fb7e862348830f8d667c9491e8961e5e0526d0e5d9
Instruction ID: 70cebe8988468be1215160fdb548e1aadcbc295686c65aeb0d3682aa9e1a455f
Opcode Fuzzy Hash: 0ae1c41c00d566a9374db9fb7e862348830f8d667c9491e8961e5e0526d0e5d9
Instruction Fuzzy Hash: 8B417D712043419FD7229F24C888F1BB7A8AF95320F15466DF966DB2A1D770E904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003E8AC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003E8B4D

Strings

@U=u, xrefs: 003E8B9C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InvalidateRect
String ID: @U=u
API String ID: 634782764-2594219639
Opcode ID: d9c9d99f8c08dc573f9d1cdfbed9182a3d10d91d74c4c3767eba3240db7411b3
Instruction ID: 862b552631d8916804819919651261d33343b0ee92867933d7ae4b7e512dd7be
Opcode Fuzzy Hash: d9c9d99f8c08dc573f9d1cdfbed9182a3d10d91d74c4c3767eba3240db7411b3
Instruction Fuzzy Hash: 3D31D674E002A5BFEF339B1ACC85FA93769EB05310F554712F659DA2E0CE3199408651

Uniqueness

Uniqueness Score: -1.00%

Function 003E6656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00361D35: CreateWindowExW.USER32 ref: 00361D73
Part of subcall function 00361D35: GetStockObject.GDI32(00000011), ref: 00361D87
Part of subcall function 00361D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00361D91

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003E66D0
LoadLibraryW.KERNEL32(?), ref: 003E66D7
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003E66EC
DestroyWindow.USER32(?), ref: 003E66F4

Strings

SysAnimate32, xrefs: 003E66AB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: fa058476c4a507e4eb5a207de6510c74f76785804fc973a0827db17bbf7b2a56
Instruction ID: 630ecdda21643cb295e101412a2da9387478e436c8453a93791d1c0505c22473
Opcode Fuzzy Hash: fa058476c4a507e4eb5a207de6510c74f76785804fc973a0827db17bbf7b2a56
Instruction Fuzzy Hash: 7B21D171210295AFEF124F65EC82EBB37ADEF693A8F114329F910961D0C771DC419760

Uniqueness

Uniqueness Score: -1.00%

Function 003C703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 003C705E
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C7091
GetStdHandle.KERNEL32(0000000C), ref: 003C70A3
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 003C70DD

Strings

nul, xrefs: 003C70D8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: b36030896014d4a2c5b885e2dfdbd46bdea7b32b48022a5fd7d6deabe8b63049
Instruction ID: c3cb55623bea17c4f37664e72ee5cb8839acf88d5ffb93db8e8f67c85b677110
Opcode Fuzzy Hash: b36030896014d4a2c5b885e2dfdbd46bdea7b32b48022a5fd7d6deabe8b63049
Instruction Fuzzy Hash: 5C214C74504219ABDB329F39D845F9A7BA8AF44720F208A1DFDA1DB2D0EBB09C508B51

Uniqueness

Uniqueness Score: -1.00%

Function 003C710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 003C712B
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C715D
GetStdHandle.KERNEL32(000000F6), ref: 003C716E
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 003C71A8

Strings

nul, xrefs: 003C71A3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 00aeec8a3aa081a78f1a7838bade73c82d2acd8a5a4f5e76e5cdea85de95fcd6
Instruction ID: 916f21c16d439195836ed1b4dd767a8ed40827e28d4f96fd3345e428078dc6c9
Opcode Fuzzy Hash: 00aeec8a3aa081a78f1a7838bade73c82d2acd8a5a4f5e76e5cdea85de95fcd6
Instruction Fuzzy Hash: 5521AF75604209AFDB229F689C45FAAB7A8AF55720F240B1DFDA1D72D0DBB09C418F60

Uniqueness

Uniqueness Score: -1.00%

Function 003CAEAB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 003CAEBF
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003CAF13
__swprintf.LIBCMT ref: 003CAF2C
SetErrorMode.KERNEL32(00000000,00000001,00000000,003EF910), ref: 003CAF6A

Strings

%lu, xrefs: 003CAF26

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorMode$InformationVolume__swprintf
String ID: %lu
API String ID: 3164766367-685833217
Opcode ID: c2bad8800093e89d006cdf2966716a158b4cd72a48c6d565ade4280402092796
Instruction ID: d78dbf094b8dc023cdd5c7414048d4b69370521b851dcb7faee4e68b6ee6d476
Opcode Fuzzy Hash: c2bad8800093e89d006cdf2966716a158b4cd72a48c6d565ade4280402092796
Instruction Fuzzy Hash: FF216230A00149AFCB11EB55CC85EEE77BCEF49704B108069F505EB251DB71EE41CB21

Uniqueness

Uniqueness Score: -1.00%

Function 003BA52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

Part of subcall function 003BA37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003BA399
Part of subcall function 003BA37C: GetWindowThreadProcessId.USER32 ref: 003BA3AC
Part of subcall function 003BA37C: GetCurrentThreadId.KERNEL32 ref: 003BA3B3
Part of subcall function 003BA37C: AttachThreadInput.USER32(00000000), ref: 003BA3BA

GetFocus.USER32 ref: 003BA554

Part of subcall function 003BA3C5: GetParent.USER32(?), ref: 003BA3D3

GetClassNameW.USER32(?,?,00000100), ref: 003BA59D
EnumChildWindows.USER32(?,003BA615), ref: 003BA5C5
__swprintf.LIBCMT ref: 003BA5DF

Strings

%s%d, xrefs: 003BA5D9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
String ID: %s%d
API String ID: 1941087503-1110647743
Opcode ID: 336081eec13dfa4ee90b0c8393241b60d0b7a707ec054e5f72b97875d2a61a5f
Instruction ID: f21f7f5cc4e6824e164145ec4a7409ab873e22ea80b89bccdf99ae35fd051604
Opcode Fuzzy Hash: 336081eec13dfa4ee90b0c8393241b60d0b7a707ec054e5f72b97875d2a61a5f
Instruction Fuzzy Hash: 9C11A2756006086BDF227F60DC85FEA37BC9F48704F044175FA18AE192CB7059459B75

Uniqueness

Uniqueness Score: -1.00%

Function 003C2017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 003C2048

Strings

EXISTS, xrefs: 003C2070
REMOVE, xrefs: 003C204E
KEYS, xrefs: 003C205F
APPEND, xrefs: 003C2081

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 3964851224-769500911
Opcode ID: bca87c73e2bb5aeccdfc9572ffd90ad85d9612a037c5635e5192030ceb78648b
Instruction ID: e730909f8db938d8250337730fd7ce28490609f890d282db3eb0d6a523f27bf4
Opcode Fuzzy Hash: bca87c73e2bb5aeccdfc9572ffd90ad85d9612a037c5635e5192030ceb78648b
Instruction Fuzzy Hash: 7C115B30900219DFCF45EFA4D8919FEB7B5FF15304F5084AAD855AB292EB326D1ACB50

Uniqueness

Uniqueness Score: -1.00%

Function 003DEE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003DEF1B
GetProcessIoCounters.KERNEL32(00000000,?), ref: 003DEF4B
GetProcessMemoryInfo.PSAPI ref: 003DF07E
CloseHandle.KERNEL32(?), ref: 003DF0FF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: bf67985627f3bffffe3c398d8b1ba476950da4c852c4fb738d2a3ac4a558d079
Instruction ID: 9d9c215e41926a63bdd1f94609f0eb6dda836971936e244023c88a863031e451
Opcode Fuzzy Hash: bf67985627f3bffffe3c398d8b1ba476950da4c852c4fb738d2a3ac4a558d079
Instruction Fuzzy Hash: 988160716043009FD721EF28D886B6AB7E9AF48710F14C91EF59ADF392DBB1AC408B55

Uniqueness

Uniqueness Score: -1.00%

Function 003E02C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003E10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E0038,?,?), ref: 003E10BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E0388
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E03C7
RegEnumKeyExW.ADVAPI32 ref: 003E040E
RegCloseKey.ADVAPI32(?,?), ref: 003E043A
RegCloseKey.ADVAPI32(00000000), ref: 003E0447

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
String ID:
API String ID: 3440857362-0
Opcode ID: 4dcd564ad64e9f94b17cc60b963d537f39743f1d1c602f788bef4562772e78b4
Instruction ID: cdc5c9585695b7bd8df35f5cf0705bad65bc25d99a3bfecb1115e0e26c1b64a8
Opcode Fuzzy Hash: 4dcd564ad64e9f94b17cc60b963d537f39743f1d1c602f788bef4562772e78b4
Instruction Fuzzy Hash: 39514A71208244AFD716EF65C881F6EB7E8FF84304F448A2DB5959B292DB70ED44CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003CE7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003CE88A
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 003CE8B3
WritePrivateProfileSectionW.KERNEL32 ref: 003CE8F2

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003CE917
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003CE91F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
String ID:
API String ID: 1389676194-0
Opcode ID: 55f3e74cbb1ac62d66902627d233ccc2c7eb89285105d81d972001ae5cffc786
Instruction ID: 464ac5ecea2e64b2c1c5ea69523d72d992f498437c2494179359cbd21f5cb7fb
Opcode Fuzzy Hash: 55f3e74cbb1ac62d66902627d233ccc2c7eb89285105d81d972001ae5cffc786
Instruction Fuzzy Hash: 0151FB35A00205DFCF12EF64C981AADBBF9EF08314B1880A9E949AF365CB35ED51DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00362344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00362357
ScreenToClient.USER32(004267B0,?), ref: 00362374
GetAsyncKeyState.USER32 ref: 00362399
GetAsyncKeyState.USER32 ref: 003623A7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: c51670a2cae04a114f1b86d90d4d780bfde2b58377e7c0dd58999422a83bee96
Instruction ID: 5e719f340dec1b48551d97331facd66d754790d59d504942bc49f197bd6aa55b
Opcode Fuzzy Hash: c51670a2cae04a114f1b86d90d4d780bfde2b58377e7c0dd58999422a83bee96
Instruction Fuzzy Hash: DF41B135504259FFDF169F68C844AEEBB78FB05360F21836AF868962E0C7705950DB91

Uniqueness

Uniqueness Score: -1.00%

Function 003B6920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003B695D
TranslateAcceleratorW.USER32(?,?,?), ref: 003B69A9
TranslateMessage.USER32(?), ref: 003B69D2
DispatchMessageW.USER32(?), ref: 003B69DC
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003B69EB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Message$PeekTranslate$AcceleratorDispatch
String ID:
API String ID: 2108273632-0
Opcode ID: 3b587cefc5e9025bd2af2150126955e65d385fc5080bebfd665e7f44007855a9
Instruction ID: 2fe2a15e41a944e7cfc52fd66f0097e820083fa724d808d7aee49f91c51a410c
Opcode Fuzzy Hash: 3b587cefc5e9025bd2af2150126955e65d385fc5080bebfd665e7f44007855a9
Instruction Fuzzy Hash: 973128716002469FDB32DF70DC86FF67BACAB01308F164179E621D78A2D7789846CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003B8F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 003B8F12
PostMessageW.USER32(?,00000201,00000001), ref: 003B8FBC
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 003B8FC4
PostMessageW.USER32(?,00000202,00000000), ref: 003B8FD2
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 003B8FDA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: a7fed25b820ec47777a1b7bf8320122c03c787f43d239f6f509581d5872f8c40
Instruction ID: 177489ac7d10db46c44d3626f9133888f2a1e6910290f834270331748a086365
Opcode Fuzzy Hash: a7fed25b820ec47777a1b7bf8320122c03c787f43d239f6f509581d5872f8c40
Instruction Fuzzy Hash: 8A31E271500219EFDF11CF68E94CAEE7BBAEB44319F104229FA24EA2D0C7B09914CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003EB405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

GetWindowLongW.USER32(?,000000F0), ref: 003EB44C
SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 003EB471
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 003EB489
GetSystemMetrics.USER32 ref: 003EB4B2
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,003D1184,00000000), ref: 003EB4D0

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: a5ac4b42d384473f9022678c9d8897f18cbfbd8e4df488da153d9ba06cc2ca29
Instruction ID: 525a6244346bac49a25482908ede4b995b59289f594d7265f0eec4aa58d14eb3
Opcode Fuzzy Hash: a5ac4b42d384473f9022678c9d8897f18cbfbd8e4df488da153d9ba06cc2ca29
Instruction Fuzzy Hash: 332182716142A5EFCB239F3ADC44A6A77A8EB05720F124734F925D71E1E7309911DF50

Uniqueness

Uniqueness Score: -1.00%

Function 003612F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0036134D
SelectObject.GDI32(?,00000000), ref: 0036135C
BeginPath.GDI32 ref: 00361373
SelectObject.GDI32(?,00000000), ref: 0036139C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: e1da643ece48248a299cfe376c4253bc7dbe520e9b9944848abb45bcac1feca3
Instruction ID: 171f8388fd47d665e49951c17ace62e6352c8b5490a34e42d170404d4ecbdf29
Opcode Fuzzy Hash: e1da643ece48248a299cfe376c4253bc7dbe520e9b9944848abb45bcac1feca3
Instruction Fuzzy Hash: 3D21D374901308EFDB23AF25DD047697BB8FB00321F6A8236F811962A4C3B19D92DF94

Uniqueness

Uniqueness Score: -1.00%

Function 003BC161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 003BC176
_memcmp.LIBCMT ref: 003BC194
_memcmp.LIBCMT ref: 003BC1A7
_memcmp.LIBCMT ref: 003BC1BF
_memcmp.LIBCMT ref: 003BC1D7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: f9d075729c623062a0a4ba8c99ed3b7c34f4050b5643581ce95cad30dd396a48
Instruction ID: 43a620c161b0cf3246a7cf4bc0b91b78092cb85f6c1c85a679f718e4f1a43eda
Opcode Fuzzy Hash: f9d075729c623062a0a4ba8c99ed3b7c34f4050b5643581ce95cad30dd396a48
Instruction Fuzzy Hash: 8F0192B161520A7BE227B6285C42EFB635CAF21398B044021FF04BAA83F6549E1282A0

Uniqueness

Uniqueness Score: -1.00%

Function 003C4D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 003C4D5C
__beginthreadex.LIBCMT ref: 003C4D7A
MessageBoxW.USER32 ref: 003C4D8F
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003C4DA5
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003C4DAC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
String ID:
API String ID: 3824534824-0
Opcode ID: 54dd320273f8c882135bc748fceacb2fc3fc7b9d46a0ee8ea5f16046cadd5bcf
Instruction ID: 26a572693fe887a3f6e702ab872cb83dcbf02a69276c6103f170aa49faf17224
Opcode Fuzzy Hash: 54dd320273f8c882135bc748fceacb2fc3fc7b9d46a0ee8ea5f16046cadd5bcf
Instruction Fuzzy Hash: 13110C76904248FFC722ABA89C48FDB7FACEB45320F154369F915D7291D6758D4087B0

Uniqueness

Uniqueness Score: -1.00%

Function 003B874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B8766
GetLastError.KERNEL32(?,003B822A,?,?,?), ref: 003B8770
GetProcessHeap.KERNEL32(00000008,?,?,003B822A,?,?,?), ref: 003B877F
HeapAlloc.KERNEL32(00000000,?,003B822A,?,?,?), ref: 003B8786
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B879D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 187100892d96c7fd731cfad6d0df89a7ee88fad2f25148ab67be5127d535c177
Instruction ID: dfbce2595d28dd838fa2fc08607602f220956652dbbaf8232838a2549c3d30ca
Opcode Fuzzy Hash: 187100892d96c7fd731cfad6d0df89a7ee88fad2f25148ab67be5127d535c177
Instruction Fuzzy Hash: CA016271200244FFDB224FA5DC89DA77B6CFF86359B200539F949C61A0DE728C00CA60

Uniqueness

Uniqueness Score: -1.00%

Function 003C54E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003C5502
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 003C5510
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 003C5518
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 003C5522
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003C555E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 36b3b1381bd3a00cda60876a7d6866d69833d96168fb4e8e2f1e5b397c57a509
Instruction ID: ba343472497c2c881b6d6e6658f8e4699736fd728474fcbdbc14fe70f36ab327
Opcode Fuzzy Hash: 36b3b1381bd3a00cda60876a7d6866d69833d96168fb4e8e2f1e5b397c57a509
Instruction Fuzzy Hash: 2A015E35D01A1DDBCF11EFE5E888AEDBB78BB0A701F41015AE502F6180DB706990C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 003B7652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?,?,003B799D), ref: 003B766F
ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?), ref: 003B768A
lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?), ref: 003B7698
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?), ref: 003B76A8
CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003B758C,80070057,?,?), ref: 003B76B4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 2c9d260473cefd4c6a7990e541e08d0c09a963d38525c67516ab2b092a1f98fa
Instruction ID: e51d995deaec320477100efe71de2968ca5d078096f57632bf99037fb2b8a606
Opcode Fuzzy Hash: 2c9d260473cefd4c6a7990e541e08d0c09a963d38525c67516ab2b092a1f98fa
Instruction Fuzzy Hash: C601D472601604BFDB224F18DC88BEA7BACEB84755F140128FE08D6251E771DE009BA0

Uniqueness

Uniqueness Score: -1.00%

Function 003B85F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003B8608
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003B8612
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003B8621
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003B8628
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003B863E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: c55101aae65d84c54d75bc6d9067dee08f4d4fb493d73e03aecf62064bae7107
Instruction ID: d5d5067f55c7b3fdd11d35584a4c00af4f002e243be0878f9d76c75b7e363b0d
Opcode Fuzzy Hash: c55101aae65d84c54d75bc6d9067dee08f4d4fb493d73e03aecf62064bae7107
Instruction Fuzzy Hash: 34F04435201244AFD7220FA5DCC9FAB3BACEF86758F054525F645C6190CBA19C41DA60

Uniqueness

Uniqueness Score: -1.00%

Function 003B8652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003B8669
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003B8673
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B8682
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003B8689
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B869F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: be0fad539cbf30bcfd862fd4df7c8577a2815987a8f5535827cdf186b532bf05
Instruction ID: 67a1579ec049b03b59182a52b87c3c978b372a78c3a5f39c9fdadbe9e086292e
Opcode Fuzzy Hash: be0fad539cbf30bcfd862fd4df7c8577a2815987a8f5535827cdf186b532bf05
Instruction Fuzzy Hash: AFF04475300244AFD7221F65DCC8FA73BACEF85758F110125F645C61A0DAB1DD41DA60

Uniqueness

Uniqueness Score: -1.00%

Function 003BC6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 003BC6BA
GetWindowTextW.USER32 ref: 003BC6D1
MessageBeep.USER32(00000000), ref: 003BC6E9
KillTimer.USER32(?,0000040A), ref: 003BC705
EndDialog.USER32(?,00000001), ref: 003BC71F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 82e7d447cd90e9550b5d497a6fa608d7952a72fb32008fd1b6ef4affcd4d83df
Instruction ID: 4dfbcb8a7f3c5362a0f23580431ffcf2a34f51560d5cb6b4f24173a4ba61e666
Opcode Fuzzy Hash: 82e7d447cd90e9550b5d497a6fa608d7952a72fb32008fd1b6ef4affcd4d83df
Instruction Fuzzy Hash: FD014F30510704AFEB326B20DD8EF9677BCBB00749F041669B686A58E1DBE0A9548A80

Uniqueness

Uniqueness Score: -1.00%

Function 003613B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32 ref: 003613BF
StrokeAndFillPath.GDI32(?,?,0039BAD8,00000000,?), ref: 003613DB
SelectObject.GDI32(?,00000000), ref: 003613EE
DeleteObject.GDI32 ref: 00361401
StrokePath.GDI32 ref: 0036141C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 796fe0e8f23e9ebb5269f3eba541f0af205445c64ec9d6251399917a70e3c0b8
Instruction ID: f5d11f429c4606ec16562c7196759afc14c12e52edeba4031494eda20acbb889
Opcode Fuzzy Hash: 796fe0e8f23e9ebb5269f3eba541f0af205445c64ec9d6251399917a70e3c0b8
Instruction Fuzzy Hash: 05F0F630101248EFDB336F26EC487683FB8AB00326F5AC235E429490F5C7714996DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00372E5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

Part of subcall function 00380FF6: std::exception::exception.LIBCMT ref: 0038102C
Part of subcall function 00380FF6: __CxxThrowException@8.LIBCMT ref: 00381041

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 00367BB1: _memmove.LIBCMT ref: 00367C0B

__swprintf.LIBCMT ref: 0037302D

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00372EC6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 1943609520-557222456
Opcode ID: 1bc2d9c60f45556f2bd4a836de6c09cc55ca0905fe806c3f9693188383a2859b
Instruction ID: 4aaf0d086804cfee5ae0ba8438d890a18edc91771f84046d6b3d12e3e14faeb5
Opcode Fuzzy Hash: 1bc2d9c60f45556f2bd4a836de6c09cc55ca0905fe806c3f9693188383a2859b
Instruction Fuzzy Hash: 07917D711083019FC72AEF24D896C6EB7E8EF85740F04895DF4969B2A5DB34EE44CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003BB7B6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 003BB981

Strings

%?, xrefs: 003BBA24
AutoIt3GUI, xrefs: 003BB8F9
Container, xrefs: 003BB8FE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container$%?
API String ID: 3565006973-1141368171
Opcode ID: 66712916e2ba31fae4cb663fd3673b325c04131023ec6ea01ac7e0cef58dd8c3
Instruction ID: 1e3ab7673648c658b38195ba58a313c844db3542e051421039252a1eba3edf55
Opcode Fuzzy Hash: 66712916e2ba31fae4cb663fd3673b325c04131023ec6ea01ac7e0cef58dd8c3
Instruction Fuzzy Hash: 5E914C706006019FDB65DF24C884BA6BBE9FF48714F14856EFA4ACBA91DFB0E840CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0038524D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 003852DD

Part of subcall function 00390340: __87except.LIBCMT ref: 0039037B

Strings

pow, xrefs: 003852B5, 003852D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: 5b75e9dd01e4f406b3ee0e4ed185e0303da92a97fdff1ac6d2a875888dbbda75
Instruction ID: 6f719db9de364121ab2d3f379a5db2ef4c3c3859b9338d9d88c35215d3784812
Opcode Fuzzy Hash: 5b75e9dd01e4f406b3ee0e4ed185e0303da92a97fdff1ac6d2a875888dbbda75
Instruction Fuzzy Hash: 96517925A0DB018BCF1BB725CA4137E2B989B00750F618DA8E0D5866E6EF74CCC4DF46

Uniqueness

Uniqueness Score: -1.00%

Function 0038023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

+, xrefs: 00380277
#, xrefs: 00380280

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: #$+
API String ID: 0-2552117581
Opcode ID: 62643ea099f99e1a2d09514a4b3b9fd296a3c729f61147d186d498b432de33da
Instruction ID: b63ee70f0ac90dc64028d2de0010109c28634a160c2735a79d9d59408f32d561
Opcode Fuzzy Hash: 62643ea099f99e1a2d09514a4b3b9fd296a3c729f61147d186d498b432de33da
Instruction Fuzzy Hash: B05142741046468FDF2BAF28C4887FA7BA4EF5A314F194199ED919F6A0C7709C46CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00373297 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003733D7
_memmove.LIBCMT ref: 00373470
_free.LIBCMT ref: 00373496
_memmove.LIBCMT ref: 00373549

Strings

Oa7, xrefs: 00373482

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove$_free
String ID: Oa7
API String ID: 2620147621-1088220166
Opcode ID: b3b990b211860986c43833e5c71a6034698ac44639b5cf1ade24da5313b8f2d5
Instruction ID: 0af951af58d396dcb699908cf9ff5b6b46ed52fc868e75ec1e94c44ae4b84e42
Opcode Fuzzy Hash: b3b990b211860986c43833e5c71a6034698ac44639b5cf1ade24da5313b8f2d5
Instruction Fuzzy Hash: 71515BB16083419FDB36CF28C891B6BBBE5EF85310F05892DE9898B351DB35D901DB92

Uniqueness

Uniqueness Score: -1.00%

Function 003762F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003763A8
_memmove.LIBCMT ref: 00376446
_memset.LIBCMT ref: 0037646A

Strings

ERCP, xrefs: 00376313

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memset$_memmove
String ID: ERCP
API String ID: 2532777613-1384759551
Opcode ID: cd753712fc306e994db22da443cbce7db5e002536dfe5ee083b8f3e7af87b044
Instruction ID: 3969adba3f8f4631d2f368a33dce57e63c841ee34f2021d812c09d8eb8b8a444
Opcode Fuzzy Hash: cd753712fc306e994db22da443cbce7db5e002536dfe5ee083b8f3e7af87b044
Instruction Fuzzy Hash: 3051C371900B099BDB36CF65C8A27EABBF8EF04714F20856EE64EDB641E7749584CB40

Uniqueness

Uniqueness Score: -1.00%

Function 003E7648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 003E76D0
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003E76E4
SendMessageW.USER32(?,00001002,00000000,?), ref: 003E7708

Strings

SysMonthCal32, xrefs: 003E769B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 7f49a593a588ac123bec8f35b61e4e497870490a85ddbc7e45c9f70c016a2add
Instruction ID: bbca88d006b929087d38df1bcf8690a4c2eaf145ee6d4ee3517c663477a507ab
Opcode Fuzzy Hash: 7f49a593a588ac123bec8f35b61e4e497870490a85ddbc7e45c9f70c016a2add
Instruction Fuzzy Hash: 5521A132600269BBDF22CF65CC86FEA3B69EF48714F110214FE156B1D0D6B1A8518BA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E6F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003E6FAA
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003E6FBA
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003E6FDF

Strings

Listbox, xrefs: 003E6F77

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 3b8f9c96891abb5d24e0868c2e0b22512bb770ecfad690a9667df8b85dd74ded
Instruction ID: 3c79ee77878504ef37fce0675985b7754f6992f0bd3216403d0926803167b767
Opcode Fuzzy Hash: 3b8f9c96891abb5d24e0868c2e0b22512bb770ecfad690a9667df8b85dd74ded
Instruction Fuzzy Hash: 98216532610168BFDF128F55DC85FAB376EEF997A4F128224F9149B1D0C671AC5287A0

Uniqueness

Uniqueness Score: -1.00%

Function 003B912D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 003B914F
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003B9166
SendMessageW.USER32(?,0000000D,?,00000000), ref: 003B919E

Strings

@U=u, xrefs: 003B919E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: a0cd6d4ff3e3fab1390cb921ccc0a9465953a1b21fa8ba8bddccb0e8b26dde40
Instruction ID: 48ba52092a6e988c93f072cf3c2b17bad739387b4b2d6ecb25bdb1bdb3e0a5c1
Opcode Fuzzy Hash: a0cd6d4ff3e3fab1390cb921ccc0a9465953a1b21fa8ba8bddccb0e8b26dde40
Instruction Fuzzy Hash: A621D432600109BFCF22DBACDC46AEEB7BDEF44340F11045BE604E76A0DA71AE409B60

Uniqueness

Uniqueness Score: -1.00%

Function 003D60EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000402,00000000,00000000), ref: 003D613B
SendMessageW.USER32(0000000C,00000000,?), ref: 003D617C
SendMessageW.USER32(0000000C,00000000,?), ref: 003D61A4

Strings

@U=u, xrefs: 003D613B, 003D617C, 003D61A4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: 8c69afd98768079d7442cd2e02e7e87cf79bdb005fc7ffbee560301ebe7dc8fc
Instruction ID: b33462ef6b23e234612376f2ab8d94f4d2b272e6cf46984668e3e7954ab79faa
Opcode Fuzzy Hash: 8c69afd98768079d7442cd2e02e7e87cf79bdb005fc7ffbee560301ebe7dc8fc
Instruction Fuzzy Hash: B4211A36301501EFDB12EB24ED86E2AB7E9FB49310B028166F9199B671CB71BC51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 003E797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003E79E1
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003E79F6
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003E7A03

Strings

msctls_trackbar32, xrefs: 003E79B8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 8669385b5c3f5af9b6c830d995e9d06c8577606eb47a7c3239ce16a046ce7fe2
Instruction ID: 013782dce1040db6da95632f5a3a5ba5cdcc7904259208f36bf7117362dfcd7d
Opcode Fuzzy Hash: 8669385b5c3f5af9b6c830d995e9d06c8577606eb47a7c3239ce16a046ce7fe2
Instruction Fuzzy Hash: 16112372240288BBEF229F61CC05FEB77ADEF89764F020629FA00A61D0D2719811CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003E6B8F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 003E6C11
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003E6C20

Strings

@U=u, xrefs: 003E6C20
edit, xrefs: 003E6BF5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: @U=u$edit
API String ID: 2978978980-590756393
Opcode ID: 4d7c317c8e079552fa41e2018f791c6a7da7d35ca06d47eab2b8a4de524d615c
Instruction ID: 60b5a39d9eeb302b96d705211057fcaee9c2cf3e472bc94cebe99c6aad719477
Opcode Fuzzy Hash: 4d7c317c8e079552fa41e2018f791c6a7da7d35ca06d47eab2b8a4de524d615c
Instruction Fuzzy Hash: CB11DD71100199AFEB124E269C82AEB3B6DEB243B8F214724F960D71D0C671DC809B20

Uniqueness

Uniqueness Score: -1.00%

Function 003B92E7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003B9355

Strings

@U=u, xrefs: 003B9355
ComboBox, xrefs: 003B92F4
ListBox, xrefs: 003B931F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: @U=u$ComboBox$ListBox
API String ID: 372448540-2258501812
Opcode ID: a13205fdb997c28b14a2077cb3511e82ee85b62e9b8e2dd268b30b2443e3007e
Instruction ID: 9ef59654ab6b673bf19d6d37d6ae68d0e3ae06a46d2ca5df738cbc6ed96085cf
Opcode Fuzzy Hash: a13205fdb997c28b14a2077cb3511e82ee85b62e9b8e2dd268b30b2443e3007e
Instruction Fuzzy Hash: B6012875A05214ABCB06FBA0CC91DFE77ADFF06320B10061AFA725B6D6DF31591C8660

Uniqueness

Uniqueness Score: -1.00%

Function 003B91DF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,00000180,00000000,?), ref: 003B924D

Strings

@U=u, xrefs: 003B924D
ComboBox, xrefs: 003B91EC
ListBox, xrefs: 003B9217

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: @U=u$ComboBox$ListBox
API String ID: 372448540-2258501812
Opcode ID: b8e72849a2ada0c4ff59e17a2ebac6c06c343fdf4f244338ccc9f74ac8f1798d
Instruction ID: 49c12eb7a05c15f1bd6ae7923ad7da6aa7304c1c7286fc7bed487c43a5850576
Opcode Fuzzy Hash: b8e72849a2ada0c4ff59e17a2ebac6c06c343fdf4f244338ccc9f74ac8f1798d
Instruction Fuzzy Hash: 8001D471E411087BCB06EBA0C8A2FFF73AC9F05304F24002ABB126F682EB145F188271

Uniqueness

Uniqueness Score: -1.00%

Function 003B9264 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00367F41: _memmove.LIBCMT ref: 00367F82

Part of subcall function 003BB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 003BB0E7

SendMessageW.USER32(?,00000182,?,00000000), ref: 003B92D0

Strings

@U=u, xrefs: 003B92D0
ComboBox, xrefs: 003B9271
ListBox, xrefs: 003B929C

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: @U=u$ComboBox$ListBox
API String ID: 372448540-2258501812
Opcode ID: a2686cf8d9f6bac1cbadeb0c835e5fcf38e557aa9096d6d70bd4b03a1a57776b
Instruction ID: 916324f7c358b6d223dbad52d761b05e779d944d9bf18eec319ed74641dc80b4
Opcode Fuzzy Hash: a2686cf8d9f6bac1cbadeb0c835e5fcf38e557aa9096d6d70bd4b03a1a57776b
Instruction Fuzzy Hash: D101F271E411087BCB06EBA0C892FFFB7AC9F00300F240126BA026BA82DA215F188275

Uniqueness

Uniqueness Score: -1.00%

Function 003EAF89 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,004267B0,003EDB17,000000FC,?,00000000,00000000,?,?,?,0039BBB9,?,?,?,?,?), ref: 003EAF8B
GetFocus.USER32 ref: 003EAF93

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

Part of subcall function 003625DB: GetWindowLongW.USER32(?,000000EB), ref: 003625EC

SendMessageW.USER32(00F9F0C0,000000B0,000001BC,000001C0), ref: 003EB005

Strings

@U=u, xrefs: 003EB005

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$Long$FocusForegroundMessageSend
String ID: @U=u
API String ID: 3601265619-2594219639
Opcode ID: b5c26f8b184b421ada1a0a7456ee43f77e8c41ab9a22c818900ff42181ac596d
Instruction ID: 08c06f02c9ab0446be5c0200ee019b8f810627fc68a0363777d28987f4853536
Opcode Fuzzy Hash: b5c26f8b184b421ada1a0a7456ee43f77e8c41ab9a22c818900ff42181ac596d
Instruction Fuzzy Hash: 5F0144312015509FC7269B29D894A6777E9AB8A324F1A4679E4268B2E1CB316C46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003761C3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0037619A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003761B1

SendMessageW.USER32(?,0000000C,00000000,?), ref: 003761DF
GetParent.USER32(?), ref: 003B111F
InvalidateRect.USER32(00000000,?,00373BAF,?,00000000,00000001), ref: 003B1126

Strings

@U=u, xrefs: 003761DF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$InvalidateParentRectTimeout
String ID: @U=u
API String ID: 3648793173-2594219639
Opcode ID: 9af264e16b924cb2559fa70fad0389d59af4e7b333bf25649d39abcf3833a0bc
Instruction ID: d3472bb42d7439621d373c9d45e64d7029c862f762b19b52bc8f8f2df3efad12
Opcode Fuzzy Hash: 9af264e16b924cb2559fa70fad0389d59af4e7b333bf25649d39abcf3833a0bc
Instruction Fuzzy Hash: E9F0A031101284FFEF321F60DC5EFE17B6CAB15344F609435F6859A4A3C6AA5850AB50

Uniqueness

Uniqueness Score: -1.00%

Function 00364C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00364C2E), ref: 00364CA3
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00364CB5

Strings

kernel32.dll, xrefs: 00364C9E
GetNativeSystemInfo, xrefs: 00364CAF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: 2214c2da4dec49ee4ac0009f4b89033732fa81b17f09035e155d5c29f4f0b9a9
Instruction ID: db3450062aaced3ebca040aec500657935642c2c332d2629b7ddcb8000dfb53c
Opcode Fuzzy Hash: 2214c2da4dec49ee4ac0009f4b89033732fa81b17f09035e155d5c29f4f0b9a9
Instruction Fuzzy Hash: F1D0C730900727DFC7229F32CA4864272E9AF00780F12CA3ED882CA290E6B0C880CA10

Uniqueness

Uniqueness Score: -1.00%

Function 00364D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00364D2E,?,00364F4F,?,004262F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00364D6F
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00364D81

Strings

kernel32.dll, xrefs: 00364D6A
Wow64DisableWow64FsRedirection, xrefs: 00364D7B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 06ec222e21d97ca16cd565495df84c04c59f1a4642412ca0d0ac036846fdfb3b
Instruction ID: f44dc63a092ec0b830823b417356189e62f358a362d0c46d22ec082995235c77
Opcode Fuzzy Hash: 06ec222e21d97ca16cd565495df84c04c59f1a4642412ca0d0ac036846fdfb3b
Instruction Fuzzy Hash: 6CD01730910763CFD7329F31D84865676E8AF15392F22CA3ED487DA2E0E6B4D880CA50

Uniqueness

Uniqueness Score: -1.00%

Function 00364D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00364CE1,?), ref: 00364DA2
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00364DB4

Strings

Wow64RevertWow64FsRedirection, xrefs: 00364DAE
kernel32.dll, xrefs: 00364D9D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: aa2e24c0c528eb15e1e1a9a89f902f20dee3b5efeed1edc344cd3bae66ed2712
Instruction ID: a031bd2cdebc295eb31fd8d206546d94a2587ba6952ad7fe58c1a2db483996a0
Opcode Fuzzy Hash: aa2e24c0c528eb15e1e1a9a89f902f20dee3b5efeed1edc344cd3bae66ed2712
Instruction Fuzzy Hash: 45D01771950723CFD7329F31D848A8676E8AF09355F12C93ED8C6DA290E7B4D880CA50

Uniqueness

Uniqueness Score: -1.00%

Function 003E1072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,003E12C1), ref: 003E1080
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003E1092

Strings

RegDeleteKeyExW, xrefs: 003E108C
advapi32.dll, xrefs: 003E107B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: cea264ce7afe7721563f54d45df5e11310d427206627f6092750b22d819e2857
Instruction ID: 6c228a6c47889d08d004025e92853d28b3d93059389c8d84ca765e5bc89bd4fe
Opcode Fuzzy Hash: cea264ce7afe7721563f54d45df5e11310d427206627f6092750b22d819e2857
Instruction Fuzzy Hash: C3D01230510762CFD7315F35D85865676E8EF45351F118E7EA486DA290D7B4C8C0C650

Uniqueness

Uniqueness Score: -1.00%

Function 003D93F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000001,003D9009,?,003EF910), ref: 003D9403
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 003D9415

Strings

GetModuleHandleExW, xrefs: 003D940F
kernel32.dll, xrefs: 003D93FE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: b88569dd90d11aaa9459943632bb175f2e9edb9d6ce296cdf4f02af39aaea2ee
Instruction ID: f0717cd7c1fac6e5d1b1ac7211e4612fc25189f487d8565db4b31ccf5d509eda
Opcode Fuzzy Hash: b88569dd90d11aaa9459943632bb175f2e9edb9d6ce296cdf4f02af39aaea2ee
Instruction Fuzzy Hash: ECD0C731600727CFC7229F32E94824372E8AF00341F12C93FE482EA690E6B0C880CA50

Uniqueness

Uniqueness Score: -1.00%

Function 003B76C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6546b8b7e508d59faf13d46df6153334af70be74d63cdaf6bf240564dde1a2fc
Instruction ID: 406777b4f9bdd1044d7d671583f31579b28b59357086eddf58582957d2e1f834
Opcode Fuzzy Hash: 6546b8b7e508d59faf13d46df6153334af70be74d63cdaf6bf240564dde1a2fc
Instruction Fuzzy Hash: 3BC17E74A04216EFCB15CF94C884EAEB7B9FF88718B118598E905EB751D730EE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003DE33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 003DE3D2
CharLowerBuffW.USER32(?,?), ref: 003DE415

Part of subcall function 003DDAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 003DDAD9

VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 003DE615
_memmove.LIBCMT ref: 003DE628

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: BuffCharLower$AllocVirtual_memmove
String ID:
API String ID: 3659485706-0
Opcode ID: 8749a2a9e3a3b1b9738e34fb840251797cb21ba449056ffa2d79d038da6511be
Instruction ID: 273cdabe889d2e1765dacfd491dc2e6e401ae3e4e31e649087b75c87e8ae1137
Opcode Fuzzy Hash: 8749a2a9e3a3b1b9738e34fb840251797cb21ba449056ffa2d79d038da6511be
Instruction Fuzzy Hash: 62C17C766083018FC716EF28D48096ABBE4FF89718F14896EF8999B351D771E905CF82

Uniqueness

Uniqueness Score: -1.00%

Function 003D83A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 003D83D8
CoUninitialize.OLE32 ref: 003D83E3

Part of subcall function 003BDA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003BDAC5

VariantInit.OLEAUT32(?), ref: 003D83EE
VariantClear.OLEAUT32(?), ref: 003D86BF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: 0d6e0a4e98a81fc2294f83cda2078c554efa2a5288361977df877fe559ca4135
Instruction ID: d6867143e64c981f16d1efb336c68d5e1e33cc7df150fbd216921c0a681e8b1e
Opcode Fuzzy Hash: 0d6e0a4e98a81fc2294f83cda2078c554efa2a5288361977df877fe559ca4135
Instruction Fuzzy Hash: 8EA12A762047019FCB12DF14D491B2AB7E9BF89324F19854AFA9A9B3A1CB30FD04CB45

Uniqueness

Uniqueness Score: -1.00%

Function 003B6DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 003B6E04
SysAllocString.OLEAUT32(00000000), ref: 003B6EAD
VariantCopy.OLEAUT32 ref: 003B6EDC
VariantClear.OLEAUT32(?), ref: 003B6F03

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: 25e5b9c710cf61083d44120d6e7ccf2b459f29b687e673ede610ad7913eea947
Instruction ID: e188231eabe0273f74390689d9a0a8c7e67995a210237ad8089f9bd740e3f18a
Opcode Fuzzy Hash: 25e5b9c710cf61083d44120d6e7ccf2b459f29b687e673ede610ad7913eea947
Instruction Fuzzy Hash: E75185346043019ADB26AF65D891AB9B3E9EF88314F20981FF756CFE92DE7498409B11

Uniqueness

Uniqueness Score: -1.00%

Function 003D6CBD Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 003D6CE4
WSAGetLastError.WSOCK32(00000000), ref: 003D6CF4

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003D6D58
WSAGetLastError.WSOCK32(00000000), ref: 003D6D64

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ErrorLast$__itow__swprintfsocket
String ID:
API String ID: 2214342067-0
Opcode ID: 957b4869a6f21ac4c22fb831fe9986d48ec237592d3b623e9e5321595eb45436
Instruction ID: d4f1e14752e6e85b8b518f76f6ab3c54fd7fbd762385500fdee397e8d3508f92
Opcode Fuzzy Hash: 957b4869a6f21ac4c22fb831fe9986d48ec237592d3b623e9e5321595eb45436
Instruction Fuzzy Hash: 1D418F75740200AFEB22AF24DC87F7A77E99B08B14F44C119FA599F2D2DBB19D008B91

Uniqueness

Uniqueness Score: -1.00%

Function 003D672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

#16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,003EF910), ref: 003D67BA
_strlen.LIBCMT ref: 003D67EC

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 0120f1b26abd141ea62125591e7d4ab7087a1d3ce928a38da96bcf90f3dee145
Instruction ID: 83aefee2f1fa4bb5619f3b310de145fd7b2671c2f41d2a4620f85d2ed7a08d19
Opcode Fuzzy Hash: 0120f1b26abd141ea62125591e7d4ab7087a1d3ce928a38da96bcf90f3dee145
Instruction Fuzzy Hash: 8E419531A00204AFCB16EBA4DCD6FAEB3ADAF44314F148166F9269F392DB70AD04D750

Uniqueness

Uniqueness Score: -1.00%

Function 003CBA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003CBB09
GetLastError.KERNEL32(?,00000000), ref: 003CBB2F
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003CBB54
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003CBB80

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 1681d78a85e967a5e2f44b88cf8e743655585c96eeaf2c3de7d079302095b24c
Instruction ID: 24aa92a2b6971aa9c9989a33cd60103aa1dc62489c37c5eae62e8051ce367820
Opcode Fuzzy Hash: 1681d78a85e967a5e2f44b88cf8e743655585c96eeaf2c3de7d079302095b24c
Instruction Fuzzy Hash: 61411439600650DFCB22EF15C585A59BBE9EF89320F09C499E84A9F766CB34FD01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003EADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32 ref: 003EAE1A
GetWindowRect.USER32 ref: 003EAE90
PtInRect.USER32 ref: 003EAEA0
MessageBeep.USER32(00000000), ref: 003EAF11

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 7a2464778a6ed919edfdae9a69d8373974894529fbabd9a8210d1525e3a1e0ff
Instruction ID: 3109ad3a2d128f998afafa6b8cc0c246e43838ff4aab17aadd6cba3d2f6be77f
Opcode Fuzzy Hash: 7a2464778a6ed919edfdae9a69d8373974894529fbabd9a8210d1525e3a1e0ff
Instruction Fuzzy Hash: 044180706005A5DFCB22DF6AC884B69BBF5FF89340F1582A9E4149B291D730B802DF92

Uniqueness

Uniqueness Score: -1.00%

Function 003C0FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 003C1037
SetKeyboardState.USER32(00000080,?,00000001), ref: 003C1053
PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 003C10B9
SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 003C110B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: a3551ca53a04dc927c556bedddb6c7dab961431832586f3c67eeb25c5b853a8d
Instruction ID: 7431aa2a5e22b10a9670b8740593d103d9b53b84ba62a311b33b46ae4c799828
Opcode Fuzzy Hash: a3551ca53a04dc927c556bedddb6c7dab961431832586f3c67eeb25c5b853a8d
Instruction Fuzzy Hash: 5D312830A406A8AEFB368A658C05FFABBA9AB47310F08431EE580D65D3C3754DC5A752

Uniqueness

Uniqueness Score: -1.00%

Function 003C1121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,753DC0D0,?,00008000), ref: 003C1176
SetKeyboardState.USER32(00000080,?,00008000), ref: 003C1192
PostMessageW.USER32(00000000,00000101,00000000), ref: 003C11F1
SendInput.USER32(00000001,?,0000001C,753DC0D0,?,00008000), ref: 003C1243

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 581af58913d5856a0db9862c9b20c694e2db37709578169e227271b7059ad1f3
Instruction ID: 8fce0b99e692ee50fd94e88a506d956c45766a5561f287c67e5379bd1e19cf2d
Opcode Fuzzy Hash: 581af58913d5856a0db9862c9b20c694e2db37709578169e227271b7059ad1f3
Instruction Fuzzy Hash: FB3148309402489EEF378A658C09FFABBAAAB4B310F08471EE580D65D3C3798D55B751

Uniqueness

Uniqueness Score: -1.00%

Function 00396415 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0039644B
__isleadbyte_l.LIBCMT ref: 00396479
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 003964A7
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 003964DD

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: cd00608674d2a89abf9a2b66a0af98716617887e3c95af987b9970c1b12234f9
Instruction ID: dbf0512ba39abbbe0ee14b812b1066b4e6781c40983aa54e2af571d70927214a
Opcode Fuzzy Hash: cd00608674d2a89abf9a2b66a0af98716617887e3c95af987b9970c1b12234f9
Instruction Fuzzy Hash: 0031C131602246AFDF239FB6C846BBA7BA9FF41310F164169F8548B191E731D850DB90

Uniqueness

Uniqueness Score: -1.00%

Function 003E5175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 003E5189

Part of subcall function 003C387D: GetWindowThreadProcessId.USER32 ref: 003C3897
Part of subcall function 003C387D: GetCurrentThreadId.KERNEL32 ref: 003C389E
Part of subcall function 003C387D: AttachThreadInput.USER32(00000000,?,003C52A7), ref: 003C38A5

GetCaretPos.USER32(?), ref: 003E519A
ClientToScreen.USER32 ref: 003E51D5
GetForegroundWindow.USER32 ref: 003E51DB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: b33dbd62476103735b272ae85dd16665ccec91bb0b1aa7fa62306a8b31e2a31d
Instruction ID: 596f7f855ccab0ee4238482229e1d8e3c03198fb6a2e3cd22fbbade33686caf1
Opcode Fuzzy Hash: b33dbd62476103735b272ae85dd16665ccec91bb0b1aa7fa62306a8b31e2a31d
Instruction Fuzzy Hash: CA312F71900118AFDB11EFA5C885EEFB7FDEF98304F10806AE415EB241DA759E05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003EC788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

GetCursorPos.USER32(?), ref: 003EC7C2
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0039BBFB,?,?,?,?,?), ref: 003EC7D7
GetCursorPos.USER32(?), ref: 003EC824
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0039BBFB,?,?,?), ref: 003EC85E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 6f2f101ea69597ddb623454792f457a470827ce5ad2dee4dad990f223dedc8f6
Instruction ID: d041d7c70e689cd8f7b81e0d3852973a8f9dee2e5c8e063b8048bbd2d8986554
Opcode Fuzzy Hash: 6f2f101ea69597ddb623454792f457a470827ce5ad2dee4dad990f223dedc8f6
Instruction Fuzzy Hash: 7F31B6356000A8AFCB26DF59C898EEE7BB9FB49310F454269F9058B2E1C7315D51DF60

Uniqueness

Uniqueness Score: -1.00%

Function 003B8B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003B8669
Part of subcall function 003B8652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003B8673
Part of subcall function 003B8652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B8682
Part of subcall function 003B8652: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003B8689
Part of subcall function 003B8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B869F

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003B8BEB
_memcmp.LIBCMT ref: 003B8C0E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B8C44
HeapFree.KERNEL32(00000000), ref: 003B8C4B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: cee737696c9ab2d76c385d8c1f626f3cdf4386abe358f5be9c83773d4ac7751f
Instruction ID: 7d932bed140f759afdcf11b2f4ee604e1e3b9288b3a4c4f7143853e3911889cd
Opcode Fuzzy Hash: cee737696c9ab2d76c385d8c1f626f3cdf4386abe358f5be9c83773d4ac7751f
Instruction Fuzzy Hash: 55217FB1E01209EFDB11DFA4C985BEEFBB8EF44358F154059E654AB240DB71AE06CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00380BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

__setmode.LIBCMT ref: 00380BF2

Part of subcall function 00365B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,003C7B20,?,?,00000000), ref: 00365B8C
Part of subcall function 00365B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,003C7B20,?,?,00000000,?,?), ref: 00365BB0

_fprintf.LIBCMT ref: 00380C29
OutputDebugStringW.KERNEL32(?), ref: 003B6331

Part of subcall function 00384CDA: _flsall.LIBCMT ref: 00384CF3

__setmode.LIBCMT ref: 00380C5E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
String ID:
API String ID: 521402451-0
Opcode ID: 724946832609c9c60cb0e18b8a5f00771c0dd7216ca0eb33c5051d07d2d261bf
Instruction ID: 5998c196e4c832c065b01ea1048853cb566667d6b37fc4828dfac2469d33d8ad
Opcode Fuzzy Hash: 724946832609c9c60cb0e18b8a5f00771c0dd7216ca0eb33c5051d07d2d261bf
Instruction Fuzzy Hash: 221127319043057ACB1B77B4AC43EBE7B6C9F41320F1441AAF2049F592DF345D464395

Uniqueness

Uniqueness Score: -1.00%

Function 003BE1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BF5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,003BE1C4,?,?,?,003BEFB7,00000000,000000EF,00000119,?,?), ref: 003BF5BC
Part of subcall function 003BF5AD: lstrcpyW.KERNEL32(00000000,?), ref: 003BF5E2
Part of subcall function 003BF5AD: lstrcmpiW.KERNEL32(00000000,?,003BE1C4,?,?,?,003BEFB7,00000000,000000EF,00000119,?,?), ref: 003BF613

lstrlenW.KERNEL32(?,00000002,?,?,?,?,003BEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 003BE1DD
lstrcpyW.KERNEL32(00000000,?), ref: 003BE203
lstrcmpiW.KERNEL32(00000002,cdecl,?,003BEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 003BE237

Strings

cdecl, xrefs: 003BE22E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 4c40e5807c9622546288876d0312e3e6b204bb5b8ea97d16c41a819c14006faa
Instruction ID: 5a39a6a1a107f5aeedc541d8985aca47af8dc8a8c5970a67063517a6b61634bb
Opcode Fuzzy Hash: 4c40e5807c9622546288876d0312e3e6b204bb5b8ea97d16c41a819c14006faa
Instruction Fuzzy Hash: 1B11B43A100345EFCB26AF68DC459BA77ACFF85354B40452AE916CF690EB7198518790

Uniqueness

Uniqueness Score: -1.00%

Function 00395332 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00395351

Part of subcall function 0038594C: __FF_MSGBANNER.LIBCMT ref: 00385963
Part of subcall function 0038594C: __NMSG_WRITE.LIBCMT ref: 0038596A
Part of subcall function 0038594C: RtlAllocateHeap.NTDLL(00F80000,00000000,00000001,00000000,?,?,?,00381013,?), ref: 0038598F

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: a1fb1d62b250a47c3ad076dcdf74c6b58e2842943f079458d99c12286634fab8
Instruction ID: 43aa428fdfe483a38662a8c6b59711d95a367a89d056706c41b73c4298fe1989
Opcode Fuzzy Hash: a1fb1d62b250a47c3ad076dcdf74c6b58e2842943f079458d99c12286634fab8
Instruction Fuzzy Hash: C311EC36505B15AFDF333F70AC8576E3B98AF103E0F61456AF9489E1A0EEB18D818790

Uniqueness

Uniqueness Score: -1.00%

Function 00364531 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00364560

Part of subcall function 0036410D: _memset.LIBCMT ref: 0036418D
Part of subcall function 0036410D: _wcscpy.LIBCMT ref: 003641E1
Part of subcall function 0036410D: Shell_NotifyIconW.SHELL32 ref: 003641F1

KillTimer.USER32(?,00000001,?,?), ref: 003645B5
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003645C4
Shell_NotifyIconW.SHELL32 ref: 0039D6CE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: 4fcb917846cc1e8ec334bd45c659a74e0677c23ee6a9ce7073e1e6d769f08156
Instruction ID: 5db19891978b56004e383e9f2bd8ebdde1ae336a7c90b6a652840fd0a2cd268e
Opcode Fuzzy Hash: 4fcb917846cc1e8ec334bd45c659a74e0677c23ee6a9ce7073e1e6d769f08156
Instruction Fuzzy Hash: 4921A770904784AFEB339B34DC56BE7BBEC9F02304F44409DE79E5A285C7B45A858B51

Uniqueness

Uniqueness Score: -1.00%

Function 003C40B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 003C40D1
_memset.LIBCMT ref: 003C40F2
DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 003C4144
CloseHandle.KERNEL32(00000000), ref: 003C414D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle_memset
String ID:
API String ID: 1157408455-0
Opcode ID: aa3cc94a1ac3d6e8cb3ed74dd1ad0cc8c2a202453bdf164bf2705ca5301bb52d
Instruction ID: f4982729698d608f4c00df18af19adad6d03a53dbfd93a6b411cc04f3a832883
Opcode Fuzzy Hash: aa3cc94a1ac3d6e8cb3ed74dd1ad0cc8c2a202453bdf164bf2705ca5301bb52d
Instruction Fuzzy Hash: D511A775941228BAD7319BA5AC4DFABBB7CEF44760F1046AAF908D71C0D6744E808BA4

Uniqueness

Uniqueness Score: -1.00%

Function 003D667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00365B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,003C7B20,?,?,00000000), ref: 00365B8C
Part of subcall function 00365B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,003C7B20,?,?,00000000,?,?), ref: 00365BB0

gethostbyname.WSOCK32(?), ref: 003D66AC
WSAGetLastError.WSOCK32(00000000), ref: 003D66B7
_memmove.LIBCMT ref: 003D66E4
inet_ntoa.WSOCK32(?), ref: 003D66EF

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
String ID:
API String ID: 1504782959-0
Opcode ID: 34597795c18e82820f7de550c856ed012d15b7f19a1e68e2882e78d3543f89cf
Instruction ID: 9dc1bc17af7e465a2212fdb2d342993f444b039ee9b232eda7d2e3818d4f24ab
Opcode Fuzzy Hash: 34597795c18e82820f7de550c856ed012d15b7f19a1e68e2882e78d3543f89cf
Instruction Fuzzy Hash: 5A116376500508AFCB02FBA4DD96DEE77BCAF04310B148166F502AB2A1DF70AE14CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003B9023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 003B9043
SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B9055
SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B906B
SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B9086

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 69c3e380c528f19fdfd701c53ee466847ab6e0dfaa7967b3fd957d501c15e749
Instruction ID: 81f85c4a415ea28441a624583d4a11852ecbaa40a5a2dbf2d73fcb171e5e7118
Opcode Fuzzy Hash: 69c3e380c528f19fdfd701c53ee466847ab6e0dfaa7967b3fd957d501c15e749
Instruction Fuzzy Hash: 68113A79900218BFDB11DFA5C884FDDBB78FB48310F2040A6EA04B7290D6716E10DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00361290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

DefDlgProcW.USER32(?,00000020,?), ref: 003612D8
GetClientRect.USER32(?,?), ref: 0039B84B
GetCursorPos.USER32(?), ref: 0039B855
ScreenToClient.USER32(?,?), ref: 0039B860

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: d61dc89176817d4641d6a63e6eb6be72f368acfa7fb08cc360c8dc54ae196b09
Instruction ID: 171de54deb14b6901c262d36fef48da49514be2570e49951deb432b2f672db68
Opcode Fuzzy Hash: d61dc89176817d4641d6a63e6eb6be72f368acfa7fb08cc360c8dc54ae196b09
Instruction Fuzzy Hash: 5C114C75A00059AFCF12EF98D8959FE77BCFB0A301F408966F901EB190C770BA518BA5

Uniqueness

Uniqueness Score: -1.00%

Function 003C1652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003C01FD,?,003C1250,?,00008000), ref: 003C166F
Sleep.KERNEL32(00000000,?,?,?,?,?,?,003C01FD,?,003C1250,?,00008000), ref: 003C1694
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003C01FD,?,003C1250,?,00008000), ref: 003C169E
Sleep.KERNEL32(?,?,?,?,?,?,?,003C01FD,?,003C1250,?,00008000), ref: 003C16D1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 0d68bf12e105945c2a5d0ca390a23eed3549433aedc3e716aaeca685d8bb6a7d
Instruction ID: ab22c1ef7b88d2cfa1c90e6adc7ab8801fbad9d2881340dad19995afb2450092
Opcode Fuzzy Hash: 0d68bf12e105945c2a5d0ca390a23eed3549433aedc3e716aaeca685d8bb6a7d
Instruction Fuzzy Hash: 04117C31C0051CDBCF02AFA5D888BEEBB78FF0A751F054159ED40F6281CB7099609B96

Uniqueness

Uniqueness Score: -1.00%

Function 00397207 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0039722B

Part of subcall function 00397912: __fltout2.LIBCMT ref: 0039793B

__cftog_l.LIBCMT ref: 00397251
__cftoe_l.LIBCMT ref: 00397283

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: f565a01d2eaf23b60e547f94882294daecfa15f1c043c8ede0844c9281751c01
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: CB018C3206814ABBCF135F84CC018EE3F26BF29340F098A15FA5858071C337C9B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 003EB57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 003EB59E
ScreenToClient.USER32(?,?), ref: 003EB5B6
ScreenToClient.USER32(?,?), ref: 003EB5DA
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 003EB5F5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: edc81e27cd0057cff6901f7a44cffd0cbcd2d9748e4eae9688e981afcebf3e4d
Instruction ID: e452f76744f6b37f3a83f7dd0c7a261352b83706943cb4203a5eee0876ded866
Opcode Fuzzy Hash: edc81e27cd0057cff6901f7a44cffd0cbcd2d9748e4eae9688e981afcebf3e4d
Instruction Fuzzy Hash: 261143B9D00249EFDB51CFA9D8849EEFBB9FB08310F108166E914E3260D775AA558F90

Uniqueness

Uniqueness Score: -1.00%

Function 003EB8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003EB8FE
_memset.LIBCMT ref: 003EB90D
CreateProcessW.KERNEL32 ref: 003EB93C
CloseHandle.KERNEL32 ref: 003EB94E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memset$CloseCreateHandleProcess
String ID:
API String ID: 3277943733-0
Opcode ID: 74fd43eaa8ecbe559c5458521b8707d72c7ef2ba98020eb51799523bf882f35d
Instruction ID: a90c64c152ee6175efe74bfc04a2a48deeeb16663528b32add90d9e834a9d671
Opcode Fuzzy Hash: 74fd43eaa8ecbe559c5458521b8707d72c7ef2ba98020eb51799523bf882f35d
Instruction Fuzzy Hash: 8AF03AB26483507AE6222761AD45FBB7A5CEB08754F414071FB08D92A6D775490187AC

Uniqueness

Uniqueness Score: -1.00%

Function 003C6E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 003C6E88

Part of subcall function 003C794E: _memset.LIBCMT ref: 003C7983

_memmove.LIBCMT ref: 003C6EAB
_memset.LIBCMT ref: 003C6EB8
LeaveCriticalSection.KERNEL32(?), ref: 003C6EC8

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CriticalSection_memset$EnterLeave_memmove
String ID:
API String ID: 48991266-0
Opcode ID: 723d62eac0d312ade593910edbb13cb8a56dbc4935e77ee31375e4a9521e0be7
Instruction ID: 1c1c166b7d23f9d12d5b0b731ea84e1ec875a552258b8a83aabadbba85a62d47
Opcode Fuzzy Hash: 723d62eac0d312ade593910edbb13cb8a56dbc4935e77ee31375e4a9521e0be7
Instruction Fuzzy Hash: EFF0547A104204ABCF126F55DC85F49BB29EF45320F14C065FE099E256C771A911CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 003EC00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 003612F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0036134D
Part of subcall function 003612F3: SelectObject.GDI32(?,00000000), ref: 0036135C
Part of subcall function 003612F3: BeginPath.GDI32 ref: 00361373
Part of subcall function 003612F3: SelectObject.GDI32(?,00000000), ref: 0036139C

MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003EC030
LineTo.GDI32 ref: 003EC03D
EndPath.GDI32 ref: 003EC04D
StrokePath.GDI32 ref: 003EC05B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 0fb527b8089ea7de861c5e5aed25d03027ba9c5e6f20fdd0b4d0c828cefa08a6
Instruction ID: d8d8f734f6a40ace608af4d2f08e177bfddbec511c564f2ef8ea177a36760edd
Opcode Fuzzy Hash: 0fb527b8089ea7de861c5e5aed25d03027ba9c5e6f20fdd0b4d0c828cefa08a6
Instruction Fuzzy Hash: 7BF05E321012A9FBDB336F55AC09FCE3F59AF05311F048210FA11690E287B55A62CB99

Uniqueness

Uniqueness Score: -1.00%

Function 003BA37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003BA399
GetWindowThreadProcessId.USER32 ref: 003BA3AC
GetCurrentThreadId.KERNEL32 ref: 003BA3B3
AttachThreadInput.USER32(00000000), ref: 003BA3BA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: c28543f26bc62ec23a7a6b2c8d329017b6321db7f0b439091a9ad3c89946fae5
Instruction ID: abf607ed0d2d2b2251aeb2c263a9b963b6affc17ca83acf6ca2a8facbd9234b4
Opcode Fuzzy Hash: c28543f26bc62ec23a7a6b2c8d329017b6321db7f0b439091a9ad3c89946fae5
Instruction Fuzzy Hash: EDE03931241768BBDB221BA2DC4CEDB3F5CEF167A1F008124F608884A0C6B18540CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00362218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32 ref: 00362231
SetTextColor.GDI32(?,000000FF), ref: 0036223B
SetBkMode.GDI32(?,00000001), ref: 00362250
GetStockObject.GDI32(00000005), ref: 00362258
GetWindowDC.USER32(?,00000000), ref: 0039C0D3
GetPixel.GDI32 ref: 0039C0E0
GetPixel.GDI32 ref: 0039C0F9
GetPixel.GDI32 ref: 0039C112
GetPixel.GDI32 ref: 0039C132
ReleaseDC.USER32(?,00000000), ref: 0039C13D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: d11fd65ecf4fafbdf57cc7452bbcde15e1abe3a9555268c12166f889d7fcac32
Instruction ID: f4ca2b91bcf28a5e47679f9a4e8dcb64e428f62f30fc6ad9341ba8e395c1471e
Opcode Fuzzy Hash: d11fd65ecf4fafbdf57cc7452bbcde15e1abe3a9555268c12166f889d7fcac32
Instruction Fuzzy Hash: 96E06D32100288EEEF325FA4FC4D7D87B28EB15332F018366FA694C0E187B18A80DB11

Uniqueness

Uniqueness Score: -1.00%

Function 003B8C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 003B8C63
OpenThreadToken.ADVAPI32(00000000,?,?,?,003B882E), ref: 003B8C6A
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003B882E), ref: 003B8C77
OpenProcessToken.ADVAPI32(00000000,?,?,?,003B882E), ref: 003B8C7E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: bbd4bd74cf3b9b840c485c0be1d4eaf17f206b6b4bcbd8220d6409bae523b80f
Instruction ID: 78bfaa75c1ab9e4f241854eba843837f7b4265d349da736f86cf701724356d65
Opcode Fuzzy Hash: bbd4bd74cf3b9b840c485c0be1d4eaf17f206b6b4bcbd8220d6409bae523b80f
Instruction Fuzzy Hash: B4E04F76642251DFD7315FB0AD4CBA67BACAF50796F054A28A245CD080DA749841CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003A2187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 003A2187
GetDC.USER32 ref: 003A2191
GetDeviceCaps.GDI32 ref: 003A21B1
ReleaseDC.USER32(?), ref: 003A21D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: f2dee75d4e51e675f7901cc98371dc7ff4bf07d8749bb0bad19566bc245b75a2
Instruction ID: 6ca9aa8a49aea4dc0f7a62ffb97d5fef0ce719d44b136b2b6d12abce4e15ae01
Opcode Fuzzy Hash: f2dee75d4e51e675f7901cc98371dc7ff4bf07d8749bb0bad19566bc245b75a2
Instruction Fuzzy Hash: 82E01A75800604EFDB129FA0C848AAD7BF9FF4C350F11C525F95A9B2A0CBB885419F40

Uniqueness

Uniqueness Score: -1.00%

Function 003A219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 003A219B
GetDC.USER32 ref: 003A21A5
GetDeviceCaps.GDI32 ref: 003A21B1
ReleaseDC.USER32(?), ref: 003A21D2

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: e329792aa4797b32bc7bcce1d7e13dfde83032a09c30af14a04fa8e832cac7f1
Instruction ID: 2e8c954425789fc32b3fb53767e953fd7ca73aa7ab2497c2f9ffa57149bbcc82
Opcode Fuzzy Hash: e329792aa4797b32bc7bcce1d7e13dfde83032a09c30af14a04fa8e832cac7f1
Instruction Fuzzy Hash: F5E01A75800204EFDB229FB0C84869D7BF9FF4C310F10C125F95A9B2A0CBB895419F40

Uniqueness

Uniqueness Score: -1.00%

Function 003DB1B7 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 313COMMON

Download Yara Rule

APIs

__itow_s.LIBCMT ref: 003DB2C3

Strings

xrB, xrefs: 003DB2F9
xrB, xrefs: 003DB325

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __itow_s
String ID: xrB$xrB
API String ID: 3653519197-3596344472
Opcode ID: e58cfbb8672b89c78f06e009b4b318bc556f60ae576fad767f0a8f7985ec55f2
Instruction ID: 3dd965342f4a9cc62d1c4dc78b43ca8d8406b36e41d6710514954349638ad6a3
Opcode Fuzzy Hash: e58cfbb8672b89c78f06e009b4b318bc556f60ae576fad767f0a8f7985ec55f2
Instruction Fuzzy Hash: 4FB19D72A04209EBCB12DF54E891EAEF7B9FF58300F15845AF9459B392DB30E941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003CB217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON

Download Yara Rule

APIs

Part of subcall function 0037FEC6: _wcscpy.LIBCMT ref: 0037FEE9

Part of subcall function 00369997: __itow.LIBCMT ref: 003699C2
Part of subcall function 00369997: __swprintf.LIBCMT ref: 00369A0C

__wcsnicmp.LIBCMT ref: 003CB298
WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 003CB361

Strings

LPT, xrefs: 003CB292

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
String ID: LPT
API String ID: 3222508074-1350329615
Opcode ID: b2875492ef71ecfd8a1e0f327d730b7e79f0aaa2cca2c61e64cfc48d9120fe62
Instruction ID: c74c98014498101b2a9ad7a6562252cc31ca292baa64c5d87cb589fd80862132
Opcode Fuzzy Hash: b2875492ef71ecfd8a1e0f327d730b7e79f0aaa2cca2c61e64cfc48d9120fe62
Instruction Fuzzy Hash: 99615175A00215EFCB16DF94C886FAEB7B8AF08310F15845EF946EB291DB70AE40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003A8A77 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 003A8B1E
_memmove.LIBCMT ref: 003A8B78

Strings

Oa7, xrefs: 003A8BF2, 003AE39A, 003AE3B6

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _memmove
String ID: Oa7
API String ID: 4104443479-1088220166
Opcode ID: 8c1e956b7abc16baa18cd159ea9b06638849814c162b1f90f0bcadf7a63168fc
Instruction ID: 8918045f261c9ee68b4f142b368fc67356323488a3a7b4f99795135d7c90669d
Opcode Fuzzy Hash: 8c1e956b7abc16baa18cd159ea9b06638849814c162b1f90f0bcadf7a63168fc
Instruction Fuzzy Hash: A5515FB0A00609DFCF25CF68C884AAEBBF5FF45304F25852AE85AD7250EB31AD55CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00372AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00372AC8
GlobalMemoryStatusEx.KERNEL32(?), ref: 00372AE1

Strings

@, xrefs: 00372AD5

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 1c5cd8d7eab8bf939e986f5625bb51f0a0c663c6d5e498755bae6e02d9a5955a
Instruction ID: e779e16ecb40bfc9de0fab7e7747b31bfc5dc59312f4a363b291face2fb52530
Opcode Fuzzy Hash: 1c5cd8d7eab8bf939e986f5625bb51f0a0c663c6d5e498755bae6e02d9a5955a
Instruction Fuzzy Hash: 765157714187449BD321AF50D886BABBBFCFF84310F42885EF2D9590A5DB309529CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 003C99BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 0036506B: __fread_nolock.LIBCMT ref: 00365089

_wcscmp.LIBCMT ref: 003C9AAE
_wcscmp.LIBCMT ref: 003C9AC1

Strings

FILE, xrefs: 003C99FA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: 5dfcbf9206c0ffe63d5f7b74fd0aec0e3bc4549d1ccb51298b1a9d4fc379c33c
Instruction ID: f66c1a29fe06878c9a1ce321815d34a792b502c33a1049aa6b7697cd42493ef6
Opcode Fuzzy Hash: 5dfcbf9206c0ffe63d5f7b74fd0aec0e3bc4549d1ccb51298b1a9d4fc379c33c
Instruction Fuzzy Hash: 6441D671A00609BADF229AA0DC45FEFBBBDDF45710F01407AF900EB181DB75AE1487A1

Uniqueness

Uniqueness Score: -1.00%

Function 003A099E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 003A09A9

Strings

DtB, xrefs: 0036A477
DtB, xrefs: 0036A2B1

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClearVariant
String ID: DtB$DtB
API String ID: 1473721057-350899153
Opcode ID: 7541168c944774800921e8c4eba979fd979db7239b43563d18823ad86f7c8b11
Instruction ID: 295c29af312e6a55388f7b73e8ac16318490c1a0f8daaf2cfb3f188e488998fe
Opcode Fuzzy Hash: 7541168c944774800921e8c4eba979fd979db7239b43563d18823ad86f7c8b11
Instruction Fuzzy Hash: EA511378608741CFC766CF19C580A1ABBF1BB99344F65885DE9819B325D731EC81CF92

Uniqueness

Uniqueness Score: -1.00%

Function 003D2882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003D2892
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003D28C8

Strings

|, xrefs: 003D2899

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CrackInternet_memset
String ID: |
API String ID: 1413715105-2343686810
Opcode ID: 15f4d43f287d15f3aa213147da1aa85d01c056e910f770f7f59a57ffdbe165f9
Instruction ID: 3241ead9a8ca45f1554c1462975efc8d5d264962805bc13aa59e7b3692c69bbb
Opcode Fuzzy Hash: 15f4d43f287d15f3aa213147da1aa85d01c056e910f770f7f59a57ffdbe165f9
Instruction Fuzzy Hash: B5311A71800119AFCF02AFA1DC85EEEBFB9FF18314F10406AFC15AA265DB715A56DB60

Uniqueness

Uniqueness Score: -1.00%

Function 003E6CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 003E6D86
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003E6DC2

Strings

static, xrefs: 003E6D22

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 4776c69fa59803aadabfc1a10bb17f2c4da2749be5c2383eef0ea0ff46ca048b
Instruction ID: a4142af26d7d10b54b05f8ac35d417690f76abaf1fe7893d52ae804e4a22907c
Opcode Fuzzy Hash: 4776c69fa59803aadabfc1a10bb17f2c4da2749be5c2383eef0ea0ff46ca048b
Instruction Fuzzy Hash: 1F31BE71200254AEDB129F69CC81BFB73ADFF88360F519629F8A587190CA70AC91CB60

Uniqueness

Uniqueness Score: -1.00%

Function 003C2D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003C2E00
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003C2E3B

Strings

0, xrefs: 003C2DF9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 10a3c23f387c66935bc228383ba7a0e24b82602e8c1f909225d70a6d12864e41
Instruction ID: 1cbe208e8f1f5eddff5db9aac8911ace18caae071106a3b8c11fb25fa85e0add
Opcode Fuzzy Hash: 10a3c23f387c66935bc228383ba7a0e24b82602e8c1f909225d70a6d12864e41
Instruction Fuzzy Hash: F931D131600309ABEB26AF69C885FEFBBB9EF05300F19406EE985E61A0D7709D40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003BAFDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0037619A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003761B1

SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003BB03B
_strlen.LIBCMT ref: 003BB046

Strings

@U=u, xrefs: 003BB03B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$Timeout_strlen
String ID: @U=u
API String ID: 2777139624-2594219639
Opcode ID: 4fbeedef66101d991f31600081d20cd8d69b5c2f3c193d733b2c2cbfb9df43c9
Instruction ID: ac828e072fbf6a785f56670c8ee065f2bb87809e12b4741bef3268161819685b
Opcode Fuzzy Hash: 4fbeedef66101d991f31600081d20cd8d69b5c2f3c193d733b2c2cbfb9df43c9
Instruction Fuzzy Hash: CD11D5312042056ACB16BA78DCD2AFFBBAD9F45708F00407DF7169E593DFA5C9458360

Uniqueness

Uniqueness Score: -1.00%

Function 003E6AD4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76windowCOMMON

Download Yara Rule

APIs

Part of subcall function 003C589F: GetLocalTime.KERNEL32 ref: 003C58AC
Part of subcall function 003C589F: _wcsncpy.LIBCMT ref: 003C58E1
Part of subcall function 003C589F: _wcsncpy.LIBCMT ref: 003C5913
Part of subcall function 003C589F: _wcsncpy.LIBCMT ref: 003C5946
Part of subcall function 003C589F: _wcsncpy.LIBCMT ref: 003C5988

SendMessageW.USER32(?,00001002,00000000,?), ref: 003E6B6E

Strings

SysDateTimePick32, xrefs: 003E6B2C
@U=u, xrefs: 003E6B6E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: _wcsncpy$LocalMessageSendTime
String ID: @U=u$SysDateTimePick32
API String ID: 2466184910-2530228043
Opcode ID: 7806212f5bb4a10b792bcd8200550b845c6349dc6d7c6c0d8acd77508fa2c534
Instruction ID: ec7e1810c8a707d693e6eac01e9529370b7e5a728565e076884888f909ae62d4
Opcode Fuzzy Hash: 7806212f5bb4a10b792bcd8200550b845c6349dc6d7c6c0d8acd77508fa2c534
Instruction Fuzzy Hash: 802106313402596FEF239E15DC82FEE736DEB547A0F114629F950EB1D0D6B1AC8087A0

Uniqueness

Uniqueness Score: -1.00%

Function 003B9707 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003B9720

Part of subcall function 003C18EE: GetWindowThreadProcessId.USER32 ref: 003C1919
Part of subcall function 003C18EE: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003B973C,00000034,?,?,00001004,00000000,00000000), ref: 003C1929
Part of subcall function 003C18EE: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003B973C,00000034,?,?,00001004,00000000,00000000), ref: 003C193F

Part of subcall function 003C19CC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003B9778,?,?,00000034,00000800,?,00000034), ref: 003C19F6

SendMessageW.USER32(?,00001073,00000000,?), ref: 003B9787

Part of subcall function 003C1997: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003B97A7,?,?,00000800,?,00001073,00000000,?,?), ref: 003C19C1

Strings

@U=u, xrefs: 003B9720, 003B9787

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Process$MemoryMessageSend$AllocOpenReadThreadVirtualWindowWrite
String ID: @U=u
API String ID: 1045663743-2594219639
Opcode ID: 28d0b3d702f000023fc683bb2d6c1f62356e279d24c1a72601e20c9665dc5e9b
Instruction ID: cb1753c2e1b7f6b7f4eb8bc2c1b3d5722313e7a54fbd4854efec0698e567f3bd
Opcode Fuzzy Hash: 28d0b3d702f000023fc683bb2d6c1f62356e279d24c1a72601e20c9665dc5e9b
Instruction Fuzzy Hash: 6F215131901119ABDF22AFA4CC45FDDBBB8FF09354F1001A9F648EB191DA705E44DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003E6943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003E69D0
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E69DB

Strings

Combobox, xrefs: 003E699D

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: ef8130357c44bebbfcdd34805ae0b281fdd6165c2f87f12725e459181b72864d
Instruction ID: e268942bbff16beb6a089a773f6cd77d617771c693139db25784f5ccbd94333d
Opcode Fuzzy Hash: ef8130357c44bebbfcdd34805ae0b281fdd6165c2f87f12725e459181b72864d
Instruction Fuzzy Hash: D011E6713002586FEF128F15CC81EFB376EEBA43A4F120224F9589B2D1D7719C5187A0

Uniqueness

Uniqueness Score: -1.00%

Function 003E9962 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

@U=u, xrefs: 003E99E7, 003E9A10

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID:
String ID: @U=u
API String ID: 0-2594219639
Opcode ID: 8813bbb2454951958b99300df6b812362d4bbcdb5858184e61af60c24200b6aa
Instruction ID: 0428b21cc0504ad1b106cd1846cf0efe1b4bd97869e6cdda3a44a063174eec14
Opcode Fuzzy Hash: 8813bbb2454951958b99300df6b812362d4bbcdb5858184e61af60c24200b6aa
Instruction Fuzzy Hash: 592172712042A8BFDB229F56CC45FBA37A8EB09310F01426AFA16EB1D1D770DD509B64

Uniqueness

Uniqueness Score: -1.00%

Function 003E6E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00361D35: CreateWindowExW.USER32 ref: 00361D73
Part of subcall function 00361D35: GetStockObject.GDI32(00000011), ref: 00361D87
Part of subcall function 00361D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00361D91

GetWindowRect.USER32 ref: 003E6EE0
GetSysColor.USER32 ref: 003E6EFA

Strings

static, xrefs: 003E6EBD

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 4293625120382d7cf4ab3ee48a5c0d743332e8e5d87f5abd8ee675e0e39d972c
Instruction ID: 29113c42551f81412e4418059f6102e60fd94c9ba226d4661f3884e0605c8f98
Opcode Fuzzy Hash: 4293625120382d7cf4ab3ee48a5c0d743332e8e5d87f5abd8ee675e0e39d972c
Instruction Fuzzy Hash: 19218932610259AFDB05DFA8CD46AFA7BB8FB08354F014628F955D3281D730E8619B50

Uniqueness

Uniqueness Score: -1.00%

Function 003C2E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 003C2F11
GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 003C2F30

Strings

0, xrefs: 003C2F07

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 3216221975d450673b26c964999b24998141da8110636848cf9db9a525edb82b
Instruction ID: c299d70f333f57b8614a70c56fa8c451de6fd8f2e58a71f40bc65c1b28bfc97b
Opcode Fuzzy Hash: 3216221975d450673b26c964999b24998141da8110636848cf9db9a525edb82b
Instruction Fuzzy Hash: 75119031A09218ABDB22EB68DC44FAB77B9EB05310F1640BDE854F72A0D7B0ED058795

Uniqueness

Uniqueness Score: -1.00%

Function 003D24CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003D2520
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003D2549

Strings

<local>, xrefs: 003D2511

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: fa5c060e02e47d24ca333372a18270554770509e8df39bae05949aff1d83b912
Instruction ID: 5b0eb98a713dda8a46a7b8a32d55bd0608be7a814ee4b24ee3c16537c30412f5
Opcode Fuzzy Hash: fa5c060e02e47d24ca333372a18270554770509e8df39bae05949aff1d83b912
Instruction Fuzzy Hash: 52110672501225BEDB268F52AC94EFBFF6DFF26351F10812BF90546240D2705995D6F0

Uniqueness

Uniqueness Score: -1.00%

Function 003E8752 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 003E879F

Strings

@U=u, xrefs: 003E879F, 003E87DB

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: af76244aa3a60e2bf0182f78d9144e9aa8e518b08a9214dfd5d76e57cebbe8b8
Instruction ID: 50030a690c253ea88a02cfaf9f3f9031b732670283dabf085435cb339c490e2d
Opcode Fuzzy Hash: af76244aa3a60e2bf0182f78d9144e9aa8e518b08a9214dfd5d76e57cebbe8b8
Instruction Fuzzy Hash: C6211479A00159EF8B16CF98D8808EA7BB9FB4C340B114258FD05A73A0DB31AD61DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E6825 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000401,?,00000000), ref: 003E689B

Strings

@U=u, xrefs: 003E689B
button, xrefs: 003E6872

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u$button
API String ID: 3850602802-1762282863
Opcode ID: 02c3e80741eea04943c3a83a501b640241128ca76a02a3479213c50671cf7d86
Instruction ID: ffe419b01946d19a469e7d67a5d162b644e5ef126c7e6a2eaaac951ce76ccb2b
Opcode Fuzzy Hash: 02c3e80741eea04943c3a83a501b640241128ca76a02a3479213c50671cf7d86
Instruction Fuzzy Hash: 9C110432140245ABDF128F60CC42FEA376AFF68354F120618FE60AB1D0C776E8919B50

Uniqueness

Uniqueness Score: -1.00%

Function 003D80A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

Part of subcall function 003D830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,003D80C8,?,00000000,?,?), ref: 003D8322

inet_addr.WSOCK32(00000000), ref: 003D80CB
htons.WSOCK32(00000000), ref: 003D8108

Strings

255.255.255.255, xrefs: 003D80E3

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ByteCharMultiWidehtonsinet_addr
String ID: 255.255.255.255
API String ID: 2496851823-2422070025
Opcode ID: cc6b88c5e8657a8a745adee41e815b76a24637fa1bfcd6f8766c0f4f18fa3fdb
Instruction ID: 1ccaa56772e642b4bea2621e00b418307ada06b76b667b7cbaa40ccaf5e6e45b
Opcode Fuzzy Hash: cc6b88c5e8657a8a745adee41e815b76a24637fa1bfcd6f8766c0f4f18fa3fdb
Instruction Fuzzy Hash: A511E175200209ABCB22AF64DC86FEDB368FF04324F10852BE9119B3D1DB72A819C695

Uniqueness

Uniqueness Score: -1.00%

Function 003B9989 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

Part of subcall function 003C19CC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003B9778,?,?,00000034,00000800,?,00000034), ref: 003C19F6

SendMessageW.USER32(?,0000102B,?,00000000), ref: 003B99EB
SendMessageW.USER32(?,0000102B,?,00000000), ref: 003B9A10

Strings

@U=u, xrefs: 003B99EB, 003B9A10

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend$MemoryProcessWrite
String ID: @U=u
API String ID: 1195347164-2594219639
Opcode ID: e6b0e69fb5a12ddc80ad95c4c6dafbec53a9ecd1da96159cc895957b4a0bc22d
Instruction ID: 792ce5a69035eba0d1a4692a6bd5edd5f6726b31bac960e9e265f599a4a9fc45
Opcode Fuzzy Hash: e6b0e69fb5a12ddc80ad95c4c6dafbec53a9ecd1da96159cc895957b4a0bc22d
Instruction Fuzzy Hash: 6B01DB32900218ABDB22AB64DC86FEEBB7CDB04320F10416AFA55AB0D1DB716D54DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00370A8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00363C26,004262F8,?,?,?), ref: 00370ACE

Part of subcall function 00367D2C: _memmove.LIBCMT ref: 00367D66

_wcscat.LIBCMT ref: 003A50E1

Strings

cB, xrefs: 00370B0E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: FullNamePath_memmove_wcscat
String ID: cB
API String ID: 257928180-842239044
Opcode ID: 9f45685ab00ab0f22c27b263475809e27aefc12e76552a2650c03e31b924d23b
Instruction ID: 522ebda3038e571c492168edca7dc5389072f0dac79c9929cb6705270b35c7f3
Opcode Fuzzy Hash: 9f45685ab00ab0f22c27b263475809e27aefc12e76552a2650c03e31b924d23b
Instruction Fuzzy Hash: BF11A535A0421CDBCB26EB74DC01EDD73BCEF08354B4185A6B94CDB185EA74DB848B55

Uniqueness

Uniqueness Score: -1.00%

Function 003EC86D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00362612: GetWindowLongW.USER32(?,000000EB), ref: 00362623

DefDlgProcW.USER32(?,0000002B,?,?,?,?,?,?,?,0039BB8A,?,?,?), ref: 003EC8E1

Part of subcall function 003625DB: GetWindowLongW.USER32(?,000000EB), ref: 003625EC

SendMessageW.USER32(?,00000401,00000000,00000000), ref: 003EC8C7

Strings

@U=u, xrefs: 003EC8C7

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: LongWindow$MessageProcSend
String ID: @U=u
API String ID: 982171247-2594219639
Opcode ID: b2e56b23756334866a1103b48d94d52a3555528419c3afa454265e98aee33fe6
Instruction ID: 7301e19818215ca9bd045bf82f1f8777f22035ce7bb3c921adaf54c66d9524c3
Opcode Fuzzy Hash: b2e56b23756334866a1103b48d94d52a3555528419c3afa454265e98aee33fe6
Instruction Fuzzy Hash: 1001B5312002A4AFCB326F15DD84F6A7BAAFB85324F154624F9510B6E0CB716802EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00386DAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00386DD0
__calloc_crt.LIBCMT ref: 00386DE9

Strings

@RB, xrefs: 00386E00

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: __calloc_crt
String ID: @RB
API String ID: 3494438863-2676247480
Opcode ID: a53846d90fa77dd74d45c116307c39843f56bc8060526ec31aa5388aaffb8eb8
Instruction ID: f59fbd63e572eaf30b7e4671b0e8267d65969cbdb2b8b59e83fb7f8f315d7a8c
Opcode Fuzzy Hash: a53846d90fa77dd74d45c116307c39843f56bc8060526ec31aa5388aaffb8eb8
Instruction Fuzzy Hash: 0FF06271308716DBF73AFF58BD126A16799E704720B5244F7E504CF2D0EB34888687A8

Uniqueness

Uniqueness Score: -1.00%

Function 003B9A1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003B9A2E
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003B9A46

Strings

@U=u, xrefs: 003B9A2E, 003B9A46

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: fd82400129280ad832841649576b19c44079082d2dc9d7974661c358940e25e8
Instruction ID: f8f5acf7ee6375a0783b3e2c317987af8949da7a6cf34227d9e1dd356a8e2c27
Opcode Fuzzy Hash: fd82400129280ad832841649576b19c44079082d2dc9d7974661c358940e25e8
Instruction Fuzzy Hash: 97E092353423A17BF6325A258C8EFD76F5DDB89B65F12003ABB01AD5E1CAD24C8182A0

Uniqueness

Uniqueness Score: -1.00%

Function 003BA1A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003BA1BA
SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 003BA1EA

Strings

@U=u, xrefs: 003BA1BA, 003BA1EA

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: 3155eb440f25c53d9c4efaded067f2ef38c0ca375e2ffa23e5dde6d7cae5c29c
Instruction ID: 4142b2492ec1e67249756536bea5275d5087b9fef7a5d185c05754579c9dfd3d
Opcode Fuzzy Hash: 3155eb440f25c53d9c4efaded067f2ef38c0ca375e2ffa23e5dde6d7cae5c29c
Instruction Fuzzy Hash: E4F0A035240344BFEA232A94DC86FEA3B1DEF08BA5F004124F7055E0E1DAE25D409790

Uniqueness

Uniqueness Score: -1.00%

Function 003BA327 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON

Download Yara Rule

APIs

Part of subcall function 003B9E2E: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 003B9E47
Part of subcall function 003B9E2E: SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 003B9E81

SendMessageW.USER32(?,0000110B,00000005,00000000), ref: 003BA34B
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003BA35B

Strings

@U=u, xrefs: 003BA34B, 003BA35B

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: fa3e2f7a38adf953b9f18e0e9b226c11ebb8de676d9bb3e49df4df05d66180ed
Instruction ID: b19f8e1d673a1f5890f3112a611acf2933e2fb78a27d7ac4ebbb8e91a5163eea
Opcode Fuzzy Hash: fa3e2f7a38adf953b9f18e0e9b226c11ebb8de676d9bb3e49df4df05d66180ed
Instruction Fuzzy Hash: 93E0D8792087057FF6271A619C8BED73B5CDB48755F110039B300490E0EEE2CC506620

Uniqueness

Uniqueness Score: -1.00%

Function 003C51CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 003C51E8
_wcscmp.LIBCMT ref: 003C51FA

Strings

#32770, xrefs: 003C51F4

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: ClassName_wcscmp
String ID: #32770
API String ID: 2292705959-463685578
Opcode ID: bd83b7ba7f4d76c72e1c031acbd6efdf164e2f14794ad58764baff9f38b8b0bb
Instruction ID: 2d7fbdb9458f3a30ada38628cd1ab9bc700e1f1334896f319c1424a3df62e8da
Opcode Fuzzy Hash: bd83b7ba7f4d76c72e1c031acbd6efdf164e2f14794ad58764baff9f38b8b0bb
Instruction Fuzzy Hash: 1AE02B326002282AD32096959C45F97F7ACEB40761F00016BF910D7140D5709A4587D4

Uniqueness

Uniqueness Score: -1.00%

Function 003B81BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 003B81CA

Part of subcall function 00383598: _doexit.LIBCMT ref: 003835A2

Strings

Error allocating memory., xrefs: 003B81C3
AutoIt, xrefs: 003B81BE

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: Message_doexit
String ID: AutoIt$Error allocating memory.
API String ID: 1993061046-4017498283
Opcode ID: a9e19d1fc0e9f0260d81c54645a940dda94d50311a0f8267e820522ba1a4e66f
Instruction ID: e4aab2ed5bcc45028da02306e8753a10966da549d1f99d355878d9259e6a2287
Opcode Fuzzy Hash: a9e19d1fc0e9f0260d81c54645a940dda94d50311a0f8267e820522ba1a4e66f
Instruction Fuzzy Hash: F8D0123228536836D21632A86D06BC6764C4B05F55F104056FB08595D3C9D55982429D

Uniqueness

Uniqueness Score: -1.00%

Function 0039B511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0039B564: _memset.LIBCMT ref: 0039B571

Part of subcall function 00380B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,0039B540,?,?,?,0036100A), ref: 00380B89

IsDebuggerPresent.KERNEL32(?,?,?,0036100A), ref: 0039B544
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0036100A), ref: 0039B553

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0039B54E

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3158253471-631824599
Opcode ID: 77c34bda567c494093d7df6a7ac174eb39654e3b05c8e0797868ff89eb6850c6
Instruction ID: 9cf2be40cd6c5b7a71628e9065b9be3d327dd251e3a65596d601ece288155f82
Opcode Fuzzy Hash: 77c34bda567c494093d7df6a7ac174eb39654e3b05c8e0797868ff89eb6850c6
Instruction Fuzzy Hash: 98E06D74200750CFD732EF28E648342BBE4AB00754F058A7DE446CA290D7F8E408CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003B98BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003B98CB
SendMessageW.USER32(00000000,00001200,00000000,00000000), ref: 003B98D9

Strings

@U=u, xrefs: 003B98CB, 003B98D9

Memory Dump Source

Source File: 00000002.00000002.1393993262.0000000000361000.00000020.00000001.01000000.00000004.sdmp, Offset: 00360000, based on PE: true

Associated: 00000002.00000002.1393792387.0000000000360000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.00000000003EF000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394050666.0000000000415000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394129900.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.1394151869.0000000000428000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_360000_transferencia_BBVA_97866456345354678976543425678.jbxd

Similarity

API ID: MessageSend
String ID: @U=u
API String ID: 3850602802-2594219639
Opcode ID: 31c0251d0d73de191210aaefdceb8208ff6b3184c38244a72179f5f4525a6778
Instruction ID: abf6236680b9122ace0929e9afcb4ea3920de6808a1a3d37c944f6b82ac46588
Opcode Fuzzy Hash: 31c0251d0d73de191210aaefdceb8208ff6b3184c38244a72179f5f4525a6778
Instruction Fuzzy Hash: AEC002311411C0BBEA321B77AC4DDC73E3DE7CAF52B11026CB211990B586A50195D624

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report transferencia_BBVA_97866456345354678976543425678.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\autB4C4.tmp

C:\Users\user\AppData\Local\Temp\autB523.tmp

C:\Users\user\AppData\Local\Temp\reindulging

C:\Users\user\AppData\Local\Temp\wainage

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Windows Analysis Report
transferencia_BBVA_97866456345354678976543425678.exe

Function 00363B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153
windowCOMMON

Function 00364FE9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62
COMMON

Function 00364AFE Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Function 003C93DF Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Function 00363015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72
windowregistryCOMMON

Function 00363041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Function 003671EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Function 00363633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151
windowtimeregistryCOMMON

Function 00363A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Function 00363778 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267
COMMON

Function 0036F8CF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168
comCOMMON

Function 00DC2640 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Function 003639E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Function 00DC2410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144
fileCOMMON

Function 0036410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre