Edit tour

Windows Analysis Report
Documento_Remisorio_Activo_N#8475684756..exe

Overview

General Information

Sample name:	Documento_Remisorio_Activo_N#8475684756..exe
Analysis ID:	1431059
MD5:	636600655d1c0ebdf3073f0f6afb6509
SHA1:	34fff619fe1d3caac84ba88f30cc83ac0dab9f3f
SHA256:	46cfebde9e8cadfefc9c1324f9b250b9488c25c59212438de071ceec81b71967
Infos:

Detection

AsyncRAT, DcRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AsyncRAT

Yara detected DcRat

.NET source code references suspicious native API functions

Allocates memory in foreign processes

Contains functionality to infect the boot sector

Drops PE files to the document folder of the user

Drops large PE files

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses dynamic DNS services

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Compiles C# or VB.Net code

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to simulate keystroke presses

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

Documento_Remisorio_Activo_N#8475684756..exe (PID: 4980 cmdline: "C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe" MD5: 636600655D1C0EBDF3073F0F6AFB6509)

csc.exe (PID: 712 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x63f7:$a1: havecamera 0x991c:$a2: timeout 3 > NUL 0x993c:$a3: START "" " 0x97c7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x987c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x63f7:$a1: havecamera 0x991c:$a2: timeout 3 > NUL 0x993c:$a3: START "" " 0x97c7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x987c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x6ae9:$a1: havecamera 0xa00e:$a2: timeout 3 > NUL 0xa02e:$a3: START "" " 0x9eb9:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x9f6e:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0xd1b4:$b2: DcRat By qwqdanchun1
00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x3ac0:$b1: DcRatByqwqdanchun 0x19414:$b2: DcRat By qwqdanchun1
Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x114e6:$a1: havecamera 0x4c9d7:$a1: havecamera 0x160f1:$b1: DcRatByqwqdanchun 0x515e2:$b1: DcRatByqwqdanchun
Process Memory Space: csc.exe PID: 712	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: csc.exe PID: 712	JoeSecurity_DcRat_2	Yara detected DcRat	Joe Security
Process Memory Space: csc.exe PID: 712	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x962:$a1: havecamera 0x556d:$b1: DcRatByqwqdanchun 0x168c5:$b1: DcRatByqwqdanchun 0xf382:$b2: DcRat By qwqdanchun1 0x1a41c:$b2: DcRat By qwqdanchun1
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.csc.exe.aa0000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
3.2.csc.exe.aa0000.0.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x65f7:$a1: havecamera 0x9b1c:$a2: timeout 3 > NUL 0x9b3c:$a3: START "" " 0x99c7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x9a7c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
3.2.csc.exe.aa0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x9a7c:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x99c7:$s2: L2Mgc2NodGFza3MgL2 0x9946:$s3: QW1zaVNjYW5CdWZmZXI 0x9994:$s4: VmlydHVhbFByb3RlY3Q
3.2.csc.exe.aa0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x9cfe:$q1: Select * from Win32_CacheMemory 0x9d3e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x9d8c:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x9dda:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
3.2.csc.exe.aa0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DcRatBy	Detects executables containing the string DcRatBy	ditekSHen	0xa176:$s1: DcRatBy
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x47f7:$a1: havecamera 0x7d1c:$a2: timeout 3 > NUL 0x7d3c:$a3: START "" " 0x7bc7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x7c7c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x7c7c:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x7bc7:$s2: L2Mgc2NodGFza3MgL2 0x7b46:$s3: QW1zaVNjYW5CdWZmZXI 0x7b94:$s4: VmlydHVhbFByb3RlY3Q
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x7efe:$q1: Select * from Win32_CacheMemory 0x7f3e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x7f8c:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x7fda:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack	INDICATOR_SUSPICIOUS_EXE_DcRatBy	Detects executables containing the string DcRatBy	ditekSHen	0x8376:$s1: DcRatBy
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x65f7:$a1: havecamera 0x9b1c:$a2: timeout 3 > NUL 0x9b3c:$a3: START "" " 0x99c7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x9a7c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x9a7c:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x99c7:$s2: L2Mgc2NodGFza3MgL2 0x9946:$s3: QW1zaVNjYW5CdWZmZXI 0x9994:$s4: VmlydHVhbFByb3RlY3Q
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x9cfe:$q1: Select * from Win32_CacheMemory 0x9d3e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x9d8c:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x9dda:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DcRatBy	Detects executables containing the string DcRatBy	ditekSHen	0xa176:$s1: DcRatBy
0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x65f7:$a1: havecamera 0x9b1c:$a2: timeout 3 > NUL 0x9b3c:$a3: START "" " 0x99c7:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x9a7c:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x9a7c:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x99c7:$s2: L2Mgc2NodGFza3MgL2 0x9946:$s3: QW1zaVNjYW5CdWZmZXI 0x9994:$s4: VmlydHVhbFByb3RlY3Q
0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x9cfe:$q1: Select * from Win32_CacheMemory 0x9d3e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x9d8c:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x9dda:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack	INDICATOR_SUSPICIOUS_EXE_DcRatBy	Detects executables containing the string DcRatBy	ditekSHen	0xa176:$s1: DcRatBy
0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0xd2ee9:$a1: havecamera 0xd640e:$a2: timeout 3 > NUL 0xd642e:$a3: START "" " 0xd62b9:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0xd636e:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0xd636e:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0xd62b9:$s2: L2Mgc2NodGFza3MgL2 0xd6238:$s3: QW1zaVNjYW5CdWZmZXI 0xd6286:$s4: VmlydHVhbFByb3RlY3Q
0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xd65f0:$q1: Select * from Win32_CacheMemory 0xd6630:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xd667e:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xd66cc:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DcRatBy	Detects executables containing the string DcRatBy	ditekSHen	0xd6a68:$s1: DcRatBy
Click to see the 20 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe, ProcessId: 4980, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Muhandra

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Avira: detection malicious, Label: HEUR/AGEN.1320513

Multi AV Scanner detection for domain / URL

Source: procesolargovalelapena222.dynuddns.net

Virustotal: Detection: 5%

Perma Link

Multi AV Scanner detection for submitted file

Source: Documento_Remisorio_Activo_N#8475684756..exe	ReversingLabs: Detection: 23%
Source: Documento_Remisorio_Activo_N#8475684756..exe	Virustotal: Detection: 35%			Perma Link

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\vmagent_new\bin\joblist\621001\out\Release\360boxmain.pdb source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00446E00 FindFirstFileW,StrCmpIW,StrCmpIW,StrCmpIW,FindNextFileW,FindClose,	0_2_00446E00
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0045F950 PathCombineW,_memset,_memset,PathCombineW,FindFirstFileW,_memset,PathCombineW,GetFileAttributesExW,FindNextFileW,FindClose,	0_2_0045F950
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00455960 _memset,FindFirstFileW,FindClose,GetLastError,	0_2_00455960

Networking

Uses dynamic DNS services

Source: unknown

DNS query: name: procesolargovalelapena222.dynuddns.net

Source: global traffic

TCP traffic: 192.168.2.6:49720 -> 45.95.169.113:22206

Source: Joe Sandbox View

IP Address: 45.95.169.113 45.95.169.113

Source: Joe Sandbox View

ASN Name: GIGANET-HUGigaNetInternetServiceProviderCoHU GIGANET-HUGigaNetInternetServiceProviderCoHU

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: procesolargovalelapena222.dynuddns.net

Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0&
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://s.360safe.com/safei18n/
Source: csc.exe, 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: http://www.360totalsecurity.com/d/ts/%s/%s/channelOpen
Source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	String found in binary or memory: https://sectigo.com/CPS0D

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0044BE10 RegisterClipboardFormatW,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,GlobalFree,GlobalFree,GlobalFree,

0_2_0044BE10

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

0_2_0044BE10

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0040A810 _memset,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,keybd_event,

0_2_0040A810

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen
Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown

Drops large PE files

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

File dump: cr0wdik.exe.0.dr 800000000

Jump to dropped file

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Documento_Remisorio_Activo_N#8475684756..exe

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004228F0 NtQueryDefaultLocale,	0_2_004228F0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B73 NtQueryDefaultLocale,	0_2_00423B73
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004221F0 NtQueryDefaultLocale,	0_2_004221F0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422270 NtQueryDefaultLocale,	0_2_00422270
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422276 NtQueryDefaultLocale,	0_2_00422276
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422287 NtQueryDefaultLocale,	0_2_00422287
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422415 NtQueryDefaultLocale,	0_2_00422415
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004224DC NtQueryDefaultLocale,	0_2_004224DC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042256F NtQueryDefaultLocale,	0_2_0042256F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042258A NtQueryDefaultLocale,	0_2_0042258A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004227F8 NtQueryDefaultLocale,	0_2_004227F8
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422873 NtQueryDefaultLocale,	0_2_00422873
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422814 NtQueryDefaultLocale,	0_2_00422814
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423020 NtQueryDefaultLocale,	0_2_00423020
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423033 NtQueryDefaultLocale,	0_2_00423033
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423080 NtQueryDefaultLocale,	0_2_00423080
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042312D NtQueryDefaultLocale,	0_2_0042312D
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423291 NtQueryDefaultLocale,	0_2_00423291
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004232B1 NtQueryDefaultLocale,	0_2_004232B1
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423339 NtQueryDefaultLocale,	0_2_00423339
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423797 NtQueryDefaultLocale,	0_2_00423797
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B4A NtQueryDefaultLocale,	0_2_00423B4A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B4F NtQueryDefaultLocale,	0_2_00423B4F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423DD6 NtQueryDefaultLocale,	0_2_00423DD6
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423DE3 NtQueryDefaultLocale,	0_2_00423DE3
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421DAD NtQueryDefaultLocale,	0_2_00421DAD
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421DB2 NtQueryDefaultLocale,	0_2_00421DB2
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423E4F NtQueryDefaultLocale,	0_2_00423E4F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423E30 NtQueryDefaultLocale,	0_2_00423E30

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0049C4A0: DeviceIoControl,

0_2_0049C4A0

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042C70B	0_2_0042C70B
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042960E	0_2_0042960E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B73	0_2_00423B73
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00414048	0_2_00414048
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041405F	0_2_0041405F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0049806C	0_2_0049806C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A069	0_2_0042A069
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A07B	0_2_0042A07B
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00414005	0_2_00414005
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004240E4	0_2_004240E4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004100EC	0_2_004100EC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004100F7	0_2_004100F7
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00410141	0_2_00410141
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00410109	0_2_00410109
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041A132	0_2_0041A132
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00482130	0_2_00482130
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A1C6	0_2_0042A1C6
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041019C	0_2_0041019C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041A1A2	0_2_0041A1A2
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041025A	0_2_0041025A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00440230	0_2_00440230
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041E2D5	0_2_0041E2D5
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A292	0_2_0042A292
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004102BA	0_2_004102BA
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00410375	0_2_00410375
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042432C	0_2_0042432C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00446330	0_2_00446330
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040E3C6	0_2_0040E3C6
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0048A3C4	0_2_0048A3C4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00418469	0_2_00418469
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422415	0_2_00422415
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041843C	0_2_0041843C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004244CB	0_2_004244CB
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041A4DC	0_2_0041A4DC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041C4E8	0_2_0041C4E8
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00418493	0_2_00418493
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040E4A6	0_2_0040E4A6
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00424542	0_2_00424542
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040E54F	0_2_0040E54F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0047A550	0_2_0047A550
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00424529	0_2_00424529
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A534	0_2_0042A534
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041A5C1	0_2_0041A5C1
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040E5EE	0_2_0040E5EE
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042A62F	0_2_0042A62F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041863F	0_2_0041863F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040E687	0_2_0040E687
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00418740	0_2_00418740
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004267D0	0_2_004267D0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041C7F8	0_2_0041C7F8
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0049287D	0_2_0049287D
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00420983	0_2_00420983
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004989B1	0_2_004989B1
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0048C9B7	0_2_0048C9B7
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041AA02	0_2_0041AA02
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00424B46	0_2_00424B46
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00420BDF	0_2_00420BDF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042AB99	0_2_0042AB99
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00490C05	0_2_00490C05
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00426C1C	0_2_00426C1C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00424CD4	0_2_00424CD4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00422CAB	0_2_00422CAB
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00426D05	0_2_00426D05
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00410D28	0_2_00410D28
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0048AE08	0_2_0048AE08
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00426E00	0_2_00426E00
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041AF6C	0_2_0041AF6C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421010	0_2_00421010
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423020	0_2_00423020
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423033	0_2_00423033
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004130D4	0_2_004130D4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004130E5	0_2_004130E5
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423080	0_2_00423080
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00413097	0_2_00413097
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004730A0	0_2_004730A0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00413140	0_2_00413140
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419149	0_2_00419149
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042517C	0_2_0042517C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042312D	0_2_0042312D
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041B13F	0_2_0041B13F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004131B4	0_2_004131B4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421257	0_2_00421257
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423291	0_2_00423291
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004232B1	0_2_004232B1
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040F305	0_2_0040F305
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423339	0_2_00423339
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040F3DF	0_2_0040F3DF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040F445	0_2_0040F445
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040F460	0_2_0040F460
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040D4E0	0_2_0040D4E0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041F4B5	0_2_0041F4B5
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421568	0_2_00421568
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00417520	0_2_00417520
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040D5C0	0_2_0040D5C0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004975E4	0_2_004975E4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004275BC	0_2_004275BC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040D65F	0_2_0040D65F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041D670	0_2_0041D670
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040D675	0_2_0040D675
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042163C	0_2_0042163C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004176C4	0_2_004176C4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004296DB	0_2_004296DB
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004216EE	0_2_004216EE
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004296A9	0_2_004296A9
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004176BF	0_2_004176BF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041175B	0_2_0041175B
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0042975C	0_2_0042975C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00429700	0_2_00429700
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00499715	0_2_00499715
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419721	0_2_00419721
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421864	0_2_00421864
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00429836	0_2_00429836
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004178FA	0_2_004178FA
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004178B7	0_2_004178B7
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00417942	0_2_00417942
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0049B950	0_2_0049B950
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00429905	0_2_00429905
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00447910	0_2_00447910
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00417992	0_2_00417992
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419A53	0_2_00419A53
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FA63	0_2_0041FA63
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FA11	0_2_0041FA11
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00433AA0	0_2_00433AA0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B4A	0_2_00423B4A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423B4F	0_2_00423B4F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00497B28	0_2_00497B28
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00425B20	0_2_00425B20
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419B29	0_2_00419B29
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FB2D	0_2_0041FB2D
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419BE0	0_2_00419BE0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FBEE	0_2_0041FBEE
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FBFD	0_2_0041FBFD
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00411BFF	0_2_00411BFF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00427BAC	0_2_00427BAC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FBBC	0_2_0041FBBC
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FC52	0_2_0041FC52
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00421C0F	0_2_00421C0F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419C1C	0_2_00419C1C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419C3A	0_2_00419C3A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00479CD0	0_2_00479CD0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FCD9	0_2_0041FCD9
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419C8E	0_2_00419C8E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0041FCB4	0_2_0041FCB4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040DDD4	0_2_0040DDD4
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423DD6	0_2_00423DD6
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423DE3	0_2_00423DE3
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00411E51	0_2_00411E51
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_004FBE67	0_2_004FBE67
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419E7B	0_2_00419E7B
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00429E1E	0_2_00429E1E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00423E30	0_2_00423E30
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040DE33	0_2_0040DE33
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00419EAF	0_2_00419EAF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00429F4F	0_2_00429F4F
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040DF55	0_2_0040DF55
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0040DFCE	0_2_0040DFCE
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00479FD0	0_2_00479FD0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00413FF2	0_2_00413FF2
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00413FF9	0_2_00413FF9

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: String function: 00404810 appears 32 times
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: String function: 0048462C appears 41 times

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: invalid certificate

Source: Documento_Remisorio_Activo_N#8475684756..exe	Binary or memory string: OriginalFilename vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282557484.00000000034A0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSandboxMain.exe8 vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameClient.exe" vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSandboxMain.exe8 vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000000.2082520921.00000000004EC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSandboxMain.exe8 vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282262613.0000000000C0E000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClient.exe" vs Documento_Remisorio_Activo_N#8475684756..exe
Source: Documento_Remisorio_Activo_N#8475684756..exe	Binary or memory string: OriginalFilenameSandboxMain.exe8 vs Documento_Remisorio_Activo_N#8475684756..exe

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy
Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12

Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, Settings.cs	Base64 encoded string: 'NyRWPsy9vgW5FYP011qoykyqGcTCjlFdPGfVIMREZtTixanHY6Mbc2h7PZe6MFMN2adKHLxmfZzkvH9jrwtPlw==', 'Zae4ODBrzbWwCsVxH3taZrWSQCv+AfuqQteIdPVqHziFfJYbLTzJhb0+hi0gL3kXEvtX2qcobXdHR3Qe1kO6Ig==', 'GNOd0iMvLLQBZqd4a/OEjbZjWSpGizh40bZHx8/S7P62/hl2vuCqKV0HwrI2jX2mZouVwTYYjvjwOmYoHv8CGh0beILjkOgPqaU+rB6RVoE=', 'o1ehZrUyw1bTzwZSIzoyw2i9GCdWRVvskS8m+19bPGOaGFZqDINL9k2mkTmzGbA+Wckxgq+oWFbWQW4LgsrCDCsMnKQ/26V6Y+jh+ZCkS1i1WWHAdcJsyfWT90G/Uy+Pt8YvsrIjbc/gyXwBBiKeW+85PoaT69VMj/UjdFaiSy8ez3R74urL/0LCq/Qbjc6uM9xB2GIKe0Yg/bUfwbfd7O8hYC/b+Ex+jnpcQaMJypjD36TB2HR+d6Im07jY6xLutvOi8+Oau8Gp1KakoLSS2iDDMVNVhp+I/6liNz5Un5FA1pMJfq4yNT7GKOQce3oxDC1J2+GvqXYx9G1YXhTEAeTVqqusbfRFaVRH72JfKGn1YoU958SNwyAMY3UCfsOdI3S1IoRwUxJdJApKrXp9Vdybr9MEASk9HIv+TocsKVTy+//9iR0EqkK3jqzsOuHbY1Lp+DLkwfy5/mDArT7cR1NvwwvOw5XSwMunf7jgqjqvslYnC4TEmy2IDOGmJ2ZZbLmZrAw3G6lzXBfiUdJmXPEPt8ExWDm5bgbsASilkE3B4MhLGLgumaa+LI/VhQqayCKd2DNgd30dO6JpDwsv2YP9FdUagrrLY5EHQmCoRfJcNmYTnCTmeZKI2fr/oPs4fPrLztJ57NBTMRR/Jk6UtRsDNmgh170l5PzGekV6kZm0DRmsNkcYtcMb+kVhqcdG6uUID0/A1y+XIyUG+LJ+rJkEx0py664bFLVhHMyIx7FDrgXK3DQCoqRGWRnEheT1vq9KwQKPVFWzSyT7PkabAg1mvuP4BnF6cRu7WGFzBUhU40IriRLQo5mCxgxoH+JmraXPspTDRtd5+df04H4x4s7bg9ILEq9OgYmJm/HS5fo8g55tmKX72ZUErCpHfSxr1K4c9C80vl1QAbZFjqiINZzp383XjKvpWubYTrbjIb0raZtF9AL3hyEfI/rUWXKgXYt2076MZmyy7Z6lvb2/qph8PfrK74n+AfDBqj4gvU4Xw1KO6FuUxP0nXTQ9RHoCpq0pjRlt3i+y1i64QW/ii9WoVUTnCNkjJ9W8rgJZ20CXYOizPiAtydRayNCP2X/P', 'JwfjfZwaMjmIruYLad+id4/nVeiFOqrq/5IUqCot3UatEyOX4929ettkDI5TK0ZywIzJyMWh7PtcIHkFiY3J8kSXgrr9isUBZrKzoUtoNdD1+XN+0sFkkZ+rHvcJPYh1fxVb5p/fC/WUI3Ho8SaCz3mhDxf9j5fY0siya/i5doMZA5ts/QdV6N7UbQDf/9RpOXj0Z4VJX3rurdsyB4rSFddT62zKUbSYjlPYYYHDo5NlwTmJsswjBjyCs/vFtiMfTfanXOXElAvddcZVujLiJemnBL0zP1vRlLc1LHvjQis=', 'r1+fqZx8xZDlXEh+o3INczlf1mnpM1iuhAYrKgzy1INh19csSMMlpqahuW8fhx1vnQMh7KP4xyPhSfFil9eF7A==', 'OAQgXX9fI0Fw/7L2VF1306eiRatuMxhBM1FmCDdqU2xUsQ/A8n9NKD42/OoAyxkcUvripYMkB6bx3YXxVnfPUA==', 'XzjzImJ6vxYuEI6EzwHTIcfyt79zkRbG4EeVEVZ1P5irl/PJMUS3NRW3qO+jCR1Ja+EWMw1C6HL1x9iLMheQog==', 'N0bzIF0EizzE8rU1fzYb4LP1CWninx5jgne+ZELzcG36exBUQc92o1BjxHKIWJOxU4sm9ZmeFG9Aon4riljD1Q==', 'McW3gUYmtdeKWmXoMi3FTkB8dz8gZEwKDuXR1OSKvX3scgpcoZTLG2AsqDcndnKz2EgKmpv1WxKwU13i4TY7+g=='
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, NormalStartup.cs	Base64 encoded string: 'L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g', 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA=='

Source: cr0wdik.exe.0.dr

Binary string: K`XD%machinename%%UserProfile%*\Documents and Settings\*\Local Settings\Temp\**\Documents and Settings\*\Local Settings\Temporary Internet Files\**\Documents and Settings\*\Cookies\**\AppData\Local\Temp\**\AppData\Roaming\Microsoft\Windows\Cookies\*.wmv.rmvb.rm.mpg.mp4.mov.mkv.flv.avi.3gp.wma.ra.mp3.ogg.mka.m4a.ac3.aac.xlsx.xls.pptx.ppt.txt.pdf.docx.doc..CacheSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders360SANDBOX\SHADOW360sandbox\filelist_page.xml::{26EE0668-A00A-44D7-9371-BEB064C98683}IDS_MEDIA_LIST_DESCIDS_DOCUMENT_LIST_DESCIDS_DELETE_PROMPT_MSGPreferred DropEffectIDS_COPY_PRMPT360SandBox\Shadow360SANDBOX\SHADOW\IDS_UPPER_FOLDERIDS_DATE_TIME_FMT%Y-%m-%d %H:%MC:\sxin.dllsxin64.dllSxWrapper.dllWINDOWS\SXIn.dllIDS_CRITICAL_FILE_PROMPT_MSG\Device\FloppyX

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/1@1/1

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_00460A00 _memset,FindFirstVolumeW,GetLastError,GetDiskFreeSpaceExW,__aulldiv,FindNextVolumeW,GetLastError,FindVolumeClose,

0_2_00460A00

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0043E960 CoCreateInstance,

0_2_0043E960

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0040C7C0 LoadLibraryExW,FindResourceW,SizeofResource,LoadResource,LockResource,_malloc,FreeResource,FreeLibrary,VerQueryValueW,

0_2_0040C7C0

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

File created: C:\Users\user\Documents\ChromeUpdate

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: \Sessions\1\BaseNamedObjects\DcRatMutex_qwqdanchun

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Documento_Remisorio_Activo_N#8475684756..exe	ReversingLabs: Detection: 23%
Source: Documento_Remisorio_Activo_N#8475684756..exe	Virustotal: Detection: 35%

Source: Documento_Remisorio_Activo_N#8475684756..exe

String found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

File read: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe "C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe"
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: k7rn7l32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: ntd3ll.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static file information: File size 1313328 > 1048576

Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Documento_Remisorio_Activo_N#8475684756..exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\vmagent_new\bin\joblist\621001\out\Release\360boxmain.pdb source: Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_00408110 LoadLibraryW,GetProcAddress,

0_2_00408110

Source: Documento_Remisorio_Activo_N#8475684756..exe

Static PE information: real checksum: 0xee8a9 should be: 0x145c75

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00484671 push ecx; ret	0_2_00484684
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00484D46 push ecx; ret	0_2_00484D59
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00477950 push ecx; mov dword ptr [esp], 00000000h	0_2_00477951

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	0_2_0049A650
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	0_2_0049AA10
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	0_2_0049ABA0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	0_2_00479710

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

File created: C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

File created: C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	0_2_0049A650
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	0_2_0049AA10
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	0_2_0049ABA0
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	0_2_00479710

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Muhandra			Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Muhandra			Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_00402A30 _memset,PathCombineW,GetCurrentProcessId,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00402A30

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match	File source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Documento_Remisorio_Activo_N#8475684756..exe	Binary or memory string: PROCESSHACKER.EXE
Source: Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, csc.exe, 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 5410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 6F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 6A50000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Dropped PE file which has not been started: C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

API coverage: 0.5 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00446E00 FindFirstFileW,StrCmpIW,StrCmpIW,StrCmpIW,FindNextFileW,FindClose,	0_2_00446E00
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0045F950 PathCombineW,_memset,_memset,PathCombineW,FindFirstFileW,_memset,PathCombineW,GetFileAttributesExW,FindNextFileW,FindClose,	0_2_0045F950
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00455960 _memset,FindFirstFileW,FindClose,GetLastError,	0_2_00455960

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_004554B0 GetModuleHandleA,GetProcAddress,GetSystemInfo,

0_2_004554B0

Source: csc.exe, 00000003.00000002.3356944146.0000000006C50000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	API call chain: ExitProcess graph end node			graph_0-104779
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	API call chain: ExitProcess graph end node			graph_0-104913

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0047E6EB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0047E6EB

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0047C6F0 SetLastError,GetCurrentThreadId,GetProcessHeap,OpenThread,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,

0_2_0047C6F0

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_00408110 LoadLibraryW,GetProcAddress,

0_2_00408110

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0047C6F0 SetLastError,GetCurrentThreadId,GetProcessHeap,OpenThread,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,

0_2_0047C6F0

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0047E6EB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0047E6EB
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0047EDE5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0047EDE5
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0047D402 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0047D402
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00481437 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00481437

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, Win32.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, Win32.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, Amsi.cs	Reference to suspicious API methods: Win32.VirtualAllocEx(procAddress, (UIntPtr)(ulong)patch.Length, 64u, out var _)

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: AA0000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: AA0000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: AA0000			Jump to behavior
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 79D008			Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0040A810 _memset,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,keybd_event,

0_2_0040A810

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0049B1C0 cpuid

0_2_0049B1C0

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	0_2_00492133
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	0_2_0049224A
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	0_2_004922E2
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	0_2_00492356
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: GetLocaleInfoA,	0_2_00486441
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	0_2_00492528
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_004925E9
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: GetLocaleInfoA,	0_2_0049465E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_00492650
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	0_2_0049268C
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	0_2_0048274E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,	0_2_004968EF
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	0_2_004968BB
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_00496A2E
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	0_2_00491419
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	0_2_00489AD1
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	0_2_00491A87
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	0_2_00491CDF

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_00494483 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00494483

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0048B842 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

0_2_0048B842

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe

Code function: 0_2_0040C640 _memset,_memset,GetVersionExW,GetModuleHandleW,GetProcAddress,_memset,

0_2_0040C640

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Source: Documento_Remisorio_Activo_N#8475684756..exe, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, csc.exe, 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, csc.exe, 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: Documento_Remisorio_Activo_N#8475684756..exe	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: Documento_Remisorio_Activo_N#8475684756..exe, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Documento_Remisorio_Activo_N#8475684756..exe, 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, csc.exe, 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected DcRat

Source: Yara match

File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Remote Access Functionality

Yara detected DcRat

Source: Yara match

File source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR

Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_00437330 RpcAsyncInitializeHandle,CreateEventW,RpcStringBindingComposeW,RpcBindingFromStringBindingW,WaitForSingleObject,RpcAsyncCompleteCall,CloseHandle,RpcStringFreeW,RpcBindingFree,		0_2_00437330
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe	Code function: 0_2_0043747D CloseHandle,RpcStringFreeW,RpcBindingFree,		0_2_0043747D

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	311 Process Injection	1 Masquerading	11 Input Capture	2 System Time Discovery	Remote Services	11 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Virtualization/Sandbox Evasion	LSASS Memory	141 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Native API	1 Bootkit	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Clipboard Data	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	311 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	37 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Bootkit	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Documento_Remisorio_Activo_N#8475684756..exe	24%	ReversingLabs	Win32.Trojan.Generic
Documento_Remisorio_Activo_N#8475684756..exe	35%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe	100%	Avira	HEUR/AGEN.1320513

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
procesolargovalelapena222.dynuddns.net	5%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
procesolargovalelapena222.dynuddns.net	45.95.169.113	true	true	5%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.360totalsecurity.com/d/ts/%s/%s/channelOpen	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false		high
http://ocsp.sectigo.com0	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	csc.exe, 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false	URL Reputation: safe	unknown
http://s.360safe.com/safei18n/	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false		high
https://sectigo.com/CPS0D	Documento_Remisorio_Activo_N#8475684756..exe, cr0wdik.exe.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.95.169.113	procesolargovalelapena222.dynuddns.net	Croatia (LOCAL Name: Hrvatska)		42864	GIGANET-HUGigaNetInternetServiceProviderCoHU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431059
Start date and time:	2024-04-24 14:21:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Documento_Remisorio_Activo_N#8475684756..exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 64% Number of executed functions: 193 Number of non-executed functions: 107
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

Time	Type	Description
14:22:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Muhandra C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe
14:22:43	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Muhandra C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
45.95.169.113	DRsredYZxA	Get hash	malicious	Unknown	Browse
	HklThtI5xY	Get hash	malicious	Mirai	Browse
	ZmE7zvQ5H0	Get hash	malicious	Unknown	Browse
	T2dACD6noW	Get hash	malicious	Mirai	Browse
	x86	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GIGANET-HUGigaNetInternetServiceProviderCoHU	pSfqOmM1DG.exe	Get hash	malicious	Remcos, DBatLoader	Browse	45.9.168.238
	payment_Adv.vbs	Get hash	malicious	Remcos, GuLoader	Browse	45.95.169.12
	nune4wRXO1.elf	Get hash	malicious	Mirai, Gafgyt	Browse	45.95.169.102
	M3VAQtY4jqGyrtO.exe	Get hash	malicious	AgentTesla	Browse	45.95.168.74
	SecuriteInfo.com.Win32.PWSX-gen.9989.30951.exe	Get hash	malicious	AgentTesla	Browse	45.95.168.74
	GN54VPHV1Q.elf	Get hash	malicious	Gafgyt, Mirai	Browse	45.95.169.103
	tXgBFr4DQ1.elf	Get hash	malicious	Gafgyt, Mirai	Browse	45.95.169.103
	vtuxAlLJXO.elf	Get hash	malicious	Gafgyt, Mirai	Browse	45.95.169.103
	jFAsTk5xgd.elf	Get hash	malicious	Gafgyt, Mirai	Browse	45.95.169.103
	ZSsHNy2LXp.elf	Get hash	malicious	Gafgyt, Mirai	Browse	45.95.169.103

Process:	C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	800000000
Entropy (8bit):	0.025967928040329075
Encrypted:	false
SSDEEP:
MD5:	5524A506C0C49D3DF2570808A38C3895
SHA1:	576011C0810F286B8945AAAE9CD8656B75268BF6
SHA-256:	7F51B7DE954A8B4C25429C584EA282B9B6D7321A9032E4524F7C7AC38776DFCC
SHA-512:	845CF6700361E9A579F01AFA4FC085F8B4C6CA6005549117E5A3830448DBFDB0F2385EFCC762EAF568FCD2520F39C700582A58BD06C1E9EB49176E402885EA66
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.............A..................................y..........A.......A..........8...........................Rich............................PE..L...R..a.................\...~.......E.......p....@..........................`............@...`..`..........................<[..\|....@..................0,...........{..................................@............p...............................text....`.......\.................. ..`.rdata... ...p.......`..............@..@.data............L...x..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.8732996504994155
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Documento_Remisorio_Activo_N#8475684756..exe
File size:	1'313'328 bytes
MD5:	636600655d1c0ebdf3073f0f6afb6509
SHA1:	34fff619fe1d3caac84ba88f30cc83ac0dab9f3f
SHA256:	46cfebde9e8cadfefc9c1324f9b250b9488c25c59212438de071ceec81b71967
SHA512:	db81237cefac5538bd14c6ef8542322452bd8ee31b2e54675bf964cc328be0c928e15fc4e1e4c7dd71612f50a524ac9085cdafbe2687c3d0db50e893fe2c895e
SSDEEP:	24576:nOZ4A1k8wwE6fibNsRt7Z+rJ+6rJlC9wtVUf6UCu8z35so2etaC:LA1iwiZqt7ZeI8JlC9wtVUf6UCu+yo2s
TLSH:	2E55AF12BF4BC13FD281053DC6194B65A03AEB75133B93C772C56EAEAC75AD12D39A02
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.............A..................................y............A.......A..........8...........................Rich...........

File Icon


Icon Hash:	9c276179715d7d7d

Static PE Info

General

Entrypoint:	0x484599
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x61CBE252 [Wed Dec 29 04:21:38 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	589d5431ef7b1cc3537e4bce607e5a48

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	12/04/2016 02:00:00 13/04/2021 01:59:59
Subject Chain	CN=ALCPU, O=ALCPU, STREET=Snapir st. 1/12, L=Tel Aviv, S=Tel Aviv, PostalCode=67298, C=IL
Version:	3
Thumbprint MD5:	6AD4467E1A15F2C4E75C7DF32E522AF8
Thumbprint SHA-1:	CB99F9C3E1C2875D0EE4FEED651043A8AFB7E024
Thumbprint SHA-256:	8C65133D4A7966FA17A420137F591B121EEEE9433C04C267E4446EB0BAEE1D01
Serial:	3020CDC2DB9ED0BE866D8392BB5C4D0E

Entrypoint Preview

Instruction
call 00007FAEDCD6D25Ah
jmp 00007FAEDCD5D1EEh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edx, dword ptr [esp+0Ch]
mov ecx, dword ptr [esp+04h]
test edx, edx
je 00007FAEDCD5D3DBh
xor eax, eax
mov al, byte ptr [esp+08h]
test al, al
jne 00007FAEDCD5D388h
cmp edx, 00000100h
jc 00007FAEDCD5D380h
cmp dword ptr [004D29ECh], 00000000h
je 00007FAEDCD5D377h
jmp 00007FAEDCD6D309h
push edi
mov edi, ecx
cmp edx, 04h
jc 00007FAEDCD5D3A3h
neg ecx
and ecx, 03h
je 00007FAEDCD5D37Eh
sub edx, ecx
mov byte ptr [edi], al
add edi, 01h
sub ecx, 01h
jne 00007FAEDCD5D368h
mov ecx, eax
shl eax, 08h
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 03h
shr ecx, 02h
je 00007FAEDCD5D378h
rep stosd
test edx, edx
je 00007FAEDCD5D37Ch
mov byte ptr [edi], al
add edi, 01h
sub edx, 01h
jne 00007FAEDCD5D368h
mov eax, dword ptr [esp+08h]
pop edi
ret
mov eax, dword ptr [esp+04h]
ret
int3
int3
push 00484690h
push dword ptr fs:[00000000h]
mov eax, dword ptr [esp+10h]
mov dword ptr [esp+10h], ebp
lea ebp, dword ptr [esp+10h]
sub esp, eax
push ebx
push esi
push edi
mov eax, dword ptr [004C9614h]
xor dword ptr [ebp-04h], eax
xor eax, ebp
push eax
mov dword ptr [ebp-18h], esp
push dword ptr [ebp-08h]
mov eax, dword ptr [ebp-04h]
mov dword ptr [ebp-04h], 000000FEh

Rich Headers

Programming Language:

[C++] VS2005 build 50727
[ASM] VS2008 SP1 build 30729
[C++] VS2008 build 21022
[ C ] VS2008 SP1 build 30729
[C++] VS2008 SP1 build 30729
[ C ] VS2005 build 50727
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc5b3c	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x718dc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x13de00	0x2c30	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdf000	0x8390	.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xa7b80	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb7ff0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa7000	0x7f0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xa6000	0xa5c00	cfa501fcee61a4f54cd2bd96af7caeb4	False	0.5107407145550528	data	6.725976260581619	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xa7000	0x22000	0x21800	62a03995eb91942b1ce36066c931dab6	False	0.3590616254664179	data	5.060022858539004	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc9000	0xb000	0x4c00	6164a2ab25e1d08b6fe7876af9635b55	False	0.2515933388157895	data	4.46748708080796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x718dc	0x71a00	510d68410186ff585e0b84769cf4b3a7	False	0.5334738551980198	data	6.900584843089922	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_BITMAP	0xd44bc	0xbe36	PC bitmap, Windows 3.x format, 6244 x 2 x 41, image size 49121, cbSize 48694, bits offset 54			0.704542654125765
RT_ICON	0xe02f4	0xacb8	PC bitmap, Windows 3.x format, 5810 x 2 x 53, image size 44297, cbSize 44216, bits offset 54			0.5052695856703455
RT_ICON	0xeafac	0x78b5	PC bitmap, Windows 3.x format, 4675 x 2 x 39, image size 31020, cbSize 30901, bits offset 54			0.46985534448723343
RT_ICON	0xf2864	0x7ae2	PC bitmap, Windows 3.x format, 4330 x 2 x 42, image size 31607, cbSize 31458, bits offset 54			0.538177887977621
RT_ICON	0xfa348	0x40fa6	PC bitmap, Windows 3.x format, 33791 x 2 x 45, image size 266630, cbSize 266150, bits offset 54			0.5021491640052602
RT_ICON	0x13b2f0	0x4aab	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9882291394193042
RT_ICON	0x13fd9c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.27188796680497923
RT_ICON	0x142344	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3395872420262664
RT_ICON	0x1433ec	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.3395390070921986
RT_ICON	0x143854	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.3599290780141844
RT_ICON	0x143cbc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.4842057761732852
RT_ACCELERATOR	0x144564	0x8	data	English	United States	2.0
RT_RCDATA	0x14456c	0x80	data	English	United States	1.0859375
RT_GROUP_ICON	0x1445ec	0x3e	data	English	United States	0.8064516129032258
RT_GROUP_ICON	0x14462c	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x144640	0x14	data	English	United States	1.25
RT_VERSION	0x144654	0x338	data	Chinese	Taiwan	0.45145631067961167
RT_VERSION	0x14498c	0x338	data	English	United States	0.45145631067961167
RT_VERSION	0x144cc4	0x338	data	Portuguese	Brazil	0.45145631067961167
RT_VERSION	0x144ffc	0x338	data	Turkish	Turkey	0.4526699029126214
RT_VERSION	0x145334	0x338	data	Chinese	China	0.45145631067961167
RT_MANIFEST	0x14566c	0x26e	ASCII text, with CRLF line terminators	English	United States	0.5176848874598071

Imports

DLL	Import
KERNEL32.dll	FindNextVolumeW, FindVolumeClose, GetFileAttributesW, CreateThread, ExitProcess, GetProcessTimes, CompareFileTime, GetLongPathNameW, GetDiskFreeSpaceExW, GetTempFileNameW, SetFilePointer, HeapAlloc, HeapFree, GetProcessHeap, WriteFile, TerminateProcess, OpenMutexW, LoadLibraryA, DeviceIoControl, ReleaseMutex, SystemTimeToFileTime, FileTimeToSystemTime, GetModuleHandleA, HeapWalk, HeapLock, OpenThread, HeapUnlock, OutputDebugStringW, GetFileSizeEx, SetFilePointerEx, LocalFileTimeToFileTime, lstrcmpiA, GetTimeZoneInformation, SetEnvironmentVariableA, CompareStringW, QueryDosDeviceW, CreateFileA, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoW, InitializeCriticalSectionAndSpinCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeA, FlushFileBuffers, GetConsoleMode, FreeResource, FindFirstVolumeW, GetFileType, SetHandleCount, GetDateFormatA, GetTimeFormatA, HeapCreate, GetModuleFileNameA, GetStdHandle, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, IsValidCodePage, GetOEMCP, GetACP, GetStringTypeW, LCMapStringW, LCMapStringA, RtlUnwind, GetStartupInfoW, GetCPInfo, GetSystemTimeAsFileTime, ExitThread, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, lstrlenA, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, HeapSize, HeapReAlloc, HeapDestroy, FindNextFileW, FindClose, FindFirstFileW, GetShortPathNameW, CompareStringA, GetVolumePathNamesForVolumeNameW, GetSystemWindowsDirectoryW, SetLastError, CreateProcessW, SizeofResource, GlobalFree, CreateMutexW, GetLastError, GetTickCount, InitializeCriticalSection, DeleteCriticalSection, GetSystemInfo, FreeConsole, GetCurrentProcessId, LoadLibraryExW, Sleep, InterlockedCompareExchange, InterlockedExchange, GetTempPathW, ReadFile, CreateFileW, GetDriveTypeW, GetModuleFileNameW, GetWindowsDirectoryW, GetFileAttributesExW, MultiByteToWideChar, GetUserDefaultUILanguage, SetCurrentDirectoryW, MulDiv, GetPrivateProfileStringW, lstrcpyW, GetCurrentThreadId, FlushInstructionCache, GetModuleHandleW, GetVersion, GetVersionExW, InterlockedDecrement, TerminateThread, lstrcmpW, GlobalAlloc, GlobalLock, GlobalUnlock, SetErrorMode, lstrcmpiW, lstrlenW, OpenProcess, CreateEventW, SetEnvironmentVariableW, GetSystemDirectoryW, GetCommandLineW, ExpandEnvironmentStringsW, DeleteFileW, GetFileSize, InterlockedIncrement, RaiseException, GetStartupInfoA, ProcessIdToSessionId, GetConsoleCP, EnterCriticalSection, FreeLibrary, LeaveCriticalSection, GetProcAddress, LoadLibraryW, CloseHandle, WaitForSingleObject, GetCurrentProcess, WideCharToMultiByte, FindResourceExW, FindResourceW, LoadResource, LockResource, lstrcmpA
USER32.dll	PostMessageW, FindWindowW, SetFocus, SetWindowPos, SendMessageW, UnregisterClassA, GetParent, EnableWindow, IsWindow, ClientToScreen, CreateAcceleratorTableW, RedrawWindow, GetSysColor, GetClassNameW, GetDlgItem, GetFocus, IsChild, EndPaint, BeginPaint, GetWindowTextW, GetWindowTextLengthW, TranslateAcceleratorW, LoadAcceleratorsW, RegisterClipboardFormatW, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, InflateRect, InternalGetWindowText, OpenDesktopW, GetThreadDesktop, EnumWindows, CloseDesktop, OpenWindowStationW, MoveWindow, SetCapture, RegisterWindowMessageW, SetWindowLongW, FindWindowExW, CallWindowProcW, GetWindowLongW, GetProcessWindowStation, SetProcessWindowStation, CloseWindowStation, EnumDesktopsW, GetDC, ReleaseDC, GetMonitorInfoW, AllowSetForegroundWindow, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, SetForegroundWindow, SetActiveWindow, GetKeyboardState, keybd_event, GetWindowRect, GetDesktopWindow, LoadIconW, InvalidateRect, GetActiveWindow, WaitForInputIdle, DestroyIcon, CopyRect, DrawIconEx, SetTimer, KillTimer, ShowWindow, GetClientRect, IsDialogMessageW, IsRectEmpty, OffsetRect, IsWindowVisible, MapWindowPoints, MonitorFromWindow, GetWindow, SetWindowTextW, LoadCursorW, RegisterClassExW, GetClassInfoExW, DefWindowProcW, DestroyWindow, GetMessageW, TranslateMessage, DispatchMessageW, CreateWindowExW, DrawTextW, PtInRect, GetMessagePos, ScreenToClient, SetRectEmpty, SetRect, SetCursor, GetWindowDC, GetClassLongW, SetClassLongW, EnumWindowStationsW, CharNextW, PeekMessageW, DestroyAcceleratorTable, InvalidateRgn, LoadImageW, GetSystemMetrics, SystemParametersInfoW, LoadStringW, SendMessageTimeoutW, FillRect, ReleaseCapture
GDI32.dll	GetStockObject, GetPixel, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, CreateFontW, GetTextExtentPoint32W, SetViewportOrgEx, GetTextMetricsW, SelectObject, GetObjectW, GetObjectA, GetDeviceCaps, BitBlt, CreateSolidBrush, DeleteObject
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	RegCreateKeyExW, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteValueW, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA
SHELL32.dll	SHGetSpecialFolderPathW, ExtractIconExW, SHGetPathFromIDListW, ShellExecuteW, SHGetFileInfoW, SHGetDesktopFolder, SHGetFolderPathW, SHFileOperationW, SHGetSpecialFolderLocation
ole32.dll	CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CreateStreamOnHGlobal, OleLockRunning, StringFromGUID2, OleUninitialize, OleInitialize, CoCreateInstance, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, CoInitialize, CoUninitialize
OLEAUT32.dll	SysFreeString, SysAllocString, VariantClear, SafeArrayGetVartype, SafeArrayCopy, VariantCopy, VariantInit, SafeArrayGetLBound, SafeArrayGetUBound, SysAllocStringLen, LoadTypeLib, LoadRegTypeLib, SysStringLen, OleCreateFontIndirect, VarUI4FromStr, VarBstrCmp, SafeArrayUnlock, SafeArrayLock, SafeArrayDestroy, SafeArrayCreate, DispCallFunc
SHLWAPI.dll	PathCompactPathW, StrCmpNIW, PathIsDirectoryW, StrStrIW, PathRemoveFileSpecW, PathFileExistsW, PathAppendW, SHGetValueW, PathCombineW, StrCmpIW, PathFindExtensionW, StrCmpNW, StrChrW, PathMatchSpecW, PathIsFileSpecW, PathIsRootW, wnsprintfW, SHGetValueA, PathIsRelativeW, SHSetValueW, ColorHLSToRGB, ColorRGBToHLS, PathFindFileNameW, SHSetValueA
COMCTL32.dll	InitCommonControlsEx
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
gdiplus.dll	GdipSetPathGradientCenterColor, GdipCreatePathGradientFromPath, GdipSetPathGradientSurroundColorsWithCount, GdipGetPathGradientPointCount, GdipAddPathEllipseI, GdipDrawLine, GdipDrawImageRectRectI, GdipNewPrivateFontCollection, GdipDeletePrivateFontCollection, GdipCreateFromHWND, GdipGetFontHeight, GdipResetClip, GdipPrivateAddMemoryFont, GdipTranslateWorldTransform, GdipAddPathPie, GdipSetPathGradientCenterPoint, GdipSetInterpolationMode, GdipSaveImageToFile, GdipGetImageEncoders, GdipAddPathLine, GdipSetClipRectI, GdipSetTextRenderingHint, GdipCreateBitmapFromFile, GdipGetImageEncodersSize, GdipSetPathGradientGammaCorrection, GdipGetPathWorldBoundsI, GdipAddPathLine2, GdipCreateBitmapFromStream, GdipAddPathArc, GdipGetFontCollectionFamilyList, GdipCloneFontFamily, GdipDeleteFontFamily, GdipSetLinePresetBlend, GdipCreatePen2, GdipDrawRectangleI, GdipCreateLineBrushFromRect, GdipAddPathRectangleI, GdipGetPixelOffsetMode, GdipSetPenWidth, GdipDrawEllipseI, GdipSetPenDashOffset, GdipAddPathLineI, GdipSetPixelOffsetMode, GdipDrawImageRectI, GdipGetImageGraphicsContext, GdipGetImagePixelFormat, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromScan0, GdipBitmapSetPixel, GdipBitmapGetPixel, GdipGetImageHeight, GdipGetImageWidth, GdipDrawPath, GdipFillPath, GdipGetSmoothingMode, GdipDeletePath, GdipCreatePath, GdipFillRectangleI, GdipCreateLineBrushFromRectI, GdipClosePathFigure, GdipAddPathArcI, GdipResetPath, GdipDrawString, GdipCloneBrush, GdipAlloc, GdipFree, GdipDeleteBrush, GdipCreateSolidFill, GdipFillRectangle, GdipMeasureString, GdipSetStringFormatAlign, GdipSetStringFormatLineAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipDeleteFont, GdipCreateFontFromLogfontA, GdipCreateFontFromDC, GdipDrawRectangle, GdipDrawLineI, GdipSetPenDashStyle, GdipDeletePen, GdipCreatePen1, GdipDeleteGraphics, GdipCreateFromHDC, GdipDrawImagePointRectI, GdipResetWorldTransform, GdipCreateFont, GdipRotateWorldTransform, GdipSetSmoothingMode
IMM32.dll	ImmDisableIME
RPCRT4.dll	RpcStringFreeW, RpcAsyncCompleteCall, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcAsyncInitializeHandle, RpcBindingFree, NdrAsyncClientCall
WINTRUST.dll	WTHelperProvDataFromStateData, WinVerifyTrust
CRYPT32.dll	CertGetNameStringW
WTSAPI32.dll	WTSQuerySessionInformationW
USERENV.dll	GetUserProfileDirectoryW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Chinese	Taiwan
Portuguese	Brazil
Turkish	Turkey
Chinese	China

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:22:37.035403013 CEST	49720	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:22:38.116682053 CEST	49720	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:22:40.119075060 CEST	49720	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:22:44.132303953 CEST	49720	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:22:52.179101944 CEST	49720	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:03.196366072 CEST	49722	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:04.210416079 CEST	49722	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:06.226011038 CEST	49722	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:10.225934982 CEST	49722	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:18.226041079 CEST	49722	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:29.258312941 CEST	49725	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:30.272898912 CEST	49725	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:32.288374901 CEST	49725	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:36.304053068 CEST	49725	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:44.303986073 CEST	49725	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:55.321430922 CEST	49728	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:56.335268974 CEST	49728	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:23:58.366482973 CEST	49728	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:24:02.366566896 CEST	49728	22206	192.168.2.6	45.95.169.113
Apr 24, 2024 14:24:10.366465092 CEST	49728	22206	192.168.2.6	45.95.169.113

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:22:36.703275919 CEST	52253	53	192.168.2.6	1.1.1.1
Apr 24, 2024 14:22:37.031563997 CEST	53	52253	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 14:22:36.703275919 CEST	192.168.2.6	1.1.1.1	0x12f6	Standard query (0)	procesolargovalelapena222.dynuddns.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 14:22:37.031563997 CEST	1.1.1.1	192.168.2.6	0x12f6	No error (0)	procesolargovalelapena222.dynuddns.net		45.95.169.113	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	14:22:12
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe"
Imagebase:	0x400000
File size:	1'313'328 bytes
MD5 hash:	636600655D1C0EBDF3073F0F6AFB6509
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:22:32
Start date:	24/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Imagebase:	0xdc0000
File size:	2'141'552 bytes
MD5 hash:	EB80BB1CA9B9C7F516FF69AFCFD75B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	56.9%
Total number of Nodes:	188
Total number of Limit Nodes:	22

Executed Functions

Function 0042960E Relevance: 68.8, APIs: 2, Strings: 37, Instructions: 506
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
_W, xrefs: 0042A270
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
?G9?, xrefs: 0042B75C
r, xrefs: 0042B711
a, xrefs: 0042A7B1
L, xrefs: 0042BBD3
a, xrefs: 0042A787
a, xrefs: 0042BBEF
y, xrefs: 0042A7BF
e, xrefs: 0042B726
x, xrefs: 0042B6F5
o, xrefs: 0042A780
b, xrefs: 0042BBE1
L, xrefs: 0042A795
b, xrefs: 0042A7A3
i, xrefs: 0042BBDA
L, xrefs: 0042A779
P, xrefs: 0042B70A
W, xrefs: 0042A7C6
t, xrefs: 0042B703
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
o, xrefs: 0042B718
E, xrefs: 0042B6EE
r, xrefs: 0042A7AA
r, xrefs: 0042A7B8
i, xrefs: 0042A79C
c, xrefs: 0042B71F
d, xrefs: 0042A78E
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$L$L$P$W$W$_W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
API String ID: 544645111-2079946838
Opcode ID: a6edb22ea466b97424cd1f1487a55ae5d5d93f0f7be0d24f859608104c99e6e2
Instruction ID: 2d398da1496b3fbe75515d248c998489947e271b12d978df9bdc981b90606710
Opcode Fuzzy Hash: a6edb22ea466b97424cd1f1487a55ae5d5d93f0f7be0d24f859608104c99e6e2
Instruction Fuzzy Hash: 031237A1E092A48EF7208624DC547EB7B75EF91304F0480FED44D9B282D67E4ED68B67

Uniqueness

Uniqueness Score: -1.00%

Function 0042975C Relevance: 45.9, APIs: 2, Strings: 24, Instructions: 357
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 659b4c7272652b799f59bd936005ced3061170af5a9f9101c5e5d023f0fe5e9c
Instruction ID: ea06a19bfccf9367e7b3f4f0ca3691d59ba8f744146de36c34397e9f9e41cd70
Opcode Fuzzy Hash: 659b4c7272652b799f59bd936005ced3061170af5a9f9101c5e5d023f0fe5e9c
Instruction Fuzzy Hash: 59E1E3B1E092688EFB20CA24DC54BEA7BB5EF91304F1480FAD44DA7281D67D4EC58F56

Uniqueness

Uniqueness Score: -1.00%

Function 00429836 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 28b8a1d7a2347274594b445a81cc4ad6c8662fd0a14c39469afeb045e3afa0cd
Instruction ID: a06680aafb07c181c8f959af5ec8c7d0dae26177a00ce677c10a4fb2928219b3
Opcode Fuzzy Hash: 28b8a1d7a2347274594b445a81cc4ad6c8662fd0a14c39469afeb045e3afa0cd
Instruction Fuzzy Hash: 8CD1F7B1E092A88AF720C624DC54BEB7B75EF91304F1480FAD44DA7282D67D4EC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 00429F4F Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 324
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: f405ffc572cdd904cca36bec9a9d918989a3bd709d9bed6cfdfd6c896b9ca4a6
Instruction ID: b756af316eab0c1c599ed18b854ccdd83dd6c82e8cb8b84ab7d5df95423ceff8
Opcode Fuzzy Hash: f405ffc572cdd904cca36bec9a9d918989a3bd709d9bed6cfdfd6c896b9ca4a6
Instruction Fuzzy Hash: 97D1D571E046A88BEB20CA24DC547EA7BB1EF91305F1440EEC44DA6281D67E4FD58F56

Uniqueness

Uniqueness Score: -1.00%

Function 00429905 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 288
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 4dd5a9c0cf7c61f0dba28afd85efcff0a81c0880c48345670a6f389a7c9b9ca2
Instruction ID: bc617a807287f2c29a5165e3d02165d5f55e4324323a1427f81d7ea727788d01
Opcode Fuzzy Hash: 4dd5a9c0cf7c61f0dba28afd85efcff0a81c0880c48345670a6f389a7c9b9ca2
Instruction Fuzzy Hash: A9C117A1E092688AF7208624DC547EA7BB5EF91304F1480FED44DA7282D77E4EC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 0041A1A2 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
?G9?, xrefs: 0042B75C
r, xrefs: 0042B711
L, xrefs: 0042BBD3
a, xrefs: 0042BBEF
e, xrefs: 0042B726
x, xrefs: 0042B6F5
b, xrefs: 0042BBE1
?@DE, xrefs: 0041A1A3
i, xrefs: 0042BBDA
P, xrefs: 0042B70A
t, xrefs: 0042B703
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
o, xrefs: 0042B718
E, xrefs: 0042B6EE
c, xrefs: 0042B71F
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?@DE$?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-2291453416
Opcode ID: db69317387f6760dbf6df150dcffdcf30e4593d87d012d11141bce0a2bcb6c88
Instruction ID: 2634919e623f71a2cd2453f3b6fde179f2c97b20c452e8b70abc6cfd57a65e52
Opcode Fuzzy Hash: db69317387f6760dbf6df150dcffdcf30e4593d87d012d11141bce0a2bcb6c88
Instruction Fuzzy Hash: BDB1B371E092688AF720CA24DC547EA7B75EB91304F1480EAD44DA7282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 004296DB Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: c7192fb05d0021cf9eff6bf89a7428ae1dc709703fb252ee21cae2cb26fd7b7f
Instruction ID: 00586d05e618897d207c1db21b5ffd2ba1d25debe1e3fc474404100f94b0ff0e
Opcode Fuzzy Hash: c7192fb05d0021cf9eff6bf89a7428ae1dc709703fb252ee21cae2cb26fd7b7f
Instruction Fuzzy Hash: 84B12761E082A88AF7208624DC547EA7B75EF91304F1480FED54DAB282D77E4FC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 004296A9 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 2bb95870646a108024954a2062b570ca16788dfa0a63a4cd630272a4157886e8
Instruction ID: 021e34383ee574edf782ba1327bcbe6b431d852b0872ec2f06b50997971fbfc5
Opcode Fuzzy Hash: 2bb95870646a108024954a2062b570ca16788dfa0a63a4cd630272a4157886e8
Instruction Fuzzy Hash: 27B12761E082A88AF7208624DC547EA7B75EF91304F1480FED54DAB282D77E4FC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 00429700 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 88a36864ac673ce392f002bb94707894844c41a0b9b89a3c0b3da9d3f70b1631
Instruction ID: 18c3230b940ddb2725f03e3a74df0c5aaed5da378903846010feb0562f72133a
Opcode Fuzzy Hash: 88a36864ac673ce392f002bb94707894844c41a0b9b89a3c0b3da9d3f70b1631
Instruction Fuzzy Hash: 72B12761E082A88AF7208624DC547EA7B75EF91304F1480FED54DAB282D77E4FC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 0042A069 Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 237
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: a404cf491223880631ade48ad136200e94c869158c0bc4fc272141b3fbd5bbcf
Instruction ID: 09d0502a3806edb17600b2ff1cc3627363e6b3b5c97746cb6557300a4d6921ff
Opcode Fuzzy Hash: a404cf491223880631ade48ad136200e94c869158c0bc4fc272141b3fbd5bbcf
Instruction Fuzzy Hash: 08A1C561E092A8CEF720CA24DC547EA7B71EF91304F1480EEC44DAB682D67D4ED58F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042A07B Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 232
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: e5101a50a626bb0405d5dd08651e7356ffce024f52a2f568cecf173c09c679c0
Instruction ID: 81c1ccd5fb766e7ce1cc3aebdccb65dc24454f2d4742b167386fdc95dc897bca
Opcode Fuzzy Hash: e5101a50a626bb0405d5dd08651e7356ffce024f52a2f568cecf173c09c679c0
Instruction Fuzzy Hash: 49A1D361E092A8CEF720CA24DC547EA7BB1EF91304F1480EEC44DAB682D67D4ED58F56

Uniqueness

Uniqueness Score: -1.00%

Function 00429E1E Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 229
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 4692a39deaa9895e9ded9ae2657e47d239872a0324c51430a294db346f2b9fef
Instruction ID: 7eb98541595dee7a7945a7a0be64ec37d6dfa913330b4bd214cfaf62351e1839
Opcode Fuzzy Hash: 4692a39deaa9895e9ded9ae2657e47d239872a0324c51430a294db346f2b9fef
Instruction Fuzzy Hash: 23A1E561E092A8CEF721CA24DC547EA7B75EF91304F1440EEC44DAB282D67E4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00419721 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 508COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 0a59c337ecbea0f9e701953f5730ffbf551511e3e93fbc27cf4bdd7319aecd5c
Instruction ID: 577b512b28cd195ba39b4d3ba185ab9eab16c9cda6297b27550dcd4edb28645d
Opcode Fuzzy Hash: 0a59c337ecbea0f9e701953f5730ffbf551511e3e93fbc27cf4bdd7319aecd5c
Instruction Fuzzy Hash: F222B3B1D041688BEB24CA14DC54BEABBB5FF91304F1480EAC44DA6281DA7D5FC5CF96

Uniqueness

Uniqueness Score: -1.00%

Function 004240E4 Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 498COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 2a04854dd1b767e4921c076b02cd63c35fb89aa4b4672a5af85f49ccca99ce58
Instruction ID: 965cd54684f280c2dc00abca7171974174454b066b1a38fde558c9105d1a0494
Opcode Fuzzy Hash: 2a04854dd1b767e4921c076b02cd63c35fb89aa4b4672a5af85f49ccca99ce58
Instruction Fuzzy Hash: 3712F3B1E042688EF720CA24EC54BEB7B75EB91304F1480FAD84DA6281D77D5EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00417520 Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 481COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 26c88fee5412da1bdc846bd65633d4607c2b86c8ffb93394e1365fbfce974efc
Instruction ID: 753b1c244095fc56ed8ad1e6fe7dd03ced5c1435b1b6ec398f6ad076f87ab942
Opcode Fuzzy Hash: 26c88fee5412da1bdc846bd65633d4607c2b86c8ffb93394e1365fbfce974efc
Instruction Fuzzy Hash: 650224B1E082648AFB208A28DC547EF7B75EF91314F1440FAD44DAA681D67D4FC1CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419EAF Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 405COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 5190393db03f76e3848eb638011720dfd880acdef8c5032aadbebce48a1d21f7
Instruction ID: ef247d913ccedcb2d034670508b65c7fbba415cad01cd29a2181a3c4a385b5ae
Opcode Fuzzy Hash: 5190393db03f76e3848eb638011720dfd880acdef8c5032aadbebce48a1d21f7
Instruction Fuzzy Hash: 6EF1E2B1E042688EEB20CA24DC54BEABBB5EF91304F1440EAD44DA7281D77D5EC6CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00420983 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 371COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: c4e8a9df2fc445df65cf08925518186d93f760bc8c19b30ae9ef5d86171b77df
Instruction ID: 3b3014f66e223179fcf3c2ef7a1c954a2cc3d01a98ac884cd3eefce362a08854
Opcode Fuzzy Hash: c4e8a9df2fc445df65cf08925518186d93f760bc8c19b30ae9ef5d86171b77df
Instruction Fuzzy Hash: B7F114B1E042688FEB20CB14DC44BEABBB5EB94304F1480EAD44DA7281D77D5EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004178B7 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 369COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 9e53bee51d6bc5119b8d64d799a06a25f3cb181691fae0d2b2c90f46881508da
Instruction ID: efea39bbefcc03feb2716f7fab9a9b6629d2d6d276a31495388d56de9b40ea02
Opcode Fuzzy Hash: 9e53bee51d6bc5119b8d64d799a06a25f3cb181691fae0d2b2c90f46881508da
Instruction Fuzzy Hash: AEE104B1D082688AF7208A24DC54BEE7BB5EF91304F1480FBD44DAA681D67D4FC5CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FA63 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 369COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 9585b14baa46bcb509e434689918162bcafe5a59851cc7be304d2a134d7a7ea4
Instruction ID: 32af640e950c1598e8e92e9a77faa2e3bef4b4f056e422a7ea478d2608bf9db4
Opcode Fuzzy Hash: 9585b14baa46bcb509e434689918162bcafe5a59851cc7be304d2a134d7a7ea4
Instruction Fuzzy Hash: A4E1B1B1E042688EEB20CA24DC547EABB75EF95304F1480FAD44DA7281D77D4EC68F66

Uniqueness

Uniqueness Score: -1.00%

Function 00420BDF Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 335COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 684b05896833f62ab9a69c7ef6e7bd97d8ab17572ee3cd26f6e8af138ad68476
Instruction ID: 1a43fe21fcd33f2ef6378d4d228180743be30049d7c7cd10349bae0391fac1e2
Opcode Fuzzy Hash: 684b05896833f62ab9a69c7ef6e7bd97d8ab17572ee3cd26f6e8af138ad68476
Instruction Fuzzy Hash: DFE103B1E042688EF7208A24DC54BEA7BB5EB95304F1480FAD44DA7281DB7D5EC18F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB2D Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 326COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: dc0325ec88912d670dc227b135d6e6eb646767749cb1fb6a3f505e144f4e8f46
Instruction ID: fd8d5b21d1bb5ff1c4dd106f09fe3e26c6ff53f5b848b64f9e83df644913537f
Opcode Fuzzy Hash: dc0325ec88912d670dc227b135d6e6eb646767749cb1fb6a3f505e144f4e8f46
Instruction Fuzzy Hash: 3ED1C4B1E092688EF720CA24DC547EA7BB5EB91304F1440FAD44DA6281D77D4FC68FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041A132 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 315COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 5aed382556884ab8156247f7b37de7b866cdb32553bde907be680b9ff1d53aac
Instruction ID: 97739118d0b9c91ffcf1ff2281601e6f93ae57a9857407558f6938c50ae739e4
Opcode Fuzzy Hash: 5aed382556884ab8156247f7b37de7b866cdb32553bde907be680b9ff1d53aac
Instruction Fuzzy Hash: 6ED1F471E092689AFB20CA24DC547EA7B75EF91304F1480EAD44DA6281DA7D4FC1CF96

Uniqueness

Uniqueness Score: -1.00%

Function 004244CB Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 314COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: d2ce7193e4a98849d762640dbe8f3fa7ae3ab5f7420b0e4697ecd1a683a12b15
Instruction ID: 5fb2c5ad1fa97d0d7e6baf0ec773e463b25fe6f7c93cc16a0d444822345c5cef
Opcode Fuzzy Hash: d2ce7193e4a98849d762640dbe8f3fa7ae3ab5f7420b0e4697ecd1a683a12b15
Instruction Fuzzy Hash: 86D1F3B1E04268CBF720CA24EC547EA7B75EB95304F1480EAD44DAB281D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00419A53 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 314COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 049b7cc875722c6b28d7fe7503861e988047eb9c841f31a32b1ad35376f7e494
Instruction ID: dd12a78761a25971cec3145745e35783a0aad19f0c1f58c8ef3904b4c15be699
Opcode Fuzzy Hash: 049b7cc875722c6b28d7fe7503861e988047eb9c841f31a32b1ad35376f7e494
Instruction Fuzzy Hash: 7AD1F7B1D082648EFB208A24DC547EA7BB5EB91304F1480FAD54DA6281D77D4FC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 0041FBBC Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 307COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 9b29c114a721e9e3c8a9f623764e30b860ddb205b0f8e0056a8910a8600191e7
Instruction ID: 849fa87868217345915cd25ac527c3ec5d18dd56dfa78612549b6539ea37607f
Opcode Fuzzy Hash: 9b29c114a721e9e3c8a9f623764e30b860ddb205b0f8e0056a8910a8600191e7
Instruction Fuzzy Hash: 51D1D3B1D082688EF7208A24DC547EA7B75EB91314F1480FAD44DA7281D77D4FC68FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419BE0 Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 306COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 55b8f0b5c09a5802a530d9e921294500008d07d6fc08e3c459745c655aca1137
Instruction ID: d908ea10d4cf00f9efe1043eb2988292ca124c5c0cb1e52432dba27be8ca8fa6
Opcode Fuzzy Hash: 55b8f0b5c09a5802a530d9e921294500008d07d6fc08e3c459745c655aca1137
Instruction Fuzzy Hash: 26C1F5B1E08268CEF720CA24DC54BEA7B75EB91304F1480EAD44DA7681D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419C3A Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 301COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: a89ccd8119d8eab429c5a24b4ed4070fff47eabb529e8ced8d1e27cc55abd8af
Instruction ID: 5d81bc613649bd26edadc0dd1544d9178432a78201966a96985932fae28bc186
Opcode Fuzzy Hash: a89ccd8119d8eab429c5a24b4ed4070fff47eabb529e8ced8d1e27cc55abd8af
Instruction Fuzzy Hash: A1C1D3B1E082688EF720CA24DC54BEA7B75EB91314F1480EAD44DA7281D77D4FC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041FBFD Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 299COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 3951e7447a4a92cb199d0bdf8331359ce60c6fbf2d25f723dcf148aedb433967
Instruction ID: 47aa006e177c02f25b2762b425209840d9bacf844e52422f3ad27835ba065958
Opcode Fuzzy Hash: 3951e7447a4a92cb199d0bdf8331359ce60c6fbf2d25f723dcf148aedb433967
Instruction Fuzzy Hash: F2C1D4B1E092688EF720CA24DC547EA7B75EB91304F1480FAD44DA7281D67D4FC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041FBEE Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 298COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: cb16271075f0dc24b7979fc154aca26276ce730a1ad7f6ebebbddb5c2aa19c83
Instruction ID: 47f50cf7a3ff2e333de9ba99a4970d03574423355f3c63b278f22f02339d5bcf
Opcode Fuzzy Hash: cb16271075f0dc24b7979fc154aca26276ce730a1ad7f6ebebbddb5c2aa19c83
Instruction Fuzzy Hash: DAC1D3B1E092688EF720CA24DC547EA7B75EB91304F1480FAD44DA7282D67D4FC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419C8E Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 297COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 13fa8a55dc35e280d159d0a5276088863f09a3811046bbf7b78f335fa5b9ff60
Instruction ID: 5c014255b732d4f4bcba14e365b7ff1f400a2b2dbad3ef38c3c3a337f5b1d374
Opcode Fuzzy Hash: 13fa8a55dc35e280d159d0a5276088863f09a3811046bbf7b78f335fa5b9ff60
Instruction Fuzzy Hash: 4DC1B5B1E082688EF720CA24DC547EA7B75EB91314F1480EAD44DA7281D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041FC52 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 296COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 6419d4b7d5ffb1ae6e670f50f61bfb9c091fb25f8c8bd777018b86fc05412134
Instruction ID: 5ac5323edd76e8201530b3ec886002163502653c7b4626fffc48d48020aad8fc
Opcode Fuzzy Hash: 6419d4b7d5ffb1ae6e670f50f61bfb9c091fb25f8c8bd777018b86fc05412134
Instruction Fuzzy Hash: 8DC1D2B1E042688EF720CA24DC547EABBB5EB91304F1480EAD44DA7281D77D4FC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041FA11 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 293COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 56806f4a9041eaa0161b943e098f1359bad230883f1e21d1e5543762a5315258
Instruction ID: 6e9d78076d50dcdcb9aab4f22b4be896b3239fdd5ee814bcd0f18ff4d8b87da2
Opcode Fuzzy Hash: 56806f4a9041eaa0161b943e098f1359bad230883f1e21d1e5543762a5315258
Instruction Fuzzy Hash: 56C1D3B1E092688EF7208A24DC547EA7B75EB91304F1480EAD44DA7282D77D4FC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419C1C Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 293COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 320c00ffa90b267d1992b140b0069a64b1ba2a9534962d2d7751d24e1862e673
Instruction ID: 8e75864982a730dc9b6d27fe2d8dd45b07750c84f1299e0fc5931b6e570a6261
Opcode Fuzzy Hash: 320c00ffa90b267d1992b140b0069a64b1ba2a9534962d2d7751d24e1862e673
Instruction Fuzzy Hash: F3C1C3B1E092688EF7208A24DC54BEA7B75EB91304F1480FAD44DA7281D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042432C Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 288COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: b202d3c6ae7ab6714a0dc2cb2ec544f147e54fa19f71fa37d67bacdbc98444bd
Instruction ID: da6c29c6eb0726a2d025ad4468915cfd876258246d4bf1002159566de6874fd1
Opcode Fuzzy Hash: b202d3c6ae7ab6714a0dc2cb2ec544f147e54fa19f71fa37d67bacdbc98444bd
Instruction Fuzzy Hash: F0C1C4B1E092688AF720CA24DC547EA7B75EB91304F1480EED44DAB281D77D4EC68F66

Uniqueness

Uniqueness Score: -1.00%

Function 00417942 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 284COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: cdb5d140714881c8ee66cd82806d397c19e978e873463869ee7dca2b4f2e200f
Instruction ID: 69c8e3ac3c7314acd24a0cc4231baae006935234e72b358e752f1d5058617adb
Opcode Fuzzy Hash: cdb5d140714881c8ee66cd82806d397c19e978e873463869ee7dca2b4f2e200f
Instruction Fuzzy Hash: 0EC1D2B1D092688EFB208A24DC547EA7B75EF91304F1480FEC44DAA682D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00419E7B Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 284COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 882412798606a3a4e2da2af5082f6294fd611c373421f77e764d3b9f6ec1a53a
Instruction ID: 1e9c4151783ddd0680a8078257a46a922bc5e4d8aaf6d34a321a96aae8005128
Opcode Fuzzy Hash: 882412798606a3a4e2da2af5082f6294fd611c373421f77e764d3b9f6ec1a53a
Instruction Fuzzy Hash: 99C1C3B1E082688EF720CA24DC54BEA7B75EB91314F1480FAD44DA7281D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00417992 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 283COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 172c8be2d75d3a89a9f37eda0643fe6e9ea5e2f5e5da097ac5c5177823f8c3c3
Instruction ID: e988074202627162e4f72c10e64ba5dd3c33e3183472b35204dacef16b7e58d5
Opcode Fuzzy Hash: 172c8be2d75d3a89a9f37eda0643fe6e9ea5e2f5e5da097ac5c5177823f8c3c3
Instruction Fuzzy Hash: E2C1E3B1D092688EF7208A24DC547EA7B75EF91304F1480FAC44DAA682D77D4FC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004178FA Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 279COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 72909a12d2723cbefcfa6fc03a534efcb657a26117d7637f0fd687a512d6454f
Instruction ID: f8276d55566a882495a189266f85bb8932b468716da404774b85b92d36ec37b1
Opcode Fuzzy Hash: 72909a12d2723cbefcfa6fc03a534efcb657a26117d7637f0fd687a512d6454f
Instruction Fuzzy Hash: 4AB1D4B1D092688EF7208A24DC547EA7B75EF91304F1480FAC44DAA682D77D4FC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCB4 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 278COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: bef3b56d180f6746fbc74a5bf4fad82b5aefaf593432e94f1b7ff89236cf879c
Instruction ID: fa6b51c4194705cf8de1332239dc6bfd43ee6fb6fc51d6b80e2960e8c23d9474
Opcode Fuzzy Hash: bef3b56d180f6746fbc74a5bf4fad82b5aefaf593432e94f1b7ff89236cf879c
Instruction Fuzzy Hash: 8BC1D3B1E092688EF720CA24DC547EA7BB5EB91304F1480EAD44DA7282D77D4FC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00421010 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 275COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 5d7c8b6eb0f353e7b1b392bebd20ea2cb6a39efe914a76c62d8595c55b91360f
Instruction ID: 8dfba0cba4bf3fe72fa40fca24fc758a7ca8c6716c77a3ab77ce8967f40187b0
Opcode Fuzzy Hash: 5d7c8b6eb0f353e7b1b392bebd20ea2cb6a39efe914a76c62d8595c55b91360f
Instruction Fuzzy Hash: D0C1B1B1E082A8CAFB208A24DC547EA7B75EB95304F1480EAD44DA7281D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00424529 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 269COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 45cfe2ae794d457cd1baf5fada14d485177ad1a243e01e07a29808af8921ade1
Instruction ID: 0158739eb74bc2dffa77fb98f0ce9e17f00ef12db8a277a007311c1834cbd0ea
Opcode Fuzzy Hash: 45cfe2ae794d457cd1baf5fada14d485177ad1a243e01e07a29808af8921ade1
Instruction Fuzzy Hash: 49C1E371E08268CEF720CA24DC547EA7B75EB95304F1480EAC44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCD9 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 267COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 25de602cae12a5b3a0c404aaa64e8e67a3de4bfecbe4a6ffee79d07cd28f8910
Instruction ID: c3afb091eb974861b2f45846620d976eec0e0cfd134a4c53dda89943ad9ae229
Opcode Fuzzy Hash: 25de602cae12a5b3a0c404aaa64e8e67a3de4bfecbe4a6ffee79d07cd28f8910
Instruction Fuzzy Hash: CAB1C5B1D092688EF720CA24DC547EA7BB5EB91304F1480EAD44DA7282D77D4FC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00419B29 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 266COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 30daf174e24ad7fb6a016afc54153b50acda06ae9efb5d8127f1865cf9e46bfe
Instruction ID: 59a4e48292a73132637a44e0f86a1d841e34ad3c01d7647aa4c2fb530e8af14e
Opcode Fuzzy Hash: 30daf174e24ad7fb6a016afc54153b50acda06ae9efb5d8127f1865cf9e46bfe
Instruction Fuzzy Hash: 77B1E6B1E092A48AF720CA24DC547EA7B75EF91304F1480EED44DAA282D77D4FC58F56

Uniqueness

Uniqueness Score: -1.00%

Function 00424542 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 261COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: a8a79b35f0e43d29a978c54ddeb745f92a04f5a2bd3e2fd5fb1d49db62561083
Instruction ID: a29b6a600aad6638065c1b358ec204ab774710ef24f85fb1c26a998c6d5c085e
Opcode Fuzzy Hash: a8a79b35f0e43d29a978c54ddeb745f92a04f5a2bd3e2fd5fb1d49db62561083
Instruction Fuzzy Hash: 10B1D371E09268CEFB20CA24DC547EA7B75EB95304F1480EAC44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004176C4 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 261COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 896cf14707a9c547075f91e47d4d95977db95fd2bbf66ed01dd1eed0a9883cb6
Instruction ID: d956f4941bc01f3c1ef40662104a03e76e7cdfdeffe418017dd0c233fb784b37
Opcode Fuzzy Hash: 896cf14707a9c547075f91e47d4d95977db95fd2bbf66ed01dd1eed0a9883cb6
Instruction Fuzzy Hash: 87B1C361D092A8CAFB20CA24DC547EA7B75EF91304F1480EED44DAA282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041F4B5 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 260COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: daa9af374ad90f79263bf19bb6e06336727232978bf79078263eede30d075902
Instruction ID: 1da966bb5ca691373cd9ed9442830b252e88b0fc217b782d31f732aac84e53de
Opcode Fuzzy Hash: daa9af374ad90f79263bf19bb6e06336727232978bf79078263eede30d075902
Instruction Fuzzy Hash: 67B1D3B1E092A8CEF720CA24DC547EA7B75EB91304F1480EAD44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004176BF Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 259COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 4153cf391590651b37ee5990fe399a8632c1839678cfdb6bcccd95fafa768e48
Instruction ID: e333d4a1455332912252afbb9db313da5ee8c571ff2fc710911d5d0a6673a2ea
Opcode Fuzzy Hash: 4153cf391590651b37ee5990fe399a8632c1839678cfdb6bcccd95fafa768e48
Instruction Fuzzy Hash: D6B1D3B1D09268CAFB20CA24DC547EA7B75EF91304F1480EEC44DAA282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0042A1C6 Relevance: 17.8, Strings: 14, Instructions: 291COMMON

Download Yara Rule

Strings

4J65, xrefs: 0042A1C6
_W, xrefs: 0042A270
b, xrefs: 0042A7A3
L, xrefs: 0042A779
W, xrefs: 0042A7C6
a, xrefs: 0042A7B1
a, xrefs: 0042A787
y, xrefs: 0042A7BF
r, xrefs: 0042A7AA
r, xrefs: 0042A7B8
o, xrefs: 0042A780
i, xrefs: 0042A79C
d, xrefs: 0042A78E
L, xrefs: 0042A795

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: 4J65$L$L$W$_W$a$a$b$d$i$o$r$r$y
API String ID: 0-3355539177
Opcode ID: a97d4cc113ebb3e0f5e676693c3124e0e828b432e8d5ad01936e821dc51b31a0
Instruction ID: c870d39a1e6ec9fbfeb667d135367aff393454b65d48718aa7a1c76de6aa63cb
Opcode Fuzzy Hash: a97d4cc113ebb3e0f5e676693c3124e0e828b432e8d5ad01936e821dc51b31a0
Instruction Fuzzy Hash: 81A158A1D055949FF7108624EC55BE77B35DF92314F0480FED90D8B282E27D4AD68B27

Uniqueness

Uniqueness Score: -1.00%

Function 0042A292 Relevance: 15.2, Strings: 12, Instructions: 213COMMON

Download Yara Rule

Strings

y, xrefs: 0042A7BF
r, xrefs: 0042A7AA
b, xrefs: 0042A7A3
r, xrefs: 0042A7B8
o, xrefs: 0042A780
i, xrefs: 0042A79C
L, xrefs: 0042A779
W, xrefs: 0042A7C6
d, xrefs: 0042A78E
a, xrefs: 0042A7B1
L, xrefs: 0042A795
a, xrefs: 0042A787

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 83935016a57ee8c57141f41c99c41a338d4d73e06c422e946e33907845effc85
Instruction ID: f76d661734a0b819ab7ebef7f03cae383c1061b68d89681948c337a7ea438746
Opcode Fuzzy Hash: 83935016a57ee8c57141f41c99c41a338d4d73e06c422e946e33907845effc85
Instruction Fuzzy Hash: 4C8104A1D056A49EF710C624DC54BE7BB31EF91304F0480FED90D9B281E67D0ED58B26

Uniqueness

Uniqueness Score: -1.00%

Function 004131B4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 312memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: bab1feca1b052e1cdae5a8e9dd3dc580568ad3c3fbf79d6026c70c5912c3286f
Instruction ID: a607905601a1f7cd0259f9b13517b5d79ff7ae53a7bffd3201881f513dd68077
Opcode Fuzzy Hash: bab1feca1b052e1cdae5a8e9dd3dc580568ad3c3fbf79d6026c70c5912c3286f
Instruction Fuzzy Hash: 01B1C2B2D041289BE7248F24DC94AFB7778EB84311F1441FAE84E67280EA7C5FC58E56

Uniqueness

Uniqueness Score: -1.00%

Function 0042C70B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 306COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

, xrefs: 0042CB02

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-399585960
Opcode ID: 53fc250e7799103ece4d591654fd783efc7d7865a6ffa5b3acd9ca0e1a21c606
Instruction ID: 42954ee690b67015582385570d829e83301bab0bf36e449c2fcdccfbd9317a8b
Opcode Fuzzy Hash: 53fc250e7799103ece4d591654fd783efc7d7865a6ffa5b3acd9ca0e1a21c606
Instruction Fuzzy Hash: FED16BB5E042698BDB24CB14DD84BEEB7B6BB84300F5082EAD90EA7240D7795EC1CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00423339 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 277nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Strings

<7=N, xrefs: 004233AB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID: <7=N
API String ID: 2949231068-1091653433
Opcode ID: 2088d4af088bb0f8259783056369511b49f1c8ceb1eacbab4339064bae09aa9b
Instruction ID: 634b4426856eea8f2d55890fe17bd18c582be7c2727ae310a669b177639ed918
Opcode Fuzzy Hash: 2088d4af088bb0f8259783056369511b49f1c8ceb1eacbab4339064bae09aa9b
Instruction Fuzzy Hash: C1A1F6B2E001249BE710CB55EC84BFBB775EB80315F5441BAE90DA6280E67C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00423B4F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

BA6D, xrefs: 00423B4F

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID: BA6D
API String ID: 2949231068-2578234529
Opcode ID: 339cfb2ae3d4a0d51659a7d6df67bbdca6ac49dc74ec87cbab8fde6e5eae12ec
Instruction ID: 143e599173e9ad8d6a3974079d78efc82c9ba2c94b7dc276e684240d54ede80e
Opcode Fuzzy Hash: 339cfb2ae3d4a0d51659a7d6df67bbdca6ac49dc74ec87cbab8fde6e5eae12ec
Instruction Fuzzy Hash: C4A1C4B1E001289AE724CF55EC84BEBB775EB80315F5081FAE90DA6680D63C5FC6CE56

Uniqueness

Uniqueness Score: -1.00%

Function 00422287 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Strings

MHJG, xrefs: 00422287

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID: MHJG
API String ID: 2949231068-3567120440
Opcode ID: 52c192f92d0d2d46ee80ef58b6a7b31d220bfd5b6a1e275ed4793a2cae775180
Instruction ID: 6781c8197781d32c5149678a0ef0eed29efd1b6a6e7ca71eafd12aee7da1c08f
Opcode Fuzzy Hash: 52c192f92d0d2d46ee80ef58b6a7b31d220bfd5b6a1e275ed4793a2cae775180
Instruction Fuzzy Hash: 97219FB1E04228AFE7108A24DD94BEBB674EF55300F4101FED90D96681E7B85FC18E56

Uniqueness

Uniqueness Score: -1.00%

Function 00423B73 Relevance: 1.9, APIs: 1, Instructions: 438nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: e636488aad83f17952412810095bf30896cca97d7830dc833a414dc2445dbeef
Instruction ID: 4968946c4c983c6979a81bd9d87ef31bf33f1bce2d3d0de67859a569abb68ffa
Opcode Fuzzy Hash: e636488aad83f17952412810095bf30896cca97d7830dc833a414dc2445dbeef
Instruction Fuzzy Hash: BF025DB1E042288BEB24CF15EC90BEAB7B5EB84315F5481EAD90D66680D6385FC2CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0042312D Relevance: 1.9, APIs: 1, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d99b067a5cdc07854b813b1886b7949187ccc7b2a7b6e0a49f38dd463459eb4
Instruction ID: 5cd6e24770d9bfa72f5e8e631154c3242f7ccc52f734e39f0f17002653d89e57
Opcode Fuzzy Hash: 9d99b067a5cdc07854b813b1886b7949187ccc7b2a7b6e0a49f38dd463459eb4
Instruction Fuzzy Hash: 39E1F4B1E041389AE7248B15EC44AFAB775EB80311F5041FAD909A6680E77C5FC2CF66

Uniqueness

Uniqueness Score: -1.00%

Function 004232B1 Relevance: 1.9, APIs: 1, Instructions: 395nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: a1d46ccfec96df919c486b054e4b67d4758cfd5c46a913d4b28d95eb92b38109
Instruction ID: 9b35428a0a06d9664d9b12f8652f9a34db716a94fb6b0ea09732ad8b6c4a6caf
Opcode Fuzzy Hash: a1d46ccfec96df919c486b054e4b67d4758cfd5c46a913d4b28d95eb92b38109
Instruction Fuzzy Hash: 14E1E4B2E041249AE724CB15EC44AEBB775EB80311F5481FAD90DA6680E67C5FC2CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00422415 Relevance: 1.8, APIs: 1, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 607893e7a1466c1b42d8a5fa8a42829c2dbb7543fe05b9596607be2280192667
Instruction ID: f6fc4e8427c11d020961cd6a694a20d226565bc051789722f385d7f2ce772df0
Opcode Fuzzy Hash: 607893e7a1466c1b42d8a5fa8a42829c2dbb7543fe05b9596607be2280192667
Instruction Fuzzy Hash: 5DD15DB1E042689FEB24CF14DD90AEAB7B5FF44300F5441EAD90966241E7B8AEC1CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00423080 Relevance: 1.8, APIs: 1, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 8da9b99fdc0f9abbcd37e9466f8d1d87b103b21f8c067aa8e448f4ba7be370eb
Instruction ID: 50c5229e1d99a6323e75ab9650c94a8c7f74731cdd497d0ed445c41fdf62dc38
Opcode Fuzzy Hash: 8da9b99fdc0f9abbcd37e9466f8d1d87b103b21f8c067aa8e448f4ba7be370eb
Instruction Fuzzy Hash: 6CB1E5B2E041249AE710CB15EC84BEBB775EB81311F5481BAD90DA6280E67C5FC6CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00423033 Relevance: 1.8, APIs: 1, Instructions: 317nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 94a761a9d8388eb017d22c3fcc81456632b4f36ef1f9ab730b62bca797ef10d7
Instruction ID: 09ef96a58ce53e0b5330bf76f1091c405cfd22e0ae675d171482d07dc5f112fc
Opcode Fuzzy Hash: 94a761a9d8388eb017d22c3fcc81456632b4f36ef1f9ab730b62bca797ef10d7
Instruction Fuzzy Hash: 7EB106B2E041249AE710CB15EC84BFBBB74EB81315F5441FAE90D96280E63C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00423020 Relevance: 1.8, APIs: 1, Instructions: 297nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 10e3a9e33878c0048820469aa3bd11d56df786f554288695ddda579cf9a2ab3d
Instruction ID: 363ad32c0718437c57911a7e2cc60ee613f807482ed7c474ce350c3ecc4d2635
Opcode Fuzzy Hash: 10e3a9e33878c0048820469aa3bd11d56df786f554288695ddda579cf9a2ab3d
Instruction Fuzzy Hash: FBA117B2E041249AE7108B15EC84BFBBB74EB81315F5441FBE90996280E63C5FC6CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00423291 Relevance: 1.8, APIs: 1, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: e9a675950e3fc58aef3942f1c52778f92e3d91437087dd3e8e81847471304d78
Instruction ID: ff6b9877bb5633c77bc3c34f736706ec8edc8a45008605f2fb182e37de2d56a5
Opcode Fuzzy Hash: e9a675950e3fc58aef3942f1c52778f92e3d91437087dd3e8e81847471304d78
Instruction Fuzzy Hash: 35A107B2E041249AE710CB15EC84BFBB775EB81311F5441BBE90D96280E67C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00423B4A Relevance: 1.8, APIs: 1, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: e85e191c903cffb1b3736281286ad70c3bf982e3028991645b154a2bdf000630
Instruction ID: fd68b594c81b481b10bf70117d255c884afaf0d691596a417923c7061a87939c
Opcode Fuzzy Hash: e85e191c903cffb1b3736281286ad70c3bf982e3028991645b154a2bdf000630
Instruction Fuzzy Hash: ADA1C3B1E001289AE724CF55EC84BEBB775EB80315F5081FAE90DA6680D63C5FC6CE56

Uniqueness

Uniqueness Score: -1.00%

Function 00423E30 Relevance: 1.8, APIs: 1, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 8d3be7bc11f4b7cbb2136abb6b16a7d5f745cd3b4edc7917e57a91a4c70e882b
Instruction ID: 66ac1cd2d1dd20cfe6babc4810b752acb94487c9e4ef301febff9a1648823636
Opcode Fuzzy Hash: 8d3be7bc11f4b7cbb2136abb6b16a7d5f745cd3b4edc7917e57a91a4c70e882b
Instruction Fuzzy Hash: 29A1E2B1E041289AE724CB55EC84AFFB775EB80315F5081FAD909A6280E63C5EC2CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00423DD6 Relevance: 1.8, APIs: 1, Instructions: 271nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: a2b82e421e75365e5177bf487e1e652a161f0d9bfe67dcd7295f1b0aaca190e1
Instruction ID: bc447bb7c070ab2cafe0ec9bfcc524053b4c61f6e8e31ee978d00c8afb7234b3
Opcode Fuzzy Hash: a2b82e421e75365e5177bf487e1e652a161f0d9bfe67dcd7295f1b0aaca190e1
Instruction Fuzzy Hash: 97A1B4B1E001289AE720CB55EC84BFBB775EB80315F5481FAD909A6680D63C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00423DE3 Relevance: 1.8, APIs: 1, Instructions: 268nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: d44c59cfef78cb978d44facd0a0612e6391e465a4d9978fd0a651817d8172d86
Instruction ID: 7c466d315e04f40860e5821e19575b99a419346111ded285d81054ddf11c1223
Opcode Fuzzy Hash: d44c59cfef78cb978d44facd0a0612e6391e465a4d9978fd0a651817d8172d86
Instruction Fuzzy Hash: C4A1B2B1E001289AE720CB55EC84BFBB775EB80315F5481FAD909A6680D63C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00423E4F Relevance: 1.8, APIs: 1, Instructions: 265nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 09caa0b66ea3baee9f5929873ef478c1add03bdf7316557cfe6cf18adc2682d3
Instruction ID: 57d2811607eb1a945249565cc06589b22f62bce8f2d0dcd62596991f978c5240
Opcode Fuzzy Hash: 09caa0b66ea3baee9f5929873ef478c1add03bdf7316557cfe6cf18adc2682d3
Instruction Fuzzy Hash: DCA1D3B1E041289AE724CB45EC84BFBB775EB80315F5481FAD909A6280D63C5FC6CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00423797 Relevance: 1.8, APIs: 1, Instructions: 253nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00423ECD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 9a8718ed69bb9760b0e82a21fc5583380cc822b0ae5e5c81e81b2174f930f07b
Instruction ID: e30f4fa121b47606e6adae894a92029d32ebe7f9b8a9276034147eabff3020cc
Opcode Fuzzy Hash: 9a8718ed69bb9760b0e82a21fc5583380cc822b0ae5e5c81e81b2174f930f07b
Instruction Fuzzy Hash: A991E9B1E001289AE710CB55EC44BFFB775EB80315F5481BAE90DA6680D63C5FC6CE66

Uniqueness

Uniqueness Score: -1.00%

Function 00413097 Relevance: 1.7, APIs: 1, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9bf5e0d7718d22b041de68d573f41fd515bfe054cf8a90504ecc70770eb367
Instruction ID: f7127e8455068c1a4de6a803897c3b99ff887b1038286171f300c9aaf47a45c8
Opcode Fuzzy Hash: 4f9bf5e0d7718d22b041de68d573f41fd515bfe054cf8a90504ecc70770eb367
Instruction Fuzzy Hash: 986107B2D042685BE7248F24EC44BEB7778EF84311F1441FAE84EA3241D6785FC68B96

Uniqueness

Uniqueness Score: -1.00%

Function 004130D4 Relevance: 1.7, APIs: 1, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d47534c8939f44f5eb5460bbc373944ba50ea2486014123ecc03215a687bd242
Instruction ID: 7442dfa3ad48c6bed062bec791dd5b04b098cfbf754fc19104adbd7e23babbeb
Opcode Fuzzy Hash: d47534c8939f44f5eb5460bbc373944ba50ea2486014123ecc03215a687bd242
Instruction Fuzzy Hash: 985105B2D042685BF7248F24EC54AEBB778EF84311F1441FAE84DA3341E6785EC68B56

Uniqueness

Uniqueness Score: -1.00%

Function 004130E5 Relevance: 1.7, APIs: 1, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5d808ed5c418e6caef1933777b295dddc11155d2d05a333c6fd4b464e95efb3d
Instruction ID: a23176ebaebdc1426d8303d02a86015c93f2788673123e5316d17f3230ef1d17
Opcode Fuzzy Hash: 5d808ed5c418e6caef1933777b295dddc11155d2d05a333c6fd4b464e95efb3d
Instruction Fuzzy Hash: 3F5115B2D052685BE7248B64EC44BEBB778EF84311F1441FAE84DA3341EA784AC68B55

Uniqueness

Uniqueness Score: -1.00%

Function 00413140 Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c70049f062924d52ec58ad010d759d952f6b032f5395ae776d54ab3781d4f12c
Instruction ID: 67b493e3bdc99af69e787dc3e84b17a9e6bda8e748653abc6a9d7f266a278aae
Opcode Fuzzy Hash: c70049f062924d52ec58ad010d759d952f6b032f5395ae776d54ab3781d4f12c
Instruction Fuzzy Hash: 6D4106B2D052685BEB249B64EC40BEBB778EF85311F0441FAE84DA3241D67C4EC6CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00422270 Relevance: 1.6, APIs: 1, Instructions: 122nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 3b4caab91ee10b727008f3879f5e9c3d6628229946894e7995a842b84351a3b1
Instruction ID: b9dbf8bc492afdfedbb6b8c3b621cc7a135cf6fb754fd56278233ab4c0be0e35
Opcode Fuzzy Hash: 3b4caab91ee10b727008f3879f5e9c3d6628229946894e7995a842b84351a3b1
Instruction Fuzzy Hash: 3B41D2B2E04128AFE7148A10DD95BE7B768FB41310F1141BFD90E66280D6FD5FC28E52

Uniqueness

Uniqueness Score: -1.00%

Function 004228F0 Relevance: 1.6, APIs: 1, Instructions: 96nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 24a2192e318c077a4295e23f7f3dc0e0d502faf6c131409a9c2973ec53938d4f
Instruction ID: 93dce212ba7d6c5e3a93ae38d042553ec6db6a4f15866911005304c7713afa48
Opcode Fuzzy Hash: 24a2192e318c077a4295e23f7f3dc0e0d502faf6c131409a9c2973ec53938d4f
Instruction Fuzzy Hash: 943128B2E046349BF7208A15DC84ADBBB74EB95310F0141FAD90D62281E27C5EC28F96

Uniqueness

Uniqueness Score: -1.00%

Function 00422276 Relevance: 1.6, APIs: 1, Instructions: 81nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 03065340972cfdbf8de1c747b8626c7d63e62c64eeb713ba711efbeb4dbe188d
Instruction ID: ca63c1fa5c83c1632616cd95f1fb84203cec05b71b2e11d9869638bd40f771c2
Opcode Fuzzy Hash: 03065340972cfdbf8de1c747b8626c7d63e62c64eeb713ba711efbeb4dbe188d
Instruction Fuzzy Hash: 242191B1E00238AFE7108A14DE84BEBB674EF45310F4141FAD90D56640D7BD5FC28E56

Uniqueness

Uniqueness Score: -1.00%

Function 004224DC Relevance: 1.6, APIs: 1, Instructions: 75nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 8a46d9d5002df03e68f0b95e0a58d0d1fc20fe0c89ef543ff4fd49c18383778d
Instruction ID: abff26edf43f5220224eacce90d003170c0664fc8a2fc7cc8566cb570a8060cc
Opcode Fuzzy Hash: 8a46d9d5002df03e68f0b95e0a58d0d1fc20fe0c89ef543ff4fd49c18383778d
Instruction Fuzzy Hash: 8B21A1B1E00228AFE7148A14DD94AEBB774EF45300F4101FED90E96681EAB95FC28E56

Uniqueness

Uniqueness Score: -1.00%

Function 0042256F Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: b0896473a8297efa1b092509d85c1cf40edab84ed1a458b6e097f130a9dee745
Instruction ID: 105e7893f30993a6437349985e4c91c225f0f65bfa7b9092550368007786bfc8
Opcode Fuzzy Hash: b0896473a8297efa1b092509d85c1cf40edab84ed1a458b6e097f130a9dee745
Instruction Fuzzy Hash: 86216FB2E042289FE7148B24DD84BEAB774FF45310F4102FED54996681E6B85FC28F56

Uniqueness

Uniqueness Score: -1.00%

Function 004227F8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 704e11245184026f6464df6fe4873d7aef1c9b420015a5e5f92d481e7885d359
Instruction ID: 147d134645688ef4431b0e60cf8c0078fc7ccfaa13829f11312d40dfce7f2b9e
Opcode Fuzzy Hash: 704e11245184026f6464df6fe4873d7aef1c9b420015a5e5f92d481e7885d359
Instruction Fuzzy Hash: 1921DA70E056689FEB149B20DD907EAB770EF51300F5442EFD949A6281EB788EC5CF15

Uniqueness

Uniqueness Score: -1.00%

Function 00422814 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 9365753382c200d75de5543274bdcfc19d142748146715b191d7a1e6aa02e0c3
Instruction ID: 41802a7a3316877f84f446239c5e6af323c37b99beb14bd03180a466c120221a
Opcode Fuzzy Hash: 9365753382c200d75de5543274bdcfc19d142748146715b191d7a1e6aa02e0c3
Instruction Fuzzy Hash: B111B4B0E042689FEB149B10DD907EAB770EF11310F1042EFD54AA6281EAB84EC1CF56

Uniqueness

Uniqueness Score: -1.00%

Function 0042258A Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 86730acab1941bf7b24ad7f05bd5f565b9455975e4cccf7577c094838560456a
Instruction ID: d4d17531809de938f6e1a5161caa35cd94cf24579bf87c87c7edd2631fee1681
Opcode Fuzzy Hash: 86730acab1941bf7b24ad7f05bd5f565b9455975e4cccf7577c094838560456a
Instruction Fuzzy Hash: B0113DB1E002289FEB248B24DD84BDAB774FF45300F4102FAD94996681E6B95FC28F55

Uniqueness

Uniqueness Score: -1.00%

Function 00422873 Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: d31fe64145b4fa17f9decec986cba14d777306afda1757072324abcdb1754e0b
Instruction ID: 9c57864628f237ad241c4eddb5ec5369c97632d15932387105b5109d8392b6d1
Opcode Fuzzy Hash: d31fe64145b4fa17f9decec986cba14d777306afda1757072324abcdb1754e0b
Instruction Fuzzy Hash: A8116DB1E046699FEB24CB51DD807EAB7B0EF05310F1046EAD949A6281DBB84EC5CF06

Uniqueness

Uniqueness Score: -1.00%

Function 00421DAD Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 1ae663413608fdaced8d79c4efda4df1b8239b9380560c1e69fb473b88e438b1
Instruction ID: 4361e342e20293ece2c2abf4e827746680cae3a4b7efac08521654b12889fa1d
Opcode Fuzzy Hash: 1ae663413608fdaced8d79c4efda4df1b8239b9380560c1e69fb473b88e438b1
Instruction Fuzzy Hash: F7F0A7A1F056289BE7108B61DD85BDAF674EF64304F4102FE9909D6681E7F80FC28B46

Uniqueness

Uniqueness Score: -1.00%

Function 00421DB2 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 71b4fadb667bccaa05bae535feb89262ce108ab97240efa6f148f534ddef6d2e
Instruction ID: 95705ee818329e38cd4cc18deca9abd5eb6783afb4763171abb49e69a554680f
Opcode Fuzzy Hash: 71b4fadb667bccaa05bae535feb89262ce108ab97240efa6f148f534ddef6d2e
Instruction Fuzzy Hash: 05F08CA1F056289BE7108B60DD81BDAB674EF25304F4102EAD909D6682E7B80EC28B56

Uniqueness

Uniqueness Score: -1.00%

Function 004221F0 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?,0042FE87,?,?,?,?), ref: 0042290B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 50b71a76e2ab9f4d3615b4594dd93989db8babffd191a1217ec98c4ec593c0ff
Instruction ID: 92b79479cb6ac3964ce17990580c268526494cb8adf8ebf4b3b803189f3e1912
Opcode Fuzzy Hash: 50b71a76e2ab9f4d3615b4594dd93989db8babffd191a1217ec98c4ec593c0ff
Instruction Fuzzy Hash: 17F0A7A1F056289BE7108B60DD817DAB270EF14310F4002FD9909D6681E7B80FC2CB46

Uniqueness

Uniqueness Score: -1.00%

Function 004288DF Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
?G9?, xrefs: 0042B75C
r, xrefs: 0042B711
<?B@, xrefs: 004289CD
L, xrefs: 0042BBD3
a, xrefs: 0042BBEF
e, xrefs: 0042B726
x, xrefs: 0042B6F5
b, xrefs: 0042BBE1
i, xrefs: 0042BBDA
P, xrefs: 0042B70A
t, xrefs: 0042B703
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
o, xrefs: 0042B718
E, xrefs: 0042B6EE
c, xrefs: 0042B71F
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: <?B@$?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1751934197
Opcode ID: 5d629ab4bd04e688c209a587d98203647413d8f91c972ed62759919feac89b44
Instruction ID: dd99f535e6ae577e7573f7333f45213ee9a02e63d599f79106ebdb163f9438b7
Opcode Fuzzy Hash: 5d629ab4bd04e688c209a587d98203647413d8f91c972ed62759919feac89b44
Instruction Fuzzy Hash: 55A1FDA1E09264CEF7208624EC147EA7B75EF91304F1440FED44DAB682D67D4EC68B57

Uniqueness

Uniqueness Score: -1.00%

Function 0042A0D1 Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 239
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: fbe26af9c2dbcfc27677cd8d53382b4a58f5cd437d167ccae3730b8e2a29869a
Instruction ID: cd45cf7737fa0ff783b26d3b3b977373ad3e6aac1b3a6b1ee7802c766a3c02bd
Opcode Fuzzy Hash: fbe26af9c2dbcfc27677cd8d53382b4a58f5cd437d167ccae3730b8e2a29869a
Instruction Fuzzy Hash: 07A1D571E092A88EFB20CA24DC547EA7B71EF91304F1480EEC54DAA282D67D4FD58F56

Uniqueness

Uniqueness Score: -1.00%

Function 004245F4 Relevance: 45.7, APIs: 1, Strings: 25, Instructions: 239
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
?G9?, xrefs: 0042B75C
r, xrefs: 0042B711
L, xrefs: 0042BBD3
a, xrefs: 0042BBEF
e, xrefs: 0042B726
x, xrefs: 0042B6F5
b, xrefs: 0042BBE1
i, xrefs: 0042BBDA
P, xrefs: 0042B70A
t, xrefs: 0042B703
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
o, xrefs: 0042B718
E, xrefs: 0042B6EE
c, xrefs: 0042B71F
s, xrefs: 0042B72D
NEP_, xrefs: 004245F6
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$NEP_$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3892193947
Opcode ID: 1c309b5b3e3f1d209d154a5ccefb396dca819ab0fefb5244e1e120972cfbfb85
Instruction ID: aceabed0abd141c75da3774803c387a13b7d471e72fef7f52694a4d746694658
Opcode Fuzzy Hash: 1c309b5b3e3f1d209d154a5ccefb396dca819ab0fefb5244e1e120972cfbfb85
Instruction Fuzzy Hash: F2A1B3B1D09268CAF720CA24DC547EA7B75EF91304F1480EAD44DAB282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00429E78 Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 3362ea23505b523ecd8bace0b8ba5abdd4e5c03bee128b41181a3c4f6edd87fc
Instruction ID: 1e62c045186d730ac19cd2063f86a845f45506e31a3530cf1d0d37baf5a8fdf1
Opcode Fuzzy Hash: 3362ea23505b523ecd8bace0b8ba5abdd4e5c03bee128b41181a3c4f6edd87fc
Instruction Fuzzy Hash: 3791E661E092A8CEF720C624DC547EA7B71EF91304F1480EEC54DAB282D67D4ED58F96

Uniqueness

Uniqueness Score: -1.00%

Function 00429ECF Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 252fdcdcc33e8f6a29317bae1009d5ada8e50b816521301ee82fbed6cef291d4
Instruction ID: 859548702c43e85483b3e2db24418f730c7a45a5229fdb3fb07f9efa67702fd0
Opcode Fuzzy Hash: 252fdcdcc33e8f6a29317bae1009d5ada8e50b816521301ee82fbed6cef291d4
Instruction Fuzzy Hash: 2591E661E092A8CEF720C624DC547EA7B71EF91304F1480EEC54DAB282D67D4ED58F96

Uniqueness

Uniqueness Score: -1.00%

Function 00429EAA Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: c12a9e234e3ca2f613c5902f0702bdb2df58cf0d422f8bc532f1e4320bbb0513
Instruction ID: 48bafab431772ed37e57fd0e07bf92fdc9799d4136bbc732650859c060388ee5
Opcode Fuzzy Hash: c12a9e234e3ca2f613c5902f0702bdb2df58cf0d422f8bc532f1e4320bbb0513
Instruction Fuzzy Hash: BE91E661E092A8CEF720C624DC547EA7B71EF91304F1480EEC54DAB282D67D4ED58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042A14C Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0042A175

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 544645111-1509218561
Opcode ID: 1fbc4e827a1d6fb33a7201e8e076ac6543f35399b99ae921431534b655224e75
Instruction ID: 50d77bad5b0d5f694e1f8ad4badd322406bf3dea3560f24ef859c91baeb50044
Opcode Fuzzy Hash: 1fbc4e827a1d6fb33a7201e8e076ac6543f35399b99ae921431534b655224e75
Instruction Fuzzy Hash: C991D561E092A8CEF720C624DC547EA7B75EF91304F1480EEC54DAB282D67D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042890B Relevance: 45.7, APIs: 1, Strings: 25, Instructions: 199COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
?G9?, xrefs: 0042B75C
r, xrefs: 0042B711
L, xrefs: 0042BBD3
C@?3, xrefs: 00428910
a, xrefs: 0042BBEF
e, xrefs: 0042B726
x, xrefs: 0042B6F5
b, xrefs: 0042BBE1
i, xrefs: 0042BBDA
P, xrefs: 0042B70A
t, xrefs: 0042B703
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
o, xrefs: 0042B718
E, xrefs: 0042B6EE
c, xrefs: 0042B71F
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$C@?3$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3686983
Opcode ID: 376e0cd4b0c953bcf9df2d283ed531b9b268c25aa52a55cf06483f4d3616b3dc
Instruction ID: 8ce7380e7cd9f3d219e6039ac05773cc691331764b2f997a19a1844cf3423446
Opcode Fuzzy Hash: 376e0cd4b0c953bcf9df2d283ed531b9b268c25aa52a55cf06483f4d3616b3dc
Instruction Fuzzy Hash: DD81C961E092A8CAF720C624DC547EA7B71EF91304F1440EED48DAB282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419C15 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 297COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: ea278935732e265fb068ae71de7a925c56255cac04c0713336d2dc427b66e5b8
Instruction ID: 90c872231fb2013a9c70bd4d9ba3d150aa54bb04d35f3c64c0a5dc5cc23bc19e
Opcode Fuzzy Hash: ea278935732e265fb068ae71de7a925c56255cac04c0713336d2dc427b66e5b8
Instruction Fuzzy Hash: C7C1C4B1E082688EF720CA24DC54BEA7B75EB91314F1480FAD44DA7281D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041FF5B Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 286COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 345897560854e9ff50ad844031674233f81c878d2abbf6582745b073f39afc31
Instruction ID: c78fc307b577fdbed1545ee07e3ba41f3a4da2b777fe865732cd2e34f0131d38
Opcode Fuzzy Hash: 345897560854e9ff50ad844031674233f81c878d2abbf6582745b073f39afc31
Instruction Fuzzy Hash: F2C1E571E052A88EFB20CA24DC547EA7BB5EF95304F1480EAC44DA7282D77D4EC58F96

Uniqueness

Uniqueness Score: -1.00%

Function 00419C98 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 282COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: ec9984ce5878aae4fda4920a6398faad72a5551f78f95afd196a3cf4b4889dd6
Instruction ID: 96cc685572a9e0ca2d3d5842ebb1d5cdb88c6ddbb6f4ef7c81c31a0fc12b1840
Opcode Fuzzy Hash: ec9984ce5878aae4fda4920a6398faad72a5551f78f95afd196a3cf4b4889dd6
Instruction Fuzzy Hash: 1AC1B3B1E08268CEF720CA24DC54BEA7B75EB91314F1480EAD44DA7281D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041F4AA Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 261COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: e286c5bfe4ed1de6b32c92a1d18aab809ccd91305b1440a8122e8a72b0f3d5bd
Instruction ID: 9d02ffe95d2807714aededadf64244ac0cc9c5ba08694aaa638995a2c7b4e1dc
Opcode Fuzzy Hash: e286c5bfe4ed1de6b32c92a1d18aab809ccd91305b1440a8122e8a72b0f3d5bd
Instruction Fuzzy Hash: BFB1D3B1E092A88EF720CA24DC547EA7B75EB91304F1480EAD44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041F8E8 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 260COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 4090e56698771ff50407a20725b198d034778bc013066caa44b706b8f93c5441
Instruction ID: 25bcdf0f1cb46fb8f2789d316579926cca28f09d7d8416eb1fe777a11c7151d2
Opcode Fuzzy Hash: 4090e56698771ff50407a20725b198d034778bc013066caa44b706b8f93c5441
Instruction Fuzzy Hash: 67B1D4B1E09268CEF7208A24DC547EA7B75EF91304F1480EAD44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004287F7 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 257COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: ce869402fdd0f134527db4454cdc3966fd64d480e25c179736da6d9063bf58e9
Instruction ID: e8a66628a30faab2d42d0091ba07558e91b3b31bf2e927f178a5e4209d80964f
Opcode Fuzzy Hash: ce869402fdd0f134527db4454cdc3966fd64d480e25c179736da6d9063bf58e9
Instruction Fuzzy Hash: 28A11A61E092A8CEF7208624EC147EA7B71EF91304F5480FED44D66682D67D4EC68F97

Uniqueness

Uniqueness Score: -1.00%

Function 0041F902 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 252COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 035aa4a749c7b941a537568f5e040be4407f1c319b912d8e74b7c8239337fa31
Instruction ID: c739b74f891828f53c6862249a1521515511b394a50bb1998e664e44680b3c75
Opcode Fuzzy Hash: 035aa4a749c7b941a537568f5e040be4407f1c319b912d8e74b7c8239337fa31
Instruction Fuzzy Hash: A5B1E5B1E09268CEF7208A24DC547EA7B75EB91304F1480EAD44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00421038 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 249COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 23adaec3660d80b5eb372669e07f09e917e57b0910e26485a4810dc1844ce13f
Instruction ID: b08a592d30ad0d3722ad79201a7b0dc3b2d6c21b5b47bdca779f7005c63f9b53
Opcode Fuzzy Hash: 23adaec3660d80b5eb372669e07f09e917e57b0910e26485a4810dc1844ce13f
Instruction Fuzzy Hash: E6B1C371E092A8CEF720CA24DC547EA7B75EB95304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041F90F Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 249COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 46328c670ef620720dfb46da2866515ff74d2d01b448cbd5a9ca611f38275158
Instruction ID: bbd7ab2b06354bd2d172f2c5e17445ca8c834b7921951b6413a514864d5a5f6c
Opcode Fuzzy Hash: 46328c670ef620720dfb46da2866515ff74d2d01b448cbd5a9ca611f38275158
Instruction Fuzzy Hash: 59B1E5B1E09268CEF7208A24DC547EA7B75EF91304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FD49 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 247COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 47dbfd5be289c6d0aba8fe4894efa15eabd5ae654b4b27f6a8818ba8d3da9e59
Instruction ID: 784a73f8d443c763c6b77c8353f8cbb42cff603754eea06f3c33e9189a556ac0
Opcode Fuzzy Hash: 47dbfd5be289c6d0aba8fe4894efa15eabd5ae654b4b27f6a8818ba8d3da9e59
Instruction Fuzzy Hash: F2B1E3B1E09268CEF720CA24DC547EA7BB5EB91304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FD7B Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 247COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 0bd9eee606f6fdd7b076574d31cac407a5df2c5f97cf3a978a5647b1a3a630b2
Instruction ID: 3c31edc6e586f3bcda30c252238cf1682adf185ea8c4a789ee3091edba61d8aa
Opcode Fuzzy Hash: 0bd9eee606f6fdd7b076574d31cac407a5df2c5f97cf3a978a5647b1a3a630b2
Instruction Fuzzy Hash: 3FB1D3B1E09268CEF720CA24DC547EA7B75EB91304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDA0 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 247COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: c45e7d8088a303f8fb9fd27a932d7b39d55a86d898c9f9b0a3154e271673ecbf
Instruction ID: a0fd31a64dddab3fa1c9fdedeaab9c82df53bdd19dc8ed9df5a27864db28007e
Opcode Fuzzy Hash: c45e7d8088a303f8fb9fd27a932d7b39d55a86d898c9f9b0a3154e271673ecbf
Instruction Fuzzy Hash: 18B1D2B1E092A8CEF720CA24DC547EA7B75EB91304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041F4E0 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 246COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: b4f26d2a76af8d608f0c0375e65f148e22d5cb14efa709974253975587baf56d
Instruction ID: be731a45c2e8e7e5819e200db82267fdec37767ac102de608d85264c121c3070
Opcode Fuzzy Hash: b4f26d2a76af8d608f0c0375e65f148e22d5cb14efa709974253975587baf56d
Instruction Fuzzy Hash: 40B1D4B1E09268CEF7208A24DC547EA7B75EF91304F1480EAD44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 004243C2 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 245COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 4ee1c5e4fe1d00438831d21eaf787416ea1a49063d9f406d6a46f63d252057f2
Instruction ID: 02bcbb6dc78995c3ee560021d4d19f7be19ed50ed47ce24e755d39681714e984
Opcode Fuzzy Hash: 4ee1c5e4fe1d00438831d21eaf787416ea1a49063d9f406d6a46f63d252057f2
Instruction Fuzzy Hash: 8DB1D3B1E09268CEF720CA24DC547EA7B75EB95304F1480EAC44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00419B80 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 245COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: b8f43289e24dd97f1acdc437e10e2a11b57a8a286ae6842442aa2cbb517bde4b
Instruction ID: 575129b1ea8831548a546e65586fe97eca04b3ae73d701bcb1e3c569c18c8778
Opcode Fuzzy Hash: b8f43289e24dd97f1acdc437e10e2a11b57a8a286ae6842442aa2cbb517bde4b
Instruction Fuzzy Hash: 4EA1D5A1E09268CAF720C624DC547EA7B75EF91304F1480EAD44DAB282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00419B95 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 244COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: b690faf4ca58746e4c0b5aec95ebc5a02d7f5abb85391ed5e3071f25f882b957
Instruction ID: c4ee255ba465af3047784aef70f7eb2d006ab646e5048548d65c8f28e2d50d63
Opcode Fuzzy Hash: b690faf4ca58746e4c0b5aec95ebc5a02d7f5abb85391ed5e3071f25f882b957
Instruction Fuzzy Hash: 58A1D561E092A8CEF720C624DC547EA7B75EF91304F1480EED44DAA282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00415D37 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 235COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 32dc0c5be239b59eea2ee5001a7108ae7f4fe69610481167dd4aaf8146a239ac
Instruction ID: 24cbde9a51c159881469e3932ab302363bb4d4af02124c08f3a9d9d324d84428
Opcode Fuzzy Hash: 32dc0c5be239b59eea2ee5001a7108ae7f4fe69610481167dd4aaf8146a239ac
Instruction Fuzzy Hash: 9FA1D6A1D092A8CAF720C624EC547EA7B75EF91304F1480EED44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0042006E Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 232COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 946f4a161f6fa758c9dbcc96ba0394157fbc47254ba7658d9abae6ffb73e9242
Instruction ID: 509ade87ccb5d5188824f27b06979b4738d0ad0d5f712f55d4c75e6681d705aa
Opcode Fuzzy Hash: 946f4a161f6fa758c9dbcc96ba0394157fbc47254ba7658d9abae6ffb73e9242
Instruction Fuzzy Hash: A7A1C4B1E092A8CAF7208A24DC547EA7B75EB91304F1480EAC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00420893 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 232COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 42931acc719dc3dbede23cdd57bcc30cfbc7c449390362531392a15bc28cca47
Instruction ID: c5ac3267a0c309366c7924e8eab4c47f4eb7a70d5b07aa7d6ff311b3fdd9abf4
Opcode Fuzzy Hash: 42931acc719dc3dbede23cdd57bcc30cfbc7c449390362531392a15bc28cca47
Instruction Fuzzy Hash: 2EA1C4B1E092A8CAF7208A24DC547EA7B75EF91304F1480EEC44DA7282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 0041A2CB Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 225COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 6d661963cc61f1b1abfe4da0a771ef3b500200075ce7f9cc6bf0a395fa37ec74
Instruction ID: bde1510d3e0729475d47f9f874005cf98f5cd029a32977004d28bb87e1811c59
Opcode Fuzzy Hash: 6d661963cc61f1b1abfe4da0a771ef3b500200075ce7f9cc6bf0a395fa37ec74
Instruction Fuzzy Hash: E591D6A1D092A8CEF7208624DC547EA7B75EF91304F1480EED44DAB282D77D4EC58F66

Uniqueness

Uniqueness Score: -1.00%

Function 00428941 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 221COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 6572466c307d4bcee5a79a379062ac7203f3a7002ecf12385f874e188617ba84
Instruction ID: 160bd8696ac6d6ace7f5d7ffc7144576f76cf691b6a6d2414bcebe1db6e22399
Opcode Fuzzy Hash: 6572466c307d4bcee5a79a379062ac7203f3a7002ecf12385f874e188617ba84
Instruction Fuzzy Hash: 9E91C961E092A8CAF7218624DC147EA7B71EF91304F1440FED48DAB682D67D4EC68F97

Uniqueness

Uniqueness Score: -1.00%

Function 00415ACF Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 218COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: c20ba12e228b31033ac9acde5146470a8e4b2aa347f6e34f410107e4ecaa8ea6
Instruction ID: 1967b19c8ef2eb31674ded63f3f036bc200d8abec1f28975f8926547d71c41e0
Opcode Fuzzy Hash: c20ba12e228b31033ac9acde5146470a8e4b2aa347f6e34f410107e4ecaa8ea6
Instruction Fuzzy Hash: A991D861E096A8CEF7208624DC547EA7B71EF91304F1480EED48D6A282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00415AE0 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 216COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: ea6a01ae9736c082cac998d179f2d914ead4b400c9a9f77a12661a51182fd4d8
Instruction ID: 97b74fde2a5f103abd170c2afe8672c8e382553c8e05eef5c3d37bcbbb8b4a52
Opcode Fuzzy Hash: ea6a01ae9736c082cac998d179f2d914ead4b400c9a9f77a12661a51182fd4d8
Instruction Fuzzy Hash: 0591D861E096A8CEF7208624DC547EA7B71EF91304F1440EEC44DAB282D77D4EC68FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00428952 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 214COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 1eb1aa6766bfb306977b91e85c1114c12bcfa6350d70290ae618bdf31a9fcfae
Instruction ID: 88b02ec212abdb09bd0a4b6e4b71ee0cccddba8ff43a817a59c26cbe9bdd6cbe
Opcode Fuzzy Hash: 1eb1aa6766bfb306977b91e85c1114c12bcfa6350d70290ae618bdf31a9fcfae
Instruction Fuzzy Hash: C591D861E092A8CAF720C624DC147EA7B71EF95304F1440FEC48DAB682D67D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00428957 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 213COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 6e34e76e6b545f42b90613555e678e1d5769ef8d24ca7b23e774ab95e5c98da6
Instruction ID: 8f79e4b79039b378697fbe56ad93e170fba7e88bc7c8cefac3755c61564cc2ad
Opcode Fuzzy Hash: 6e34e76e6b545f42b90613555e678e1d5769ef8d24ca7b23e774ab95e5c98da6
Instruction Fuzzy Hash: 3E91C761E096A8CAF720C624DC147EA7B71EF91304F1440FEC48DAB682D67D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 004288FE Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 201COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: d0ddca76bf6d52b526ac4ada8018aae4b85e572dfadf87d244fa41054ac0d5f8
Instruction ID: 2813956cc1b375ae4a9c117739211d6b3edc03e628fbc180e1975009ef0504ca
Opcode Fuzzy Hash: d0ddca76bf6d52b526ac4ada8018aae4b85e572dfadf87d244fa41054ac0d5f8
Instruction Fuzzy Hash: A881B961E092A4CAF7218624DC147EA7B71EF91304F1440EED48DAB282D67E4ED58FA7

Uniqueness

Uniqueness Score: -1.00%

Function 0042A182 Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 198COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 970b152ef6ff990adfca343472b593dae00896dc1e7944b462bfb0703e333bd1
Instruction ID: 532ac6bf39b11d5ee9d4879920c7662a13fdc9eab62537f2d0438d1cd593ba1f
Opcode Fuzzy Hash: 970b152ef6ff990adfca343472b593dae00896dc1e7944b462bfb0703e333bd1
Instruction Fuzzy Hash: E381B761E092A4CEF721C624DC547DA7B71EF91304F1440EEC48DAB282D77E4AD68F96

Uniqueness

Uniqueness Score: -1.00%

Function 00428875 Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 197COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 08cd4f6a61766b790af18f88f6e787528e79cb7e561f2cde5d3df1ee218b3057
Instruction ID: 9ce95a1397c61e8e2a2a1e2ac436b14630fef1a809fbea9804965f5c95fb32b4
Opcode Fuzzy Hash: 08cd4f6a61766b790af18f88f6e787528e79cb7e561f2cde5d3df1ee218b3057
Instruction Fuzzy Hash: CF81B861E092A8CAF7208624DC547EA7B71EF91304F1440EED48DAB282D77D4FD58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042891D Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 194COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: b430f4c23fa56086539711979074bf732c00947a3316515839e39c3f0ec0df4b
Instruction ID: 1dce82b8318f4ef9b3f34dde05a71044f7cf13baf0c2b4c5180576172df01708
Opcode Fuzzy Hash: b430f4c23fa56086539711979074bf732c00947a3316515839e39c3f0ec0df4b
Instruction Fuzzy Hash: F381CA61E092A4CAF721C624DC147EA7B71EF95304F1440EEC48DAB282D77E4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00415B1E Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 194COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 11c5f12cc3cf095d9217fa963b1c65eaddd1371096f9e6e05cdce468cf9841da
Instruction ID: 5126c6834a3c0a29cca2762c673eec2f33b2c933f512aed0deda1afcddb9cb8b
Opcode Fuzzy Hash: 11c5f12cc3cf095d9217fa963b1c65eaddd1371096f9e6e05cdce468cf9841da
Instruction Fuzzy Hash: 7E81C861E092A8CAF720C624DC147EA7B71EF91304F1440EEC48DAB282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042899F Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 192COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 43cd178cc9ff1705c42c967472a86cfefd829b1c6d17ecb15bce100309b840c3
Instruction ID: a8065497766894943ed0144c1dd75efad2de58e07da66b9fcff0edd008fe3602
Opcode Fuzzy Hash: 43cd178cc9ff1705c42c967472a86cfefd829b1c6d17ecb15bce100309b840c3
Instruction Fuzzy Hash: 2481B861E092A8CAF721C624DC547DA7B71EF91304F1440EEC48DAB282D77D4ED58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00428928 Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 191COMMON

Download Yara Rule

Strings

i, xrefs: 0042B6FC
L, xrefs: 0042BBB7
r, xrefs: 0042BBF6
s, xrefs: 0042B734
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
?G9?, xrefs: 0042B75C
P, xrefs: 0042B70A
r, xrefs: 0042B711
t, xrefs: 0042B703
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
o, xrefs: 0042BBBE
a, xrefs: 0042BBEF
o, xrefs: 0042B718
E, xrefs: 0042B6EE
e, xrefs: 0042B726
x, xrefs: 0042B6F5
c, xrefs: 0042B71F
b, xrefs: 0042BBE1
s, xrefs: 0042B72D
y, xrefs: 0042BBFD
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ?G9?$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-1509218561
Opcode ID: 2d760ba20727b67ec73236970a3397e6605ba28781eac8d224f55b68c6e90743
Instruction ID: 27ebfefe6429972b32714d01f054723561b54577e4b89cc279f742eda880de6c
Opcode Fuzzy Hash: 2d760ba20727b67ec73236970a3397e6605ba28781eac8d224f55b68c6e90743
Instruction Fuzzy Hash: E481B961E092A8CAF721C624DC147EA7B71EF95304F1440EEC48DAB282D77D4EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042B7C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 169COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: 9b3a0116e3613f9eb7875c7cb1ea6b940fdb8493d24c8498cac925ce314b3cbb
Instruction ID: ba9834b9717d599e5ce9f9ef5552bd0ffbfd76802a9cc50bd2e75ff0a04afc00
Opcode Fuzzy Hash: 9b3a0116e3613f9eb7875c7cb1ea6b940fdb8493d24c8498cac925ce314b3cbb
Instruction Fuzzy Hash: 5061C461E052688EF720C624EC157EA7B35EF91304F1440FED44DAB682D6BD1EC68FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042B762 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 167COMMON

Download Yara Rule

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: b7bb2cbff16147f4cdb4b4547684eb596455ba025e6e99ca94b375e0697b5202
Instruction ID: 74ccce5d90db5370cfc7a84180228db5b255cd6d0b1729b4f6abe1007489d0b3
Opcode Fuzzy Hash: b7bb2cbff16147f4cdb4b4547684eb596455ba025e6e99ca94b375e0697b5202
Instruction Fuzzy Hash: 9E61C461E056A88AF720C624EC147EA7771EF95304F1440FED44EAB682D27E0ED68F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042B769 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 167COMMON

Download Yara Rule

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 65c31fe244a866945995f59b37115fc41d46e0083bb3b82ca68ae67ed72bff62
Instruction ID: 0812f8b173a607e5b6ee74a4f6140073d1d34aa8624af0d16cc56fde52906a8e
Opcode Fuzzy Hash: 65c31fe244a866945995f59b37115fc41d46e0083bb3b82ca68ae67ed72bff62
Instruction Fuzzy Hash: 9361B361E056A88AF720C624EC147EA7B71EF91304F1440EED44EAB682D27E0EC68F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042B77C Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 161COMMON

Download Yara Rule

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: bba1d7aa387b28c5e92e375ab2cf44570b7991fc7c14f369541a2029463591da
Instruction ID: 92486b894dde50cda55356ee3ebf006a897aeb9608c4547ba4cb3ec5bf69449f
Opcode Fuzzy Hash: bba1d7aa387b28c5e92e375ab2cf44570b7991fc7c14f369541a2029463591da
Instruction Fuzzy Hash: B161C461E056A88AF720C624EC147EA7B71EF95304F1440FED44DAB682D27E0ED68F96

Uniqueness

Uniqueness Score: -1.00%

Function 0042BA52 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 154COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: 1dbecf4b1c09dbc6e8bcc1528168d99fbfcceb74d43bc9345bca382203ea01f3
Instruction ID: 438a4d28041afa794256c24794c3b15cdd3444e027197f120f0f860cde69bb52
Opcode Fuzzy Hash: 1dbecf4b1c09dbc6e8bcc1528168d99fbfcceb74d43bc9345bca382203ea01f3
Instruction Fuzzy Hash: 8751B461E052A4CAF720C624DC547EA7B76EF91304F0440FEC54DAB682D2BD1EC68F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042BA6B Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 143COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: 743d57aaecf9d2b6a069a5ca599b85079670d43e9906d04ce2cef65077fb25e7
Instruction ID: 38af630a7638b230ebd90ed0735a877d8b732911dc2878513c9f46ae490769ac
Opcode Fuzzy Hash: 743d57aaecf9d2b6a069a5ca599b85079670d43e9906d04ce2cef65077fb25e7
Instruction Fuzzy Hash: FD51A361E052A4CAF720C624DC547EA7B72EF95304F0450FED14DAB682D2BD0ED58F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042B7D2 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 141COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: e119698b4819af84ba61fe781ef492f2c13cf426e5e9ddc692dddc81303b8529
Instruction ID: 67377f6244b3ea809efe1bbe60ea514431b01c76088e0201074aee8838a9c774
Opcode Fuzzy Hash: e119698b4819af84ba61fe781ef492f2c13cf426e5e9ddc692dddc81303b8529
Instruction Fuzzy Hash: 7F51D761E056A8CAF720C624DC147EA7A71EFA1304F0450FED04DAB682D2BE0FD68F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042B7C8 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 138COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: ce2740de5f523ba395d70cc1a447bb827f3bbe08bddccee2d582813e060156f7
Instruction ID: 703d3c5f8d1f6ee4f989624a0386166ad3589ee445b985ad2cdd60130c511909
Opcode Fuzzy Hash: ce2740de5f523ba395d70cc1a447bb827f3bbe08bddccee2d582813e060156f7
Instruction Fuzzy Hash: F351D661E056A8CAF720C624DC147EA7A71EFA1304F0440FED54DAB682D6BE0FD68F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042BBAD Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 107COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

a, xrefs: 0042BBEF
o, xrefs: 0042BBBE
r, xrefs: 0042BBF6
L, xrefs: 0042BBB7
d, xrefs: 0042BBCC
r, xrefs: 0042BBE8
i, xrefs: 0042BBDA
b, xrefs: 0042BBE1
y, xrefs: 0042BBFD
L, xrefs: 0042BBD3
W, xrefs: 0042BC04
a, xrefs: 0042BBC5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: c2735e2cf2dd4156b12e7c97345a70adcf493777a9d9f7150a350dccc34cde5b
Instruction ID: d45f646d7a24bbc48283305cae3fa192e764b520513425e58c37d9a1f48a22eb
Opcode Fuzzy Hash: c2735e2cf2dd4156b12e7c97345a70adcf493777a9d9f7150a350dccc34cde5b
Instruction Fuzzy Hash: 6F41C9B1E092A8CEF711C615DD487EA7B64EB51304F1440EEC48E5A243C37D1AC68F97

Uniqueness

Uniqueness Score: -1.00%

Function 00413AB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Strings

CIG4, xrefs: 004139CB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: CIG4
API String ID: 544645111-1227011063
Opcode ID: e5e6d654862f6d1fafb8c0c8902c4be3264e0dde21dcfa1bfe322a3c5bcf78de
Instruction ID: a45c01ba32b864705ad5b9d01a761f2220ccfa5f9ff04d08194e6aae44ea7e2c
Opcode Fuzzy Hash: e5e6d654862f6d1fafb8c0c8902c4be3264e0dde21dcfa1bfe322a3c5bcf78de
Instruction Fuzzy Hash: 7E61E1B1D042249BEB248F15DC85AEB77B8EB84311F1441FBE44E66240EA786FC6CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00413741 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 59ec9b7e0a74bf7f2c5d900276244c0e5fab87a9b43ed70b34b0510abd2d9917
Instruction ID: e301e8044ea086f44edba3eb51eefa99150b19b7874eedafa4609c5156cb3292
Opcode Fuzzy Hash: 59ec9b7e0a74bf7f2c5d900276244c0e5fab87a9b43ed70b34b0510abd2d9917
Instruction Fuzzy Hash: 0F5101F2D082249BE7208F11DC84AEB7BB8EB85315F1441FBE84D66641D67C5FC68E92

Uniqueness

Uniqueness Score: -1.00%

Function 00413C6F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Strings

L<?J, xrefs: 00413E0A

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: L<?J
API String ID: 544645111-320906975
Opcode ID: ddfe02f2299072071779bf79db3e2c69b4721d0c5b4d2a94ef365f3c1aa113d9
Instruction ID: 960b26956585ec05e03313590a7dc5f2ad0ae4bfd46db515c6d068b69d5b0ba4
Opcode Fuzzy Hash: ddfe02f2299072071779bf79db3e2c69b4721d0c5b4d2a94ef365f3c1aa113d9
Instruction Fuzzy Hash: 2C51AA70E052688FEB24CF14DD94AEAB7B5EF85302F1480EAD44DA7242D6386FC18F45

Uniqueness

Uniqueness Score: -1.00%

Function 00413606 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 30ad201e9e99ba261e56ce8bbef4ba6f6bf324b2197ebe1d861f186ede65562d
Instruction ID: 7c701a1a8c939c0fe119507ed81ca3653c448931ccba589dc22635d7b8d2eddc
Opcode Fuzzy Hash: 30ad201e9e99ba261e56ce8bbef4ba6f6bf324b2197ebe1d861f186ede65562d
Instruction Fuzzy Hash: 5541F4F2E042645BE7208E14ED94AEB7A78EB85305F1841FBD40E63680E63C5FC68A56

Uniqueness

Uniqueness Score: -1.00%

Function 00413370 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 45c1c1b260af6f76e0ac331f4936dbc7be64d7ce7a3c978ef14a3203ace973b7
Instruction ID: 5abc94cc49dbe210d8b12e269cf4b526b592c20bf11c967ee9fcebf491b6baee
Opcode Fuzzy Hash: 45c1c1b260af6f76e0ac331f4936dbc7be64d7ce7a3c978ef14a3203ace973b7
Instruction Fuzzy Hash: 4741D1B2D082649BE7208E24DD98AEB7B78DB85311F1442FBD84D67281D63C5FC58E52

Uniqueness

Uniqueness Score: -1.00%

Function 004136B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 1af4c5156eadbacbd10ce456bdab62df1ae4ff728cbd8177263ee35a34cb1daa
Instruction ID: 243acc957c30e02cf8e500d2e9fc9f75a671ceaceb39707ca2dfd6871a0364c9
Opcode Fuzzy Hash: 1af4c5156eadbacbd10ce456bdab62df1ae4ff728cbd8177263ee35a34cb1daa
Instruction Fuzzy Hash: 9D3146F2D042649BE7209F14ED94AEB7B78DB85311F1441FBD40D63280D63C4FC68A52

Uniqueness

Uniqueness Score: -1.00%

Function 0042AF1B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Strings

P7@6, xrefs: 0042B329

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: P7@6
API String ID: 544645111-4105107767
Opcode ID: 57b41bf39166a7a690994e904bddf76c607851eae038945fe4c335185273e74d
Instruction ID: 10d4c5ab0c14b2bab2836b25bfe1d284759b525b99f0d3ab890d735c3a624ed7
Opcode Fuzzy Hash: 57b41bf39166a7a690994e904bddf76c607851eae038945fe4c335185273e74d
Instruction Fuzzy Hash: E731F6F3D00524ABE7249A14EC54AE777B8EB44311F1544FBEA0EA7280D63C5EC18E95

Uniqueness

Uniqueness Score: -1.00%

Function 00413459 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: e115054f5629c401877fb51812e6608c70e801f0a2020ec43669284392488941
Instruction ID: a460f146935e9469e281f7a6eccfea2bc9ee9f490676f4a066b967816e0a0d55
Opcode Fuzzy Hash: e115054f5629c401877fb51812e6608c70e801f0a2020ec43669284392488941
Instruction Fuzzy Hash: C231E4F2D042645BE7209F14ED94AEB7B7CDB85311F1481BBE40D63680E63C5FC68A56

Uniqueness

Uniqueness Score: -1.00%

Function 00413402 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 30d18dca5cbabaa5d9dfeb8c1dfbe89f424f46f9b18db17d0259ec5a4453617f
Instruction ID: e7c5ad54c720fae5098647eb8a4d99f752c0d154269d208115420df1f145b0a6
Opcode Fuzzy Hash: 30d18dca5cbabaa5d9dfeb8c1dfbe89f424f46f9b18db17d0259ec5a4453617f
Instruction Fuzzy Hash: AA31E4F2D042645BE7209F14ED94AEB7B7CDB85311F1441BBE40D63680E63C5FC68A56

Uniqueness

Uniqueness Score: -1.00%

Function 00413434 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 6c80505b97d88bca725ccb2736a5308d6d9363804c9e50654df5a1ccb3743f32
Instruction ID: 0bdf059569b279caab6280caaf17d30730af475cf3839676a6c38fa17ac2f778
Opcode Fuzzy Hash: 6c80505b97d88bca725ccb2736a5308d6d9363804c9e50654df5a1ccb3743f32
Instruction Fuzzy Hash: C231E4F2D042645BE7209F14ED94AEB7B7CDB85311F1441BBE40DA3680E63C5FC68A66

Uniqueness

Uniqueness Score: -1.00%

Function 004136F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 407567dff15fd734b1ce2beb3b8ea1c4bcea39955b2d87d2056363704d8b7cfa
Instruction ID: 0c81ef8c29b1a602fb3d018c20962e90a78c926a6b8308e4aba40277815c844d
Opcode Fuzzy Hash: 407567dff15fd734b1ce2beb3b8ea1c4bcea39955b2d87d2056363704d8b7cfa
Instruction Fuzzy Hash: 1B3127F2D042645BF7209E24ED98AEB7B7CDB85311F1441BBE40DA7581E63C4FC58962

Uniqueness

Uniqueness Score: -1.00%

Function 00413703 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

=2HO, xrefs: 00413785

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: =2HO
API String ID: 544645111-3660142482
Opcode ID: 30ac262883bf4098cd2225ed5fc0f0a6edeed6565728f078c3b7a7d4c8add0e9
Instruction ID: 6f085a700016894aa847f033e4ad87351a56c24cf259a724505b15d21c5017b5
Opcode Fuzzy Hash: 30ac262883bf4098cd2225ed5fc0f0a6edeed6565728f078c3b7a7d4c8add0e9
Instruction Fuzzy Hash: 972134B2D042645BE7209F24ED94AEB7B78DB85310F0481BBE40DA7581E6384FC58992

Uniqueness

Uniqueness Score: -1.00%

Function 0042BF8F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Strings

G2=3, xrefs: 0042BF8F

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: G2=3
API String ID: 621844428-3578832846
Opcode ID: 48586df219c8c8950ae332c372c88736155599f8254fe6dc7b7dc80d5d1df10d
Instruction ID: 1f01e38414bb3ea2d3c7171e362d8be8b21a58cc591981dde84b93f7c4ee654f
Opcode Fuzzy Hash: 48586df219c8c8950ae332c372c88736155599f8254fe6dc7b7dc80d5d1df10d
Instruction Fuzzy Hash: 22D012E7F0036C66E3505618FCC5B8E6564ABE1714F6500A2D11D65540D5FD0AD14963

Uniqueness

Uniqueness Score: -1.00%

Function 0042BF5F Relevance: 1.8, APIs: 1, Instructions: 347COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9a106975a928d8d8b7746f7ffbfb4579bcc278425288a369617e088a6f409c8d
Instruction ID: 707c2734d8efea2870a3a8d69adcd59735f662baac9af4436c79615303af1182
Opcode Fuzzy Hash: 9a106975a928d8d8b7746f7ffbfb4579bcc278425288a369617e088a6f409c8d
Instruction Fuzzy Hash: B2E1BEB5E04228CFEB24CA14ED94BEEB775FB84305F1442EAD80E67280C6795EC2CE55

Uniqueness

Uniqueness Score: -1.00%

Function 00412C12 Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7f81ccaa1eeaf943c83a0d33fe371eae9a9066075f913df99b781651821274f
Instruction ID: 490be64b1c0f0a94f4a652e552defef08e1c0ecf9391644cd5ba107067e12576
Opcode Fuzzy Hash: c7f81ccaa1eeaf943c83a0d33fe371eae9a9066075f913df99b781651821274f
Instruction Fuzzy Hash: 83C1CFB1D042289AE7208B15DD84BEBB775EF94310F1441FAE80DA7280E6795FC6CF96

Uniqueness

Uniqueness Score: -1.00%

Function 0042BCB0 Relevance: 1.7, APIs: 1, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 95387dd2abf7fbfca6ac04f0a918fb4fec9219ad5a8894fece3d1f55b11b0beb
Instruction ID: 4e53a8f15d82da8bce91157890a63e271d747255753c739d682464344d8ac6d5
Opcode Fuzzy Hash: 95387dd2abf7fbfca6ac04f0a918fb4fec9219ad5a8894fece3d1f55b11b0beb
Instruction Fuzzy Hash: FE71E2B2E041749AEB248B25ED44BEA7775FB94310F1181FAD80DA6280E77C1EC5CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0042B36D Relevance: 1.7, APIs: 1, Instructions: 176memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: b5345a758cfb0f9d907186696406b18f3d7fb795f549a257989cb5c5b6f5dae7
Instruction ID: f20ebb01eee99110f2df061e4001e79cf45f5e58e69fca54501b994ebf0f0af8
Opcode Fuzzy Hash: b5345a758cfb0f9d907186696406b18f3d7fb795f549a257989cb5c5b6f5dae7
Instruction Fuzzy Hash: 9581F470E046689BDB28CB18DC90BEAB7B1FB85305F5481DAD94AA7241D7386EC1CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0042C512 Relevance: 1.6, APIs: 1, Instructions: 136COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e152f7c005fb215b8d08b9430dbc1fa14950d28987e463390b638f4a8243bfd1
Instruction ID: c6db050a92521904d516519738850d2175261ddf949e7e107512d9dd04e8fbab
Opcode Fuzzy Hash: e152f7c005fb215b8d08b9430dbc1fa14950d28987e463390b638f4a8243bfd1
Instruction Fuzzy Hash: 8251AFB5D152299BEB248B24EC846EAB775FF84310F1081FAD90EA6240E6784EC1CF56

Uniqueness

Uniqueness Score: -1.00%

Function 0042C34B Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c5d08d9e855a79ae38f54da82c58aa1b091950ecad89137a44a4cd06902e9798
Instruction ID: c3df50845107026f58c52067e1b537fdd86d77b534b233718b0c80e1e5094047
Opcode Fuzzy Hash: c5d08d9e855a79ae38f54da82c58aa1b091950ecad89137a44a4cd06902e9798
Instruction Fuzzy Hash: 5E41B4F2D046259FF7148A24ED84BEF7734EB84311F1482BAD80966680D67D5FC58E92

Uniqueness

Uniqueness Score: -1.00%

Function 00413874 Relevance: 1.6, APIs: 1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a2f95e556d09308b34a00c12f06f4c089d34abe710487a4620bbe2c2a025764e
Instruction ID: dd844befa3a1f61671ce5c9dc068ce548c7f936e0c62422f54a52bcf62e0afb0
Opcode Fuzzy Hash: a2f95e556d09308b34a00c12f06f4c089d34abe710487a4620bbe2c2a025764e
Instruction Fuzzy Hash: 8331D1B1D052649BE7208F11DC49AEB7BB8EB81321F1440FBE44D57241D67D5FC78A92

Uniqueness

Uniqueness Score: -1.00%

Function 00413A68 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 67f438a26b2cbc9781a3022164549913adbc19c6a300b75a22a52bce64466e9b
Instruction ID: c076cbd5a8ade35b2f4e0335136b562a349e875133734436ab5ed863f6e452b6
Opcode Fuzzy Hash: 67f438a26b2cbc9781a3022164549913adbc19c6a300b75a22a52bce64466e9b
Instruction Fuzzy Hash: 733137B2D042249BE3208E05DC85AEB7B78DB81321F1040BBE80D67241D57D6FC7CE92

Uniqueness

Uniqueness Score: -1.00%

Function 00413893 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 408c70c5f86ae318dd0003f344b71ad7ab4fe02373761f4011bdabb8e2f501f9
Instruction ID: 4de090d8823583e69514e2ed6c7a4d59c54688590a56ba325b1d172cb2a6f0da
Opcode Fuzzy Hash: 408c70c5f86ae318dd0003f344b71ad7ab4fe02373761f4011bdabb8e2f501f9
Instruction Fuzzy Hash: 693103B2D092249BE7208F15DC88AEB7B78DB85321F1440FBD44D27242E6796FC7CA56

Uniqueness

Uniqueness Score: -1.00%

Function 0042B54A Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9422a7d89710eb5a86a9767bbe6cf72cf729f82d93840f88dae5d430f556bfd
Instruction ID: 61e64a88e57685738a8833c5221a802081f7b0718a6cc0683e659cead441d9f2
Opcode Fuzzy Hash: d9422a7d89710eb5a86a9767bbe6cf72cf729f82d93840f88dae5d430f556bfd
Instruction Fuzzy Hash: 38417371A045649BDB28CB14DC90BFFB7B1EB46305F5480EBE94AA6244D7396FC08F85

Uniqueness

Uniqueness Score: -1.00%

Function 004138B0 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fc9d911ff6745d60265770c48448c0342d5a88c5db9ee7b638fcc2b81fbfcb81
Instruction ID: 93433bde43c256ae79931e9eb304963ebad823f1ad0c738fd5fc32207cec0030
Opcode Fuzzy Hash: fc9d911ff6745d60265770c48448c0342d5a88c5db9ee7b638fcc2b81fbfcb81
Instruction Fuzzy Hash: 5331A2B1D052249BE7208E05DC85AEB7B78DB85321F1440BBE44D67241E5796FC7CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0041303B Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839b90e4f8efa0b15ead6579f1322062228c8222b837324af190c35e56ca15d1
Instruction ID: 19fcabbdb51fb7f3de153c393822f4b7e82d760c7df0ace191763d828e09bef5
Opcode Fuzzy Hash: 839b90e4f8efa0b15ead6579f1322062228c8222b837324af190c35e56ca15d1
Instruction Fuzzy Hash: F3213773D042285BF7208E54DC44BEBBB68EB84315F1441BBE84D27281D67C5FC68A96

Uniqueness

Uniqueness Score: -1.00%

Function 0042C9A0 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b892f50091c751c7c43df631fd3e244fe260a1e6d903a813c044c6317484b9
Instruction ID: d1fa8c6561cb4f2e85036c59dccf4b38328226a110e4551c3734667e1a1a7cef
Opcode Fuzzy Hash: 37b892f50091c751c7c43df631fd3e244fe260a1e6d903a813c044c6317484b9
Instruction Fuzzy Hash: B2318471B084B98BDB24CB24EDD07AE7BB6AF81305F9442EAC44DA6641C7785EC1CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041327C Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1d9df4782f8deb05a8a3aa39fe93a9b3bf1753082de96bc7d2606fee71dc47
Instruction ID: 4fd99a0c02ed6e378bd34a46216aac5ad0d43b9de178a51410f46668709710a0
Opcode Fuzzy Hash: 7f1d9df4782f8deb05a8a3aa39fe93a9b3bf1753082de96bc7d2606fee71dc47
Instruction Fuzzy Hash: 822126B3D082385BE7208A55ED44BEB7A69DB84321F1440B7E80D77181D57C1FC289E6

Uniqueness

Uniqueness Score: -1.00%

Function 00413305 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88efc1e5d291a0b59250d59093b41286696f544b37c1bbb4e38cd2638dec362e
Instruction ID: c25a06fbd310c987253ce1386b60a9ff2167fb00f9322689df09fa638f0b2d6d
Opcode Fuzzy Hash: 88efc1e5d291a0b59250d59093b41286696f544b37c1bbb4e38cd2638dec362e
Instruction Fuzzy Hash: 15113873E0827857E720DAA5DC18BEB7F789B85311F1400BB994D77182C57C0EC38696

Uniqueness

Uniqueness Score: -1.00%

Function 00413B60 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 286382fc5dfab2273f16b1e765a541e27450d2131ff3fee6570df4920915223d
Instruction ID: 2b2514482aac8033624f5a44aa8bcf03a916d56e370cb30301e1ad0aa09bd70b
Opcode Fuzzy Hash: 286382fc5dfab2273f16b1e765a541e27450d2131ff3fee6570df4920915223d
Instruction Fuzzy Hash: 4F11A271D052288BD7208F14DD84ADABBB8AF45311F0405EBD44DA7241D6786FC2CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0042CA08 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: f831049584c4abe83d10c324832f5cd9f55f8385cd20473fbb78a693ce96b0b7
Instruction ID: 646f2227fd0e933d80177915b59e613829281a30ad6eaefc456781bdd1a88b1c
Opcode Fuzzy Hash: f831049584c4abe83d10c324832f5cd9f55f8385cd20473fbb78a693ce96b0b7
Instruction Fuzzy Hash: A021F3B1A041A88FDB24CB24ECD47AE7BB5AF81301F5442EAD45946281CB781EC18F4A

Uniqueness

Uniqueness Score: -1.00%

Function 00413B56 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 34033122e7f071e13edb98341287cb84b79d69dab650b1cde8f591a33987903c
Instruction ID: 4c3129365ecfb2930c23f0d985dd4febd02cf4c030e803fae953dbfb2df9120b
Opcode Fuzzy Hash: 34033122e7f071e13edb98341287cb84b79d69dab650b1cde8f591a33987903c
Instruction Fuzzy Hash: 7411B471D092249BD7249F14DD45AEB77B8AF45311F0404EBD44D67242E6786FC2CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00413E27 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4ea81fb4f6d66c566e460188a4e0a196f875d26d0ff8e14c1c0d3d7ac0da3edb
Instruction ID: b6a47a0f004f639b96caef39aba0e7f6f6c67fb3cecae845fd200e36f892e604
Opcode Fuzzy Hash: 4ea81fb4f6d66c566e460188a4e0a196f875d26d0ff8e14c1c0d3d7ac0da3edb
Instruction Fuzzy Hash: 92219FB1E052648BEB24CF15DD54BEA77B5AB85311F1001EBD44EA6281D6385FC18F46

Uniqueness

Uniqueness Score: -1.00%

Function 0042C4C6 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 15e843610d737c75823d3b7f9c393070d20e19d60e6ced7ad5583df4028980f6
Instruction ID: 0591db3b8d3dbc74e91eca01602b0cc0cb464fb81f85a961bd369ebc70b454fc
Opcode Fuzzy Hash: 15e843610d737c75823d3b7f9c393070d20e19d60e6ced7ad5583df4028980f6
Instruction Fuzzy Hash: D61160B1A042299FEB208A64ECC47BF7674F7C5315F5041BBE40955280D37D5EC69E16

Uniqueness

Uniqueness Score: -1.00%

Function 0041333D Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2159b43327e69d6ea104683e77df7a6cda77b1f52cce6301850ac057beb270ff
Instruction ID: 9314ffd7892175503bdac8b102689955a7c1dc67ad1041cb12f309cb096944bd
Opcode Fuzzy Hash: 2159b43327e69d6ea104683e77df7a6cda77b1f52cce6301850ac057beb270ff
Instruction Fuzzy Hash: B9014973E0827017E7248A15ED04BDB7F799BC8310F1000FBA54D67082C5784EC286D2

Uniqueness

Uniqueness Score: -1.00%

Function 0042C6D0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 8e65504bcf88c403322b78fad0f6acf592f46d76feb609b1dfd14f6f9481855e
Instruction ID: 724f3400e79c727f4fe3d188627aafe210ba116732acba4c3f95f7a71d5b5707
Opcode Fuzzy Hash: 8e65504bcf88c403322b78fad0f6acf592f46d76feb609b1dfd14f6f9481855e
Instruction Fuzzy Hash: 96118FB0A0462ADFEB248A10ECC4BAE7735FBC4311F2041BBD40956240D3394EC2DE06

Uniqueness

Uniqueness Score: -1.00%

Function 0042BC4D Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: dc912d0e1a99d58f2311bb75d6b30632a79b4daa9aa639877bc44b4fb4768dd1
Instruction ID: ecd0b77e63ea7d7c4b08b344299e763bb47a4162e51a0e2258685b2b9adcede9
Opcode Fuzzy Hash: dc912d0e1a99d58f2311bb75d6b30632a79b4daa9aa639877bc44b4fb4768dd1
Instruction Fuzzy Hash: 9A014993E081746DF3104520ED087AB2A14E765314F5600FAC44EA5081D1BC06C64FD6

Uniqueness

Uniqueness Score: -1.00%

Function 0041378C Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f2d4f7500f1f8fdee7da0a2f4df6f93958ef2a39fe337593bf69b308d885801d
Instruction ID: c2b0cae450312b2a5fd43a78c9ff4aacab4045b24e9014c5f3c49cd2acf4e61a
Opcode Fuzzy Hash: f2d4f7500f1f8fdee7da0a2f4df6f93958ef2a39fe337593bf69b308d885801d
Instruction Fuzzy Hash: 580168B2D043205BE3209E14ED84AEB7B789B84310F0000BBE54DB3141C6785FC28AA3

Uniqueness

Uniqueness Score: -1.00%

Function 0042BCBD Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 139d96f408862a840aa6d944ddc2f60468c8c78c23df49142c43265bb45efc90
Instruction ID: f58a401540874d67db5375bb601e5061b7e8e2f254f02fb91bf5bedda50c1adb
Opcode Fuzzy Hash: 139d96f408862a840aa6d944ddc2f60468c8c78c23df49142c43265bb45efc90
Instruction Fuzzy Hash: A8014CA2F08174ADF3100121FD5577A2718D7A1314F6540EBD40ED9141D27C06C69FA7

Uniqueness

Uniqueness Score: -1.00%

Function 0042C6D9 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 81812177ab9f70cad7da2e88e84d4186ac1c3266fd3486b9e1eaae4056620efb
Instruction ID: 67013700beff9130d4f082182aba5e94a5a18ea38f0484ab8bf7dd5673618c31
Opcode Fuzzy Hash: 81812177ab9f70cad7da2e88e84d4186ac1c3266fd3486b9e1eaae4056620efb
Instruction Fuzzy Hash: 8E1151B5A0422A9FEB248A10DCC4BBE7735FBC4311F2041FBD40A56240D7395EC2DE56

Uniqueness

Uniqueness Score: -1.00%

Function 00413BD0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 12921caee9ce439e0b905bc5d04d0f90f3e5ef857bc69d8f2b66cd5dd6bebf11
Instruction ID: af46e8347ae75d694a0ab4d004062d6fe61ed37e9eaa116473b85b661b64478c
Opcode Fuzzy Hash: 12921caee9ce439e0b905bc5d04d0f90f3e5ef857bc69d8f2b66cd5dd6bebf11
Instruction Fuzzy Hash: 3811A071E042249BE724DF14DD45AEBBBB9AB89311F0401EBE40DA7242D6385FC68F91

Uniqueness

Uniqueness Score: -1.00%

Function 00413BB0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8c091afa934e60d572192b3f86d17eceb4ad5b7ebee1632b8ae396c612947495
Instruction ID: 0ab5ee24c227599c722807af6e8e2fc868c4bead61bdbbf006b03030a802a443
Opcode Fuzzy Hash: 8c091afa934e60d572192b3f86d17eceb4ad5b7ebee1632b8ae396c612947495
Instruction Fuzzy Hash: 5901C471E053289BD7248F14DD44AEB7B79AF89311F0004EBE40D67241D6385FC28E52

Uniqueness

Uniqueness Score: -1.00%

Function 0042BCC6 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 57acbd66afe51c77274e55ba84a979c7fc08cac16a435fe320b5230acec2cc5b
Instruction ID: 09328aeaa54eb1b57566dc891ad60bd2031a959c83ed403127c785a068264ae7
Opcode Fuzzy Hash: 57acbd66afe51c77274e55ba84a979c7fc08cac16a435fe320b5230acec2cc5b
Instruction Fuzzy Hash: 66014EA2F08278AEF3101521FD5976B3B24D7A5314F6600EBD40ED5141D2BD06C69FE7

Uniqueness

Uniqueness Score: -1.00%

Function 0042C760 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: d4f931eb13f02d04980bc1d2bcdf89a730a772e6640a7bc7b260a5bc7babba7e
Instruction ID: 3eefe8dde2680719f1b08657e711810b80338fed9bfc70e5d5abe860dc726359
Opcode Fuzzy Hash: d4f931eb13f02d04980bc1d2bcdf89a730a772e6640a7bc7b260a5bc7babba7e
Instruction Fuzzy Hash: DC0140B4A4432ADBDB248A14DCC5BAB7738FB84311F1001EAE50996280D7790EC1DE56

Uniqueness

Uniqueness Score: -1.00%

Function 00413C13 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a8c5e64a997e47e0c5730aba86466ecab60396d3d05cd770027e74c20ad6b21f
Instruction ID: 3ae5bdc66a469ae1afa373f769b191682645c30c58d357e39299212c3e929544
Opcode Fuzzy Hash: a8c5e64a997e47e0c5730aba86466ecab60396d3d05cd770027e74c20ad6b21f
Instruction Fuzzy Hash: F7018472E052249BE724DF15DD44ADB7B79AF89311F1004EB950DA7141D6385FC28E92

Uniqueness

Uniqueness Score: -1.00%

Function 0042B632 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 038a06ce4f222d64266f716d19e5266d7f047c8b0472b3e00c6049d68fd454d6
Instruction ID: 04c54312c660810d97f2cef8fff5de1490312ab7132c8f82e34cd868a929686c
Opcode Fuzzy Hash: 038a06ce4f222d64266f716d19e5266d7f047c8b0472b3e00c6049d68fd454d6
Instruction Fuzzy Hash: 9C118BB0A006688BDB34CB44DC80BEAB3B1FB49346F1082DBD54AA6284D7785EC18F46

Uniqueness

Uniqueness Score: -1.00%

Function 0042C786 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9697362ebb5dbbae3c9efc75e12bded77e4b91652cfcbc767bd6c53bc6471118
Instruction ID: c617182274af88a5c4b52d57e4323ed5517617739b2ff8f7e7e5f33be126fd87
Opcode Fuzzy Hash: 9697362ebb5dbbae3c9efc75e12bded77e4b91652cfcbc767bd6c53bc6471118
Instruction Fuzzy Hash: 80015E74A0476A8BDB208F24D8887AEBB34FB84311F1001EAD50966280D77A4EC1DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0042C77F Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 18b764c11eb623ed4ae7690dfda0c0fca8fe300efe2063807160bb78072b9e8e
Instruction ID: 003da5adbaaef1589389ad1ab9f1124f2f4676c0b8c078bc5528fc21feed1cd3
Opcode Fuzzy Hash: 18b764c11eb623ed4ae7690dfda0c0fca8fe300efe2063807160bb78072b9e8e
Instruction Fuzzy Hash: D601FBB4A0472E8FEB248E50D8887AA7778FB84311F1001E6D809A6290D7791EC1DE01

Uniqueness

Uniqueness Score: -1.00%

Function 0042C77A Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 863a9a51d31a91d62f88163790f89b256a05ad7c4418a5df34102533a860f524
Instruction ID: a4a7069436d3871c042e09a231c2cdcebc5d58ad1c3b5ae1deb7b77aa085f5be
Opcode Fuzzy Hash: 863a9a51d31a91d62f88163790f89b256a05ad7c4418a5df34102533a860f524
Instruction Fuzzy Hash: 84011DB4A0472ACFEB248E50DCC47AE7774FBC4311F1001E6D909A6280D7791EC2DE45

Uniqueness

Uniqueness Score: -1.00%

Function 0042B373 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 50fa28723ed6353bda186bbb1108bce34a79327ba014d45dc40476013d420add
Instruction ID: 7ce4b2e02a37aea487351f1f0ef9acfbedbbe54b35021a267e7016e7188dda01
Opcode Fuzzy Hash: 50fa28723ed6353bda186bbb1108bce34a79327ba014d45dc40476013d420add
Instruction Fuzzy Hash: 0101D2B5E016688BDB24CB58CE54AD9B7B6FB88301F1042DAE14EA7644D7346EC1CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0042B647 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0ddf63b86542836bbaa4b30dd6a42b47c23aba82e045a8036df8b9d363a95747
Instruction ID: 8822d6f8f2da9efa9dbda12505759b2ee68b0f37e62c33df699c142e6b9ac41d
Opcode Fuzzy Hash: 0ddf63b86542836bbaa4b30dd6a42b47c23aba82e045a8036df8b9d363a95747
Instruction Fuzzy Hash: 64011A70A046688BCB35CB54DC90BEAB7B1FB49346F1082CBD559A6244D7345EC1CF46

Uniqueness

Uniqueness Score: -1.00%

Function 0042AF7E Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c99520981293ab97ebe860cc8e6f90bd9bf05121e0afd5693f04930202d38de7
Instruction ID: 7e2203565b2123f1f20f5df700a4dcc584fff8e333d1b8b336e1d79efbb1e61d
Opcode Fuzzy Hash: c99520981293ab97ebe860cc8e6f90bd9bf05121e0afd5693f04930202d38de7
Instruction Fuzzy Hash: 73F03AB2D045349BC724DA58DD44BD677B8EB49316F1141EAEA4EF6600E2380EC28F91

Uniqueness

Uniqueness Score: -1.00%

Function 0042C79E Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: db519ea3e8d701de9e2d95f632e1b35b62b0a54eb8008ada76c0b9b67487df7c
Instruction ID: 361b2733352d1baffb81e9913923851753fa67a009ab156d8c5616165f58b6e5
Opcode Fuzzy Hash: db519ea3e8d701de9e2d95f632e1b35b62b0a54eb8008ada76c0b9b67487df7c
Instruction Fuzzy Hash: 5EF0FEB594432ACFEB60CF50DC847AE7775FB84315F1001E6D909A6290D7791EC1DE15

Uniqueness

Uniqueness Score: -1.00%

Function 0042CA7E Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 0740328d3fe53a03dccb17a8abe6e844af4b8f1beb7086463cbe571ff3802a9c
Instruction ID: bf70be97496846ddc43d2e407d71587e0d903f02560d0085d4954aceed8642a1
Opcode Fuzzy Hash: 0740328d3fe53a03dccb17a8abe6e844af4b8f1beb7086463cbe571ff3802a9c
Instruction Fuzzy Hash: 9FF0F970A0856D8BDB28CB14E9D47ED77B1BB81305F6042EAD45E96284CBB81FC18F4A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BF6E Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4ab7da515541fdcce87ce8e3c29f3905f1cdb3ae986d5132a53254024ad934da
Instruction ID: 4d6812362b8591d61477e555ae956cd5969acaaf5e9b8d6cbbceb720e3ee48e3
Opcode Fuzzy Hash: 4ab7da515541fdcce87ce8e3c29f3905f1cdb3ae986d5132a53254024ad934da
Instruction Fuzzy Hash: 8FE0D8E2F083646EE3105114FCC9B9F3624DBE1300F2540B7E64D56140A1BD05C24963

Uniqueness

Uniqueness Score: -1.00%

Function 00413ECF Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 682ffa99ff7b4c7b17c6dc2ccdf68afec2d8320d1da0a8c5333fd960db2a0991
Instruction ID: 3abcd6c11a137050e503078aa4609b0ac98f2767dd8f7e3a81f211c111d7cf46
Opcode Fuzzy Hash: 682ffa99ff7b4c7b17c6dc2ccdf68afec2d8320d1da0a8c5333fd960db2a0991
Instruction Fuzzy Hash: 84E01271E042545BE7248B55ED54EEBB7BD9BC8701F1045DBA20DA3541C6348EC68F15

Uniqueness

Uniqueness Score: -1.00%

Function 0042BF7E Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c99c63bbfb8adcb832771e27847add93ceb65ca2b971e99dedb3475219fed646
Instruction ID: 8188047988572cec5f3f068fb8f13d7ad603b0b7a3f5e672c9e7925f8c577580
Opcode Fuzzy Hash: c99c63bbfb8adcb832771e27847add93ceb65ca2b971e99dedb3475219fed646
Instruction Fuzzy Hash: 3CD05EE2F4126866E3204119FC8ABDF3625ABE2709F6A00B2E64E25140A5FD06D749A7

Uniqueness

Uniqueness Score: -1.00%

Function 0042C7BF Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e8db4eaced17469c5752c42a3198ef0aaf7ce6bdaeaa2608ca0f190f3ab4e5a9
Instruction ID: 0e7addb3805b29ee445755dea13f59680e10218fb0b27b67fe74e258e5ee40f5
Opcode Fuzzy Hash: e8db4eaced17469c5752c42a3198ef0aaf7ce6bdaeaa2608ca0f190f3ab4e5a9
Instruction Fuzzy Hash: 5FE0C2B4E0072ECEDB248E10D8857AEB770BB89301F0002EAD50EAA280D7B50EC1CE46

Uniqueness

Uniqueness Score: -1.00%

Function 0042AB59 Relevance: 1.5, APIs: 1, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 944bbf848110276ca77774808790c4a6d8b24636009effe356c2206d78893acf
Instruction ID: 717dda2ca38aa93276e0c6634125a98f817430aa42161a1a21dcea8c2094bcc6
Opcode Fuzzy Hash: 944bbf848110276ca77774808790c4a6d8b24636009effe356c2206d78893acf
Instruction Fuzzy Hash: D6E0ED719045249BD725DA45CD54AC9B7B6EB88302F1080D6A10EA6644D7785EC18F46

Uniqueness

Uniqueness Score: -1.00%

Function 0042AFAA Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042B6E3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a59b5bc883fe2c1e293dc14cb7f46b8a061b1e93537d18b852b89100785b3f3f
Instruction ID: 92bb3d505aa34958425c93ea4396ffc51ddc23437088fa5c9bb8db263f00e5ee
Opcode Fuzzy Hash: a59b5bc883fe2c1e293dc14cb7f46b8a061b1e93537d18b852b89100785b3f3f
Instruction Fuzzy Hash: 58E0B671A006289BCB25DB88CE54BD9B3B4EB4D302F1041CBE20EE6600D7345EC18F56

Uniqueness

Uniqueness Score: -1.00%

Function 0042C3DA Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0042CAFB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 0f422f61d5c40b00730e11d5496368d16fef9733df4ea85157e8cf91b777118e
Instruction ID: f4c73bb844dddcda9bf3be0cd903b43c01c2586094b34ecdcf39af10f0cf011e
Opcode Fuzzy Hash: 0f422f61d5c40b00730e11d5496368d16fef9733df4ea85157e8cf91b777118e
Instruction Fuzzy Hash: A5C02B24B002144BE360CA70FC0938C7920BBC0304F2080B5D00D20C48CDFF03C6CA03

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00414005 Relevance: 102.8, Strings: 82, Instructions: 292COMMON

Download Yara Rule

Strings

c, xrefs: 0041422D
i, xrefs: 004143A3
u, xrefs: 0041421F
;>LN, xrefs: 00414005
e, xrefs: 0041435C
u, xrefs: 004142BA
s, xrefs: 00414339
e, xrefs: 00414176
o, xrefs: 004142B3
s, xrefs: 004142AC
r, xrefs: 00414192
R, xrefs: 00414203
u, xrefs: 004140D4
n, xrefs: 00414161
o, xrefs: 00414184
d, xrefs: 004141FC
c, xrefs: 004143F0
t, xrefs: 004143E2
s, xrefs: 0041417D
l, xrefs: 00414105
W, xrefs: 004141A7
e, xrefs: 00414289
z, xrefs: 00414282
i, xrefs: 0041427B
d, xrefs: 004140FE
o, xrefs: 00414218
u, xrefs: 00414347
L, xrefs: 0041430F
H, xrefs: 004140E9
l, xrefs: 004143C6
a, xrefs: 004141F5
S, xrefs: 00414274
e, xrefs: 004140B1
s, xrefs: 00414211
e, xrefs: 0041420A
M, xrefs: 004140BF
r, xrefs: 004143AA
c, xrefs: 00414199
e, xrefs: 00414332
F, xrefs: 00414153
o, xrefs: 004140C6
u, xrefs: 0041418B
c, xrefs: 00414355
r, xrefs: 004142C1
o, xrefs: 004141EE
r, xrefs: 0041434E
d, xrefs: 004140CD
t, xrefs: 004140B8
e, xrefs: 004141A0
e, xrefs: 004142CF
O, xrefs: 00414290
e, xrefs: 004142A5
c, xrefs: 004142C8
r, xrefs: 004143D4
o, xrefs: 00414340
e, xrefs: 004140E2
G, xrefs: 004140AA
W, xrefs: 00414113
c, xrefs: 0041431D
e, xrefs: 00414234
u, xrefs: 004143B8
r, xrefs: 00414226
R, xrefs: 0041416F
V, xrefs: 0041439C
i, xrefs: 0041415A
e, xrefs: 0041410C
t, xrefs: 004143B1
t, xrefs: 004143F7
n, xrefs: 004140F7
P, xrefs: 004143CD
e, xrefs: 004143E9
o, xrefs: 00414316
f, xrefs: 00414297
k, xrefs: 00414324
R, xrefs: 0041429E
L, xrefs: 004141E7
d, xrefs: 00414168
l, xrefs: 004140DB
R, xrefs: 0041432B
a, xrefs: 004143BF
o, xrefs: 004143DB
a, xrefs: 004140F0

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: ;>LN$F$G$H$L$L$M$O$P$R$R$R$R$S$V$W$W$a$a$a$c$c$c$c$c$c$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$f$i$i$i$k$l$l$l$n$n$o$o$o$o$o$o$o$o$r$r$r$r$r$r$s$s$s$s$t$t$t$t$u$u$u$u$u$u$z
API String ID: 0-3780962440
Opcode ID: 28387cc426f7f5febe7c82248500e1edfc5690fc97d902c6a5708986115a21f2
Instruction ID: 3b871b2fa018beef834215d07df56ff0ccc0def4e3dca807d570753817373e17
Opcode Fuzzy Hash: 28387cc426f7f5febe7c82248500e1edfc5690fc97d902c6a5708986115a21f2
Instruction Fuzzy Hash: CCD1BB71C0C6D499F7268238DC097DA6E759F62704F0840E9D68C6A682D2FF0BD98B77

Uniqueness

Uniqueness Score: -1.00%

Function 00414048 Relevance: 101.5, Strings: 81, Instructions: 271COMMON

Download Yara Rule

Strings

c, xrefs: 0041422D
i, xrefs: 004143A3
u, xrefs: 0041421F
e, xrefs: 0041435C
u, xrefs: 004142BA
s, xrefs: 00414339
e, xrefs: 00414176
o, xrefs: 004142B3
s, xrefs: 004142AC
r, xrefs: 00414192
R, xrefs: 00414203
u, xrefs: 004140D4
n, xrefs: 00414161
o, xrefs: 00414184
d, xrefs: 004141FC
c, xrefs: 004143F0
t, xrefs: 004143E2
s, xrefs: 0041417D
l, xrefs: 00414105
W, xrefs: 004141A7
e, xrefs: 00414289
z, xrefs: 00414282
i, xrefs: 0041427B
d, xrefs: 004140FE
o, xrefs: 00414218
u, xrefs: 00414347
L, xrefs: 0041430F
H, xrefs: 004140E9
l, xrefs: 004143C6
a, xrefs: 004141F5
S, xrefs: 00414274
e, xrefs: 004140B1
s, xrefs: 00414211
e, xrefs: 0041420A
M, xrefs: 004140BF
r, xrefs: 004143AA
c, xrefs: 00414199
e, xrefs: 00414332
F, xrefs: 00414153
o, xrefs: 004140C6
u, xrefs: 0041418B
c, xrefs: 00414355
r, xrefs: 004142C1
o, xrefs: 004141EE
r, xrefs: 0041434E
d, xrefs: 004140CD
t, xrefs: 004140B8
e, xrefs: 004141A0
e, xrefs: 004142CF
O, xrefs: 00414290
e, xrefs: 004142A5
c, xrefs: 004142C8
r, xrefs: 004143D4
o, xrefs: 00414340
e, xrefs: 004140E2
G, xrefs: 004140AA
W, xrefs: 00414113
c, xrefs: 0041431D
e, xrefs: 00414234
u, xrefs: 004143B8
r, xrefs: 00414226
R, xrefs: 0041416F
V, xrefs: 0041439C
i, xrefs: 0041415A
e, xrefs: 0041410C
t, xrefs: 004143B1
t, xrefs: 004143F7
n, xrefs: 004140F7
P, xrefs: 004143CD
e, xrefs: 004143E9
o, xrefs: 00414316
f, xrefs: 00414297
k, xrefs: 00414324
R, xrefs: 0041429E
L, xrefs: 004141E7
d, xrefs: 00414168
l, xrefs: 004140DB
R, xrefs: 0041432B
a, xrefs: 004143BF
o, xrefs: 004143DB
a, xrefs: 004140F0

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: F$G$H$L$L$M$O$P$R$R$R$R$S$V$W$W$a$a$a$c$c$c$c$c$c$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$f$i$i$i$k$l$l$l$n$n$o$o$o$o$o$o$o$o$r$r$r$r$r$r$s$s$s$s$t$t$t$t$u$u$u$u$u$u$z
API String ID: 0-3978732156
Opcode ID: ad0d40cfc2276225f619c40280e3e38038117013e49c94879638b5283640e562
Instruction ID: ba6e53f4057e20cc1da15e30835d66b5c8806cf6195c649913aa0bda2ac44fc4
Opcode Fuzzy Hash: ad0d40cfc2276225f619c40280e3e38038117013e49c94879638b5283640e562
Instruction Fuzzy Hash: 4DC19970D0C6D499F7268228DC497DAAE615F62705F0840E9D28C2A682D2FF0BD98B77

Uniqueness

Uniqueness Score: -1.00%

Function 0041405F Relevance: 101.5, Strings: 81, Instructions: 266COMMON

Download Yara Rule

Strings

c, xrefs: 0041422D
i, xrefs: 004143A3
u, xrefs: 0041421F
e, xrefs: 0041435C
u, xrefs: 004142BA
s, xrefs: 00414339
e, xrefs: 00414176
o, xrefs: 004142B3
s, xrefs: 004142AC
r, xrefs: 00414192
R, xrefs: 00414203
u, xrefs: 004140D4
n, xrefs: 00414161
o, xrefs: 00414184
d, xrefs: 004141FC
c, xrefs: 004143F0
t, xrefs: 004143E2
s, xrefs: 0041417D
l, xrefs: 00414105
W, xrefs: 004141A7
e, xrefs: 00414289
z, xrefs: 00414282
i, xrefs: 0041427B
d, xrefs: 004140FE
o, xrefs: 00414218
u, xrefs: 00414347
L, xrefs: 0041430F
H, xrefs: 004140E9
l, xrefs: 004143C6
a, xrefs: 004141F5
S, xrefs: 00414274
e, xrefs: 004140B1
s, xrefs: 00414211
e, xrefs: 0041420A
M, xrefs: 004140BF
r, xrefs: 004143AA
c, xrefs: 00414199
e, xrefs: 00414332
F, xrefs: 00414153
o, xrefs: 004140C6
u, xrefs: 0041418B
c, xrefs: 00414355
r, xrefs: 004142C1
o, xrefs: 004141EE
r, xrefs: 0041434E
d, xrefs: 004140CD
t, xrefs: 004140B8
e, xrefs: 004141A0
e, xrefs: 004142CF
O, xrefs: 00414290
e, xrefs: 004142A5
c, xrefs: 004142C8
r, xrefs: 004143D4
o, xrefs: 00414340
e, xrefs: 004140E2
G, xrefs: 004140AA
W, xrefs: 00414113
c, xrefs: 0041431D
e, xrefs: 00414234
u, xrefs: 004143B8
r, xrefs: 00414226
R, xrefs: 0041416F
V, xrefs: 0041439C
i, xrefs: 0041415A
e, xrefs: 0041410C
t, xrefs: 004143B1
t, xrefs: 004143F7
n, xrefs: 004140F7
P, xrefs: 004143CD
e, xrefs: 004143E9
o, xrefs: 00414316
f, xrefs: 00414297
k, xrefs: 00414324
R, xrefs: 0041429E
L, xrefs: 004141E7
d, xrefs: 00414168
l, xrefs: 004140DB
R, xrefs: 0041432B
a, xrefs: 004143BF
o, xrefs: 004143DB
a, xrefs: 004140F0

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: F$G$H$L$L$M$O$P$R$R$R$R$S$V$W$W$a$a$a$c$c$c$c$c$c$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$f$i$i$i$k$l$l$l$n$n$o$o$o$o$o$o$o$o$r$r$r$r$r$r$s$s$s$s$t$t$t$t$u$u$u$u$u$u$z
API String ID: 0-3978732156
Opcode ID: 74130395cdb96a08291f298ada6f6f78c71dc1ed137b82397c95fff21192f812
Instruction ID: 9c74d65da3bd6b718745c86bc8d64dd0299d901640edcf07f6b79f01f71d28f5
Opcode Fuzzy Hash: 74130395cdb96a08291f298ada6f6f78c71dc1ed137b82397c95fff21192f812
Instruction Fuzzy Hash: 17C18B70D0C6D499F7268238DC497DAAE755F62705F0840E9D28C2A682D2FF0BD98B77

Uniqueness

Uniqueness Score: -1.00%

Function 0041A4DC Relevance: 70.3, Strings: 56, Instructions: 306COMMON

Download Yara Rule

Strings

U, xrefs: 0041A515
t, xrefs: 0041A507
R, xrefs: 0041A500
r, xrefs: 0041A57E
a, xrefs: 0041AB5C
r, xrefs: 0041AB8D
C, xrefs: 0041A5E8
e, xrefs: 0041A538
n, xrefs: 0041A546
r, xrefs: 0041A5EF
n, xrefs: 0041A65F
s, xrefs: 0041A531
i, xrefs: 0041AB71
S, xrefs: 0041A643
c, xrefs: 0041A627
r, xrefs: 0041AB7F
g, xrefs: 0041A593
e, xrefs: 0041A5F6
e, xrefs: 0041A63C
d, xrefs: 0041A562
b, xrefs: 0041AB78
U, xrefs: 0041A612
U, xrefs: 0041A53F
d, xrefs: 0041A635
r, xrefs: 0041A651
L, xrefs: 0041AB6A
o, xrefs: 0041AB55
c, xrefs: 0041A554
t, xrefs: 0041A604
g, xrefs: 0041A666
i, xrefs: 0041A54D
o, xrefs: 0041A55B
i, xrefs: 0041A620
l, xrefs: 0041A50E
R, xrefs: 0041A5D3
y, xrefs: 0041AB94
i, xrefs: 0041A658
n, xrefs: 0041A58C
n, xrefs: 0041A619
W, xrefs: 0041AB9B
t, xrefs: 0041A64A
a, xrefs: 0041A5FD
t, xrefs: 0041A577
a, xrefs: 0041AB86
p, xrefs: 0041A51C
d, xrefs: 0041AB63
L, xrefs: 0041AB4E
t, xrefs: 0041A5DA
o, xrefs: 0041A62E
S, xrefs: 0041A570
i, xrefs: 0041A585
c, xrefs: 0041A523
l, xrefs: 0041A5E1
a, xrefs: 0041A52A
e, xrefs: 0041A60B
e, xrefs: 0041A569

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: C$L$L$R$R$S$S$U$U$U$W$a$a$a$a$b$c$c$c$d$d$d$e$e$e$e$e$g$g$i$i$i$i$i$l$l$n$n$n$n$o$o$o$p$r$r$r$r$r$s$t$t$t$t$t$y
API String ID: 0-1787905885
Opcode ID: 3a9ebf1bc3e5d56f888cfe605ef69cd27ac2524a6ed06bd45202dea530813e78
Instruction ID: 36cdbcd9c7a8cd4c4d17783008cd3a2be7a30a8278fe04d4aca056b7f594d321
Opcode Fuzzy Hash: 3a9ebf1bc3e5d56f888cfe605ef69cd27ac2524a6ed06bd45202dea530813e78
Instruction Fuzzy Hash: E3D1C661D082E8DAF7218624DC487DA7EB59B52318F0880FAC58D57281D7BE0FD5CB67

Uniqueness

Uniqueness Score: -1.00%

Function 0041A5C1 Relevance: 42.7, Strings: 34, Instructions: 223COMMON

Download Yara Rule

Strings

o, xrefs: 0041AB55
t, xrefs: 0041A604
g, xrefs: 0041A666
i, xrefs: 0041A620
R, xrefs: 0041A5D3
y, xrefs: 0041AB94
i, xrefs: 0041A658
a, xrefs: 0041AB5C
n, xrefs: 0041A619
r, xrefs: 0041AB8D
C, xrefs: 0041A5E8
W, xrefs: 0041AB9B
t, xrefs: 0041A64A
a, xrefs: 0041A5FD
a, xrefs: 0041AB86
r, xrefs: 0041A5EF
n, xrefs: 0041A65F
i, xrefs: 0041AB71
S, xrefs: 0041A643
d, xrefs: 0041AB63
c, xrefs: 0041A627
r, xrefs: 0041AB7F
L, xrefs: 0041AB4E
t, xrefs: 0041A5DA
e, xrefs: 0041A5F6
o, xrefs: 0041A62E
e, xrefs: 0041A63C
b, xrefs: 0041AB78
U, xrefs: 0041A612
d, xrefs: 0041A635
r, xrefs: 0041A651
l, xrefs: 0041A5E1
L, xrefs: 0041AB6A
e, xrefs: 0041A60B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: C$L$L$R$S$U$W$a$a$a$b$c$d$d$e$e$e$g$i$i$i$l$n$n$o$o$r$r$r$r$t$t$t$y
API String ID: 0-297948648
Opcode ID: db9ef9eceee655f55d1e90d0604576e6bdb56afe12a98ea50a7ab47f46278241
Instruction ID: 35c918eeb58cdfc38640b00772031beab3fb249858c992b8c620130c1c9c9d9e
Opcode Fuzzy Hash: db9ef9eceee655f55d1e90d0604576e6bdb56afe12a98ea50a7ab47f46278241
Instruction Fuzzy Hash: E591D5A1D082A8DAFB248624DC447EA7AB5EF51308F0880F9D54D57281D7BE0FD58B66

Uniqueness

Uniqueness Score: -1.00%

Function 00440230 Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 474registrystringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32 ref: 004402C6
lstrcmpiW.KERNEL32(?,ForceRemove), ref: 004402D5
lstrlenW.KERNEL32(?,?), ref: 0044039E
lstrcmpiW.KERNEL32(?,NoRemove), ref: 00440402
lstrcmpiW.KERNEL32(?,Val), ref: 00440431
RegDeleteValueW.ADVAPI32(?,?), ref: 00440518
RegCloseKey.ADVAPI32(?), ref: 00440530
RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 00440592
RegCloseKey.ADVAPI32(?), ref: 004405A9
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 004405E2
RegCloseKey.ADVAPI32(?), ref: 004405F9
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0044069C
RegCloseKey.ADVAPI32(?), ref: 004406B3
lstrlenW.KERNEL32(?), ref: 00440728
RegCloseKey.ADVAPI32(?), ref: 00440817
RegDeleteKeyW.ADVAPI32(?,?), ref: 00440865

Part of subcall function 00463230: RegCloseKey.ADVAPI32(00000000,004408A7), ref: 00463237

RegCloseKey.ADVAPI32(?), ref: 00440924

Strings

Val, xrefs: 0044042B
NoRemove, xrefs: 004403FC
Delete, xrefs: 004402B6
ForceRemove, xrefs: 004402CC

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Close$lstrcmpi$Open$Deletelstrlen$Value
String ID: Delete$ForceRemove$NoRemove$Val
API String ID: 4237924461-1781481701
Opcode ID: ec59ce37ba4ea00910334be76131e4cd9b904d4986750a9455d185301e9ac0a3
Instruction ID: e54b051dc26b6821558dd806389ae908b18cc9d534c4c47dfc2677ec22652ddb
Opcode Fuzzy Hash: ec59ce37ba4ea00910334be76131e4cd9b904d4986750a9455d185301e9ac0a3
Instruction Fuzzy Hash: 5002D771900225EBEB31EF659C8869EB7B5AF84304F1005DFE609A7301DB389E95CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00446330 Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 517COMMON

Download Yara Rule

Strings

%UserProfile%, xrefs: 00446876, 004468A9

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: %UserProfile%
API String ID: 0-516575011
Opcode ID: b05915c8c23d2ceb6e12ccc356f711bfb1c31c8cfc2c561b8135157eb20e2415
Instruction ID: 27a73b68d7138fe645ec7597e87260bf68dd40d07f42739814728ea425786d33
Opcode Fuzzy Hash: b05915c8c23d2ceb6e12ccc356f711bfb1c31c8cfc2c561b8135157eb20e2415
Instruction Fuzzy Hash: 4E1228B1A002158FEB20DF19CC44F9AB7B8EF85314F5682ABE50497391DB74AE41CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0042A62F Relevance: 17.8, Strings: 14, Instructions: 303COMMON

Download Yara Rule

Strings

b, xrefs: 0042A7A3
PI2P, xrefs: 0042A52E
L, xrefs: 0042A779
W, xrefs: 0042A7C6
a, xrefs: 0042A7B1
a, xrefs: 0042A787
y, xrefs: 0042A7BF
P7@6, xrefs: 0042B329
r, xrefs: 0042A7AA
r, xrefs: 0042A7B8
o, xrefs: 0042A780
i, xrefs: 0042A79C
d, xrefs: 0042A78E
L, xrefs: 0042A795

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$P7@6$PI2P$W$a$a$b$d$i$o$r$r$y
API String ID: 0-3420747943
Opcode ID: 237d231042bd9d78fa075965c9d418762e9820a84ebb62be90237c894ebed339
Instruction ID: 121005e3cbd270abd68d71e2bc97683d1ea8e671cf6b7175816be300b514108a
Opcode Fuzzy Hash: 237d231042bd9d78fa075965c9d418762e9820a84ebb62be90237c894ebed339
Instruction Fuzzy Hash: 7EB1F0B1D045689AE7208B24EC44BEBB635EF94310F0480FAD90DAB781E67D5EC5CF66

Uniqueness

Uniqueness Score: -1.00%

Function 004267D0 Relevance: 16.6, Strings: 13, Instructions: 361COMMON

Download Yara Rule

Strings

a, xrefs: 0042780F
a, xrefs: 00427839
o, xrefs: 00427808
DBP9, xrefs: 00427899
L, xrefs: 0042781D
L, xrefs: 00427801
b, xrefs: 0042782B
i, xrefs: 00427824
d, xrefs: 00427816
y, xrefs: 00427847
W, xrefs: 0042784E
r, xrefs: 00427832
r, xrefs: 00427840

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: DBP9$L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-2359847180
Opcode ID: 794042b9cd6cd3e1a5cfb6759b935dc15e4c8cf5d0e7c8981bdb783cb4f7f337
Instruction ID: 5de579a68f967f13873e032c8b9575aa067072aa6183b41b23b2139220886946
Opcode Fuzzy Hash: 794042b9cd6cd3e1a5cfb6759b935dc15e4c8cf5d0e7c8981bdb783cb4f7f337
Instruction Fuzzy Hash: 26F190B1E042298BEB24CB14DC84BEABBB5EB84300F1581FAD84DA7381D6395FC58F55

Uniqueness

Uniqueness Score: -1.00%

Function 0042A534 Relevance: 16.5, Strings: 13, Instructions: 248COMMON

Download Yara Rule

Strings

b, xrefs: 0042A7A3
PI2P, xrefs: 0042A52E
L, xrefs: 0042A779
W, xrefs: 0042A7C6
a, xrefs: 0042A7B1
a, xrefs: 0042A787
y, xrefs: 0042A7BF
r, xrefs: 0042A7AA
r, xrefs: 0042A7B8
o, xrefs: 0042A780
i, xrefs: 0042A79C
d, xrefs: 0042A78E
L, xrefs: 0042A795

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$PI2P$W$a$a$b$d$i$o$r$r$y
API String ID: 0-779095712
Opcode ID: cb9aaae50f09d1aa27b0cf454acc7616408ac5e830a105f953815ee16c1054ea
Instruction ID: 833158ccdf7e39be27813f2ea5cac9716a9d933f154c95ac2c329ddb18ffbab9
Opcode Fuzzy Hash: cb9aaae50f09d1aa27b0cf454acc7616408ac5e830a105f953815ee16c1054ea
Instruction Fuzzy Hash: 49A12360D055699AE7208B24DC547FBB672EF95710F0480FED90DAB781E23D0ED5CB26

Uniqueness

Uniqueness Score: -1.00%

Function 00418740 Relevance: 15.3, Strings: 12, Instructions: 270COMMON

Download Yara Rule

Strings

o, xrefs: 0041938C
b, xrefs: 004193AF
y, xrefs: 004193CB
L, xrefs: 00419385
r, xrefs: 004193B6
W, xrefs: 004193D2
L, xrefs: 004193A1
a, xrefs: 004193BD
d, xrefs: 0041939A
i, xrefs: 004193A8
r, xrefs: 004193C4
a, xrefs: 00419393

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: acf53786cdaa073afdc23a71f4217592192b8744eba419601847e9dcdfc8015f
Instruction ID: 2b3639616409135474837a51513ceb656f3f8978db47bdb6b2ad6e05904b7851
Opcode Fuzzy Hash: acf53786cdaa073afdc23a71f4217592192b8744eba419601847e9dcdfc8015f
Instruction Fuzzy Hash: 46A105B2E042A49EF7208A24DC44BEB7BB5EF91314F0481FED44DA7685D67D0EC58B62

Uniqueness

Uniqueness Score: -1.00%

Function 0041863F Relevance: 15.3, Strings: 12, Instructions: 265COMMON

Download Yara Rule

Strings

o, xrefs: 0041938C
b, xrefs: 004193AF
y, xrefs: 004193CB
L, xrefs: 00419385
r, xrefs: 004193B6
W, xrefs: 004193D2
L, xrefs: 004193A1
a, xrefs: 004193BD
d, xrefs: 0041939A
i, xrefs: 004193A8
r, xrefs: 004193C4
a, xrefs: 00419393

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 539854c77cc127dc8ea16b0c78b4a4ce77117ddb9daca00d3131ad6210e19502
Instruction ID: fc0b76cc83fc56d01653124363e068ebea87e4fbf0c34cb1cf39e34ee6e325f1
Opcode Fuzzy Hash: 539854c77cc127dc8ea16b0c78b4a4ce77117ddb9daca00d3131ad6210e19502
Instruction Fuzzy Hash: 22A108B2D046A88AE7208A24DC54BEB7B75EF42304F0441FED44DA7681DA7D4EC5CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00418469 Relevance: 15.2, Strings: 12, Instructions: 222COMMON

Download Yara Rule

Strings

o, xrefs: 0041938C
b, xrefs: 004193AF
y, xrefs: 004193CB
L, xrefs: 00419385
r, xrefs: 004193B6
W, xrefs: 004193D2
L, xrefs: 004193A1
a, xrefs: 004193BD
d, xrefs: 0041939A
i, xrefs: 004193A8
r, xrefs: 004193C4
a, xrefs: 00419393

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 4da57fdc3808a538c2e905607e7f06de63deb9bf2fc848e9813ef82b194b9e93
Instruction ID: 8b549085d8d9aa3cc178be8086af4c30e6f668833559d545b0787ca11f724ae5
Opcode Fuzzy Hash: 4da57fdc3808a538c2e905607e7f06de63deb9bf2fc848e9813ef82b194b9e93
Instruction Fuzzy Hash: 698105B2D082A88AE7208A24DC44BEB7B75EF51304F0041FED44DA7681DA7D0EC58B66

Uniqueness

Uniqueness Score: -1.00%

Function 0041843C Relevance: 15.2, Strings: 12, Instructions: 221COMMON

Download Yara Rule

Strings

o, xrefs: 0041938C
b, xrefs: 004193AF
y, xrefs: 004193CB
L, xrefs: 00419385
r, xrefs: 004193B6
W, xrefs: 004193D2
L, xrefs: 004193A1
a, xrefs: 004193BD
d, xrefs: 0041939A
i, xrefs: 004193A8
r, xrefs: 004193C4
a, xrefs: 00419393

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: f35b7717e2bf88301fd52579f1ea905a3b811a69ced9d5e9af08729458db5b8d
Instruction ID: 8e17cc4f126f5f5c8cc8e90867a26d09ab718afa32763a0ebae872c5a45f8c79
Opcode Fuzzy Hash: f35b7717e2bf88301fd52579f1ea905a3b811a69ced9d5e9af08729458db5b8d
Instruction Fuzzy Hash: 0781F5B2D082A49AEB208A24DC44BEB7BB5EF55304F0041FED44DA7681DA7D4EC58B66

Uniqueness

Uniqueness Score: -1.00%

Function 00418493 Relevance: 15.2, Strings: 12, Instructions: 221COMMON

Download Yara Rule

Strings

o, xrefs: 0041938C
b, xrefs: 004193AF
y, xrefs: 004193CB
L, xrefs: 00419385
r, xrefs: 004193B6
W, xrefs: 004193D2
L, xrefs: 004193A1
a, xrefs: 004193BD
d, xrefs: 0041939A
i, xrefs: 004193A8
r, xrefs: 004193C4
a, xrefs: 00419393

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 1419d5c36c968984305ebbcd90ce2858e4096c09ea472f301a36e6497d25d9e4
Instruction ID: 5d36b93332d3e674d37557f8b3327274636f7cbd538bfc4c26a477700107a405
Opcode Fuzzy Hash: 1419d5c36c968984305ebbcd90ce2858e4096c09ea472f301a36e6497d25d9e4
Instruction Fuzzy Hash: B381F4B2D082A89AEB208A24DC44BEB7B75EF55304F0041FED44DA7681DA7D0EC5CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0041C4E8 Relevance: 15.2, Strings: 12, Instructions: 208COMMON

Download Yara Rule

Strings

r, xrefs: 0041C603
d, xrefs: 0041C5D9
W, xrefs: 0041C611
a, xrefs: 0041C5FC
i, xrefs: 0041C5E7
b, xrefs: 0041C5EE
o, xrefs: 0041C5CB
L, xrefs: 0041C5C4
L, xrefs: 0041C5E0
r, xrefs: 0041C5F5
a, xrefs: 0041C5D2
y, xrefs: 0041C60A

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: b2ab05ea0bb498faf0a0bd7a2eb7a5462307bfe5f1a4fcc45ff833ad56b5db82
Instruction ID: 33829d7ca1d0160bcae9ddec95834b4e04ce6ad540e937aed62e48eabfdaf3b2
Opcode Fuzzy Hash: b2ab05ea0bb498faf0a0bd7a2eb7a5462307bfe5f1a4fcc45ff833ad56b5db82
Instruction Fuzzy Hash: 0C81F4B1D142688AFB208B24CC90BEA7BB5EF54300F1481FAD44D97281DB7E4FD58B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0049A650 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 144fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00462460: _vswprintf_s.LIBCMT ref: 00462492

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 0049A6D2
DeviceIoControl.KERNEL32 ref: 0049A718
CloseHandle.KERNEL32(00000000), ref: 0049A723
_memset.LIBCMT ref: 0049A798
CloseHandle.KERNEL32(00000000), ref: 0049A813

Strings

L, xrefs: 0049A7DB
L, xrefs: 0049A7C6
\\.\PhysicalDrive%d, xrefs: 0049A6A1

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CloseHandle$ControlCreateDeviceFile_memset_vswprintf_s
String ID: L$ L$\\.\PhysicalDrive%d
API String ID: 759969516-1418412989
Opcode ID: 904432ad5da664f698ee9070986e5af999f21b821e6534e03ce7a75bfe2b6cab
Instruction ID: 663792087abd7e7a853687f4004ad249ba7a96eed8e5edd625e7ac16950f874d
Opcode Fuzzy Hash: 904432ad5da664f698ee9070986e5af999f21b821e6534e03ce7a75bfe2b6cab
Instruction Fuzzy Hash: 355177B0508740AFD770DF25CC85BAB7BE8EB84708F40492EF589D6281E77899058F9B

Uniqueness

Uniqueness Score: -1.00%

Function 0040C640 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 107libraryloaderCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040C66E
_memset.LIBCMT ref: 0040C685
GetVersionExW.KERNEL32(?), ref: 0040C694
GetModuleHandleW.KERNEL32(ntdll,RtlGetVersion), ref: 0040C6BF
GetProcAddress.KERNEL32(00000000), ref: 0040C6C6
_memset.LIBCMT ref: 0040C723

Part of subcall function 0040C540: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 0040C54F
Part of subcall function 0040C540: GetProcAddress.KERNEL32(00000000), ref: 0040C556
Part of subcall function 0040C540: GetCurrentProcess.KERNEL32(?), ref: 0040C56B

Strings

ntdll, xrefs: 0040C6BA
RtlGetVersion, xrefs: 0040C6B5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: _memset$AddressHandleModuleProc$CurrentProcessVersion
String ID: RtlGetVersion$ntdll
API String ID: 3825021448-2582309562
Opcode ID: 614c7ba07b8ca92aa9f5f1655a0124c5ee0c5e122fa44b85d9bfef69e6ee2af9
Instruction ID: e244091a4da6ca06e3123426368e64676980cd1d684e27b0e3e606345d07e2f9
Opcode Fuzzy Hash: 614c7ba07b8ca92aa9f5f1655a0124c5ee0c5e122fa44b85d9bfef69e6ee2af9
Instruction Fuzzy Hash: A741B674600215DFDB20DF15DD81BDAB7B5AF44305F4081AAE909AB2C1EB78AA85CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0047C6F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82memorythreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0047C6FF
OpenThread.KERNEL32(00000040,00000001,-00000008,00000000,?,?,7622DFA0), ref: 0047C759
GetLastError.KERNEL32(?,?,7622DFA0), ref: 0047C75F
GetProcessHeap.KERNEL32(?,?,7622DFA0), ref: 0047C78E
HeapFree.KERNEL32(00000000,00000000,?,?,?,7622DFA0), ref: 0047C798
OutputDebugStringW.KERNEL32(****** ,?,?,7622DFA0), ref: 0047C7A5
CloseHandle.KERNEL32(00000000,?,?,7622DFA0), ref: 0047C7AE

Strings

****** , xrefs: 0047C7A0

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: HeapThread$CloseCurrentDebugErrorFreeHandleLastOpenOutputProcessString
String ID: ******
API String ID: 2450575844-1974978773
Opcode ID: d879261aa293f08d22df3430f58d138a36612bf78f06e7a58739579d2838f516
Instruction ID: cb2f240dcb47cfa19b879225ebf037f31543b93a95f004dea55b1f160f2929b1
Opcode Fuzzy Hash: d879261aa293f08d22df3430f58d138a36612bf78f06e7a58739579d2838f516
Instruction Fuzzy Hash: 97315A79204702DFC728CF24CCC5AA77BA4AF45352F14857EE94997351DB34A800CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C7C0 Relevance: 13.6, APIs: 9, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,?,0040C748,?), ref: 0040C7CF
FindResourceW.KERNEL32(00000000,00000001,00000010,?,?,?,0040C748,?), ref: 0040C7E0
SizeofResource.KERNEL32(00000000,00000000,?,?,?,0040C748,?), ref: 0040C7EE
LoadResource.KERNEL32(00000000,00000000,?,?,?,0040C748,?), ref: 0040C7F9
LockResource.KERNEL32(00000000,?,?,?,0040C748,?), ref: 0040C806
_malloc.LIBCMT ref: 0040C817

Part of subcall function 0047FDE5: __FF_MSGBANNER.LIBCMT ref: 0047FE08
Part of subcall function 0047FDE5: __NMSG_WRITE.LIBCMT ref: 0047FE0F
Part of subcall function 0047FDE5: HeapAlloc.KERNEL32(00000000,004877DF,00000001,00000000,00000000,?,00486246,004877EE,00000001,004877EE,?,00489E1D,00000018,004BCC18,0000000C,00489EAE), ref: 0047FE5C

FreeResource.KERNEL32(00000000,?,?,?,0040C748,?), ref: 0040C837
FreeLibrary.KERNEL32(00000000,?,?,?,0040C748,?), ref: 0040C83E
VerQueryValueW.VERSION(00000000,004AA7BC,?,0040C748,?,?,?,0040C748,?), ref: 0040C85E

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Resource$FreeLibraryLoad$AllocFindHeapLockQuerySizeofValue_malloc
String ID:
API String ID: 1041246626-0
Opcode ID: 68c1cc549627e63ddc2a13d4ddfccf876b5709d95807c04238a5bfae98217dce
Instruction ID: 5744e29559a15a4ba09606c69268af261a0dbd46468bd8dda969a1ed024f48f9
Opcode Fuzzy Hash: 68c1cc549627e63ddc2a13d4ddfccf876b5709d95807c04238a5bfae98217dce
Instruction Fuzzy Hash: 0621F873900204B7D721ABA49C84E9FBABC9B89701F14417AFD01A3340EA78CE01C7E8

Uniqueness

Uniqueness Score: -1.00%

Function 00408110 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 225libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00469550: _memset.LIBCMT ref: 00469571
Part of subcall function 00469550: GetVersionExW.KERNEL32(?), ref: 0046958A

LoadLibraryW.KERNEL32(?,?,?,00000000,?,00000000,?,004079D6), ref: 0040822C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0040827B

Strings

DllGetClassObject, xrefs: 00408275
360base.dll, xrefs: 00408154
sites.dll, xrefs: 00408141

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProcVersion_memset
String ID: 360base.dll$DllGetClassObject$sites.dll
API String ID: 3358451850-2367794130
Opcode ID: 4615d7596e6543428cbb77a21229a0dab9ed4d3bb04dc82c879367250faa7d1a
Instruction ID: 3caa12a81185957cdc18e54f8e3e802ef58e5c335cd19661f220bd41051fceaa
Opcode Fuzzy Hash: 4615d7596e6543428cbb77a21229a0dab9ed4d3bb04dc82c879367250faa7d1a
Instruction Fuzzy Hash: FB810531A01640CFC714DBA9C981BAEB7A4EF85714F1482AFE845AB3D1DF399D01C799

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3C6 Relevance: 7.9, Strings: 6, Instructions: 378COMMON

Download Yara Rule

Strings

groupbox_mock, xrefs: 0040EA28
x, xrefs: 0040EC5E
8, xrefs: 0040EC36
PD:?, xrefs: 0040E439
n, xrefs: 0040EC4A
n, xrefs: 0040EC54

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: 8$PD:?$groupbox_mock$n$n$x
API String ID: 0-3298813911
Opcode ID: 9bae8a78b8e5600f2fcaad05479bdc59a2aa3a26241f05a20e4d2628615fbe52
Instruction ID: 9bef132faab83c7a00d38353bec2aafa887cd9dc49d46b3c1550275ee078addf
Opcode Fuzzy Hash: 9bae8a78b8e5600f2fcaad05479bdc59a2aa3a26241f05a20e4d2628615fbe52
Instruction Fuzzy Hash: A0E12AB2D051558FE728CB14DE95BEABBB9EB90300F0481FED80DA66D1D3B85EC58E41

Uniqueness

Uniqueness Score: -1.00%

Function 0047E6EB Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00486967
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0048697C
UnhandledExceptionFilter.KERNEL32(004A87AC), ref: 00486987
GetCurrentProcess.KERNEL32(C0000409), ref: 004869A3
TerminateProcess.KERNEL32(00000000), ref: 004869AA

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 802339a8c5e7fcec417e6b7681569174dac5308fc92a73637669a7da029238d4
Instruction ID: 6521ea1792b815e167167fa1baf8073600fe910216aad07e31857f5039be66e9
Opcode Fuzzy Hash: 802339a8c5e7fcec417e6b7681569174dac5308fc92a73637669a7da029238d4
Instruction Fuzzy Hash: 9521DFB9D152049FC790EF25EC88A58BBA0BB6C314F21447EE90A873A0E7B459818F5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A810 Relevance: 7.6, APIs: 5, Instructions: 52keyboardCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040A83D
GetKeyboardState.USER32(00000000), ref: 0040A84E
keybd_event.USER32(00000012,00000000,00000001,00000000), ref: 0040A86D
SetForegroundWindow.USER32 ref: 0040A875
keybd_event.USER32(00000012,00000000,00000003,00000000), ref: 0040A889

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: keybd_event$ForegroundKeyboardStateWindow_memset
String ID:
API String ID: 2174540067-0
Opcode ID: 7524e430662b0b0da42496413719fe14777fe6c7bdf3ed333943366c4fd20958
Instruction ID: 28aec225b239fab4d39b7344b3fa37fbecaf52f8f530038e1f79585a8c9a0289
Opcode Fuzzy Hash: 7524e430662b0b0da42496413719fe14777fe6c7bdf3ed333943366c4fd20958
Instruction Fuzzy Hash: FC01FC35B4031877D7349725AC85FEF7BA89B45B10F0001B9FA08B72C1EAB49D4596AE

Uniqueness

Uniqueness Score: -1.00%

Function 004100EC Relevance: 1.6, Strings: 1, Instructions: 373COMMON

Download Yara Rule

Strings

FH:<, xrefs: 00410ABA

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: FH:<
API String ID: 0-3950290555
Opcode ID: f9c815f0ca6210a5ee345a76dc84b20ed7c4eb36e2671fb2c570168197f69345
Instruction ID: 4e3272e87e3bb5e1bb62f430dc6f12cfdaad5b882011236862e1ca2bdb6fd562
Opcode Fuzzy Hash: f9c815f0ca6210a5ee345a76dc84b20ed7c4eb36e2671fb2c570168197f69345
Instruction Fuzzy Hash: 77E108B2D041564FE728CA14DD85AFABBB9EB95300F0482FAD40D96A94D7B85EC2CE41

Uniqueness

Uniqueness Score: -1.00%

Function 0049C4A0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32(00000000,0007C088,?,00000020,00074080,00000210,00000000,00000000), ref: 0049C4F7

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ControlDevice
String ID:
API String ID: 2352790924-0
Opcode ID: d5dc4be9be4aaca1bc6dd2476bc8524e510fed3ad8e3ef1e8eb60a42d1eccd08
Instruction ID: 8b1060dad91c7751c29ea1db69c0c33c5f5a9ba78c53513b84026fbefec3a387
Opcode Fuzzy Hash: d5dc4be9be4aaca1bc6dd2476bc8524e510fed3ad8e3ef1e8eb60a42d1eccd08
Instruction Fuzzy Hash: 22F07D6224E3C09ED311C7689899D96BFD55BB6210F1DD98CE1984B2A3C165D404C766

Uniqueness

Uniqueness Score: -1.00%

Function 0047A550 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96658aefed841e4bd1c4b03aa5248894c2a3c5282d08f0adfd1d647e6ad7330
Instruction ID: d0001577a129d6094e86b43706611f99ef06eba332c7bd1bd8d4ef4be343827d
Opcode Fuzzy Hash: a96658aefed841e4bd1c4b03aa5248894c2a3c5282d08f0adfd1d647e6ad7330
Instruction Fuzzy Hash: 7912C5BBB983194FDB48CEE5DCC169573E1FB98304F09A43C9A55C7306F6E8AA094790

Uniqueness

Uniqueness Score: -1.00%

Function 0041C7F8 Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7f18c56fdf1b56830af000382591860934cdda6d95266ee88916b0ddc35237
Instruction ID: 977954bd3067e26fbcb746ae621020b2b011760491577ed30c19259c9c81e71a
Opcode Fuzzy Hash: 4a7f18c56fdf1b56830af000382591860934cdda6d95266ee88916b0ddc35237
Instruction Fuzzy Hash: 4012B1B5D041688FEB24CB14DC90AEAB7B9EF84304F1481FAD849A7281E7385ED6CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040E4A6 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b0ff2e5e5ab91520639c0f94e63cbad797f795a7e240bd31d0c3e3860c9db9d
Instruction ID: 8b6439ade44ef0e103faec2772a0bdd08c9f1b6259f71d3382a941648aaba87a
Opcode Fuzzy Hash: 3b0ff2e5e5ab91520639c0f94e63cbad797f795a7e240bd31d0c3e3860c9db9d
Instruction Fuzzy Hash: 58B106B2D442598FE728CA34DD95AEEB775EF80304F1481FAD80D966D4D3B86EC58E01

Uniqueness

Uniqueness Score: -1.00%

Function 0041025A Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e905350e7ccc992badca85cf768e017c6d6da54aa1c06c74c18a14301cda00
Instruction ID: a2476e2acaa229470f4e51151e089419eadc0ff8b795592944086229794ab02b
Opcode Fuzzy Hash: b7e905350e7ccc992badca85cf768e017c6d6da54aa1c06c74c18a14301cda00
Instruction Fuzzy Hash: 0181DAB2D0422A4FE728DA14DE99BFABB79EB94304F0482FAD40D56594D3BD1EC18D41

Uniqueness

Uniqueness Score: -1.00%

Function 0040E54F Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d21339cbf984ffb5023d2ff6c9673139c21957a36c4f4ab828f591edcfc133a
Instruction ID: 2931d748f824e439443529a7938d8f7872e55ad3463a45a35ade42e5064ad39b
Opcode Fuzzy Hash: 6d21339cbf984ffb5023d2ff6c9673139c21957a36c4f4ab828f591edcfc133a
Instruction Fuzzy Hash: 759128B2D4429A4FE728CA34DD95AEAB775EF80304F1481FAD80D966D4D3B86BC58E01

Uniqueness

Uniqueness Score: -1.00%

Function 004100F7 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 206345b43b798efe51f363865714befe01c8cc55ad2fa390eccbb3d815e7e721
Instruction ID: 8a8dbc8727cd970e6ac90df244e22fa3147722e20cffba52cd2cfd57d1e1cc8e
Opcode Fuzzy Hash: 206345b43b798efe51f363865714befe01c8cc55ad2fa390eccbb3d815e7e721
Instruction Fuzzy Hash: 36710AB2D041165FE728DA24DE89BFAB779EFC5304F0482FAD40D96A94D7BC1AC18D01

Uniqueness

Uniqueness Score: -1.00%

Function 00410109 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc42b77bcf057ef779feee4e3f1aadbe635d92d60477e6786c4a118fc4dca897
Instruction ID: 2723bf7a0887839c9e9d2925f2f46e96dfe8c7ce7e13bbd303cf8d3d11c913e1
Opcode Fuzzy Hash: bc42b77bcf057ef779feee4e3f1aadbe635d92d60477e6786c4a118fc4dca897
Instruction Fuzzy Hash: B9710AB2D041165FE728DA24DE99BFAB779EFC5304F0482FAD40D96A94D3BC1AC18D01

Uniqueness

Uniqueness Score: -1.00%

Function 004102BA Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10ab7165f2ee7b0173a1676d2a3be0d902c51a91284931aa6046439386399aeb
Instruction ID: b248c9a7765ec84dda30e0e180b082fe6a8b59b264994bdc0c5c4535c970dfe9
Opcode Fuzzy Hash: 10ab7165f2ee7b0173a1676d2a3be0d902c51a91284931aa6046439386399aeb
Instruction Fuzzy Hash: 5371EBB2D0412A4FE728DA24DE99BFABB79EB94304F0442FAD40D569A4D3791FC1CD41

Uniqueness

Uniqueness Score: -1.00%

Function 0040E5EE Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58e0ad5e2c06b458b75e789fa06951ba1a126d2a4988879c2e89a30c58c5033
Instruction ID: ad9350ed11970f90d0b84b7ed4ebec6b6f19ac54ef1a016c8a85c8ec6834e158
Opcode Fuzzy Hash: a58e0ad5e2c06b458b75e789fa06951ba1a126d2a4988879c2e89a30c58c5033
Instruction Fuzzy Hash: 4C7118B2D442599FE728CA34DD95AEAB775EF90300F1481FED80D966D4D3B82BC58E01

Uniqueness

Uniqueness Score: -1.00%

Function 00410141 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ad9d558df6c2d1d1eb8d69bed07ae6952a44117990ffdeac77a92ae024032a
Instruction ID: 76149222dea60a2f28d58c9e702397a770e8cb42a5936aefaa860663ddba7278
Opcode Fuzzy Hash: 98ad9d558df6c2d1d1eb8d69bed07ae6952a44117990ffdeac77a92ae024032a
Instruction Fuzzy Hash: 3661D8B2E0511A4FE728DA24DE897FABB75DFC5304F0482FAD40D56A94D3B81AC18D01

Uniqueness

Uniqueness Score: -1.00%

Function 0041019C Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6b12357e6a0ff37fd611b38c08e769c61bf1f7ab449313095f63af50f4bc5d
Instruction ID: c3e5c90b78603b208d1f45b35ebb739aec41608d296a061610baa9384d82caf9
Opcode Fuzzy Hash: ff6b12357e6a0ff37fd611b38c08e769c61bf1f7ab449313095f63af50f4bc5d
Instruction Fuzzy Hash: DB51D9B2E0512A4FE728DA24DE997FAB779DF84304F0482FAD40D96A94D7B81EC1CD01

Uniqueness

Uniqueness Score: -1.00%

Function 0041E2D5 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b5081dc78450cef503a44defd993944276f693c88eb9177065e3a0ac28ad5e
Instruction ID: fd0a13c5f8c246a81ebd57a937bd7ca0bdbb2311988f1c36a8ababa88b6ff6b4
Opcode Fuzzy Hash: 27b5081dc78450cef503a44defd993944276f693c88eb9177065e3a0ac28ad5e
Instruction Fuzzy Hash: BD51F4B2C101389AE7249B26DD44AFB77BAEF85314F0441FAD84DA7291E3784EC1CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00410375 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bff740b61ff62cdabac88cd56b216140ad0141743af7e35a0092b90cb25b075
Instruction ID: 025f90ac3ce8ca05ff8d37c4424771c371c4abedad99d505d00d8400a3ca2a5b
Opcode Fuzzy Hash: 2bff740b61ff62cdabac88cd56b216140ad0141743af7e35a0092b90cb25b075
Instruction Fuzzy Hash: 5351CAB2D4412A4FE728DA24CE99BFABB75EF94304F0482FAD40D569A4D7B91EC1CD01

Uniqueness

Uniqueness Score: -1.00%

Function 0040E687 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bee4ff90687afc050fc6a8ef3db5d991fcc4abca4f3c5ed315a114d328adc466
Instruction ID: 6930944991768828cd7f0b67aa2b162d00eecdb6095bb5de34426276ac41adf8
Opcode Fuzzy Hash: bee4ff90687afc050fc6a8ef3db5d991fcc4abca4f3c5ed315a114d328adc466
Instruction Fuzzy Hash: 7D51F5B3D442599FF724CA34DD99AEAB779EF80304F1481BAD80D96694D2786FC48E01

Uniqueness

Uniqueness Score: -1.00%

Function 00482130 Relevance: .1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 0cd586f8284afeeb3fbd250460a44980cb665e427ee07c0080afbc9b991b7326
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: B3113BBB30019253D6049A3DCAFC5BFE395EBC532173C4B67C3418B758D2AA9941A708

Uniqueness

Uniqueness Score: -1.00%

Function 00438220 Relevance: 59.7, APIs: 26, Strings: 8, Instructions: 214comlibraryloaderCOMMON

Download Yara Rule

APIs

ImmDisableIME.IMM32(000000FF), ref: 0043823E
SetErrorMode.KERNEL32(00008003,000000FF), ref: 00438248
GetCommandLineW.KERNEL32 ref: 0043824E

Part of subcall function 004380E0: _memset.LIBCMT ref: 00438117
Part of subcall function 004380E0: _memset.LIBCMT ref: 0043812D
Part of subcall function 004380E0: _memset.LIBCMT ref: 00438194
Part of subcall function 004380E0: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004381A9
Part of subcall function 004380E0: WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000004,?,?), ref: 004381D2

IsUserAnAdmin.SHELL32 ref: 00438267
_memset.LIBCMT ref: 0043829B
_wcsnlen.LIBCMT ref: 004382A6
StrStrIW.SHLWAPI(?,/s:13), ref: 004382CF
StrStrIW.SHLWAPI(00000000,/s:15), ref: 004382E7
CreateMutexW.KERNEL32(00000000,00000001,Local\Q360SandboxMain), ref: 00438317
GetLastError.KERNEL32 ref: 00438323
CloseHandle.KERNEL32(00000000), ref: 00438331
FindWindowW.USER32(Q360BoxMain,00000000), ref: 00438344
PostMessageW.USER32(00000000,00000464,?,00000000), ref: 00438353
CoInitialize.OLE32(00000000), ref: 00438373
OleInitialize.OLE32(00000000), ref: 0043837B
DefWindowProcW.USER32(00000000,00000000,00000000,00000000), ref: 00438389
InitCommonControlsEx.COMCTL32 ref: 004383A4
_memset.LIBCMT ref: 004383CD
PathAppendW.SHLWAPI(?,..\CrashReport.dll), ref: 0043844B
LoadLibraryW.KERNEL32(?), ref: 00438469
GetProcAddress.KERNEL32(00000000,Initialize), ref: 00438479
PathCombineW.SHLWAPI(?,004CFD70,ipc\sbmon.dll), ref: 004384AD
OleUninitialize.OLE32 ref: 004384D6
CoUninitialize.OLE32 ref: 004384DC
CloseHandle.KERNEL32(00000000), ref: 004384E3

Strings

..\CrashReport.dll, xrefs: 0043843E
/s:13, xrefs: 004382C5
Initialize, xrefs: 00438473
Local\Q360SandboxMain, xrefs: 0043830E
ipc\sbmon.dll, xrefs: 0043849E
/s:14, xrefs: 004382F9
Q360BoxMain, xrefs: 0043833F
/s:15, xrefs: 004382E1

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: _memset$CloseErrorHandleInitializePathProcUninitializeWindow$AddressAdminAppendCombineCommandCommonControlsCreateDisableFileFindInformationInitLastLibraryLineLoadMessageModeModuleMutexNamePostQuerySessionUser_wcsnlen
String ID: ..\CrashReport.dll$/s:13$/s:14$/s:15$Initialize$Local\Q360SandboxMain$Q360BoxMain$ipc\sbmon.dll
API String ID: 3924284130-1797139406
Opcode ID: 0410ae1d3f25362db81d7b382f629a46f277ba3e2d2ef630970c4449a2702394
Instruction ID: cd8af241d18accdbc5aa38e243565f6841422415a80fa799f4a22f45c36b33db
Opcode Fuzzy Hash: 0410ae1d3f25362db81d7b382f629a46f277ba3e2d2ef630970c4449a2702394
Instruction Fuzzy Hash: D37116722443019BD720AB75DC4AB9B7BA4AF99704F00453EF905972E1EF789805CBAE

Uniqueness

Uniqueness Score: -1.00%

Function 004644E0 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 205encryptionCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004645B4
WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030), ref: 0046462B
WTHelperProvDataFromStateData.WINTRUST(?,00000000,00AAC56B,00000030), ref: 00464650
_memset.LIBCMT ref: 004646CA
CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,?,00000200), ref: 004646E3
__wcsicoll.LIBCMT ref: 00464701
__wcsicoll.LIBCMT ref: 00464719
__wcsicoll.LIBCMT ref: 00464731
__wcsicoll.LIBCMT ref: 00464749
__wcsicoll.LIBCMT ref: 00464761
__wcsicoll.LIBCMT ref: 00464779
_memset.LIBCMT ref: 004647A0
WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030), ref: 004647D1

Strings

O, xrefs: 0046458F
QIHU 360 SOFTWARE CO. LIMITED, xrefs: 0046473D
Qihoo 360 Software (Beijing) Company Limited, xrefs: 00464725
Beijing Qihoo Technologies Co. Ltd, xrefs: 0046476D
Qizhi Software (beijing) Co. Ltd, xrefs: 004646F5
0, xrefs: 004647A8
360.cn, xrefs: 0046470D
Beijing Qihu Technology Co., Ltd., xrefs: 00464755

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: __wcsicoll$_memset$DataTrustVerify$CertFromHelperNameProvStateString
String ID: 0$360.cn$Beijing Qihoo Technologies Co. Ltd$Beijing Qihu Technology Co., Ltd.$O$QIHU 360 SOFTWARE CO. LIMITED$Qihoo 360 Software (Beijing) Company Limited$Qizhi Software (beijing) Co. Ltd
API String ID: 2588663507-1084558168
Opcode ID: ca29952f882e6b8f4a9f9b6e8955c77b7fa069f847e66e7ad324117ab4f2f242
Instruction ID: d8c5916f53b20aa50ef70ba389bcd4324bb731145d78f5bc80163dda0d3e1359
Opcode Fuzzy Hash: ca29952f882e6b8f4a9f9b6e8955c77b7fa069f847e66e7ad324117ab4f2f242
Instruction Fuzzy Hash: 928150F1D002589FCF20CF659C80B9AB7B8AB45315F4445EEE209A7281F7399A84CF6D

Uniqueness

Uniqueness Score: -1.00%

Function 0044C8F0 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 287COMMON

Download Yara Rule

APIs

ILIsEqual.SHELL32(000000FD,?), ref: 0044C982
ILClone.SHELL32(000000FD), ref: 0044C9A9
StrStrIW.SHLWAPI(?,360SandBox\Shadow), ref: 0044C9BD
ILClone.SHELL32(?), ref: 0044C9D7
ILFree.SHELL32(00000000), ref: 0044C9E0
ILRemoveLastID.SHELL32(00000000), ref: 0044C9F5
ILFree.SHELL32(00000000), ref: 0044CA12
ILIsEqual.SHELL32(?,?), ref: 0044CA27
CoTaskMemFree.OLE32(00000000,00000000), ref: 0044CACE
CoTaskMemFree.OLE32(00000000,00000000), ref: 0044CADD
CoTaskMemFree.OLE32(00000000), ref: 0044CAF9
ILIsParent.SHELL32(?,?,00000000), ref: 0044CB0C
StrStrIW.SHLWAPI(?,360SANDBOX\SHADOW\), ref: 0044CB25
ILCreateFromPath.SHELL32(?), ref: 0044CB3B
ILClone.SHELL32(?), ref: 0044CB87
ILRemoveLastID.SHELL32(00000000), ref: 0044CB97
ILFree.SHELL32(00000000), ref: 0044CBAC

Strings

360SandBox\Shadow, xrefs: 0044C9B7
360SANDBOX\SHADOW\, xrefs: 0044CB1F

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Free$CloneTask$EqualLastRemove$CreateFromParentPath
String ID: 360SANDBOX\SHADOW\$360SandBox\Shadow
API String ID: 2410269249-3181459654
Opcode ID: 2b5dc31116baf534bdbc41cfdb32f68afd96ce36e71145bbdc6b4e0c0556cdca
Instruction ID: 246c8f8198f062910c989f9f1094d35d88cec7075d8fd4276a5bc70cbc7e5043
Opcode Fuzzy Hash: 2b5dc31116baf534bdbc41cfdb32f68afd96ce36e71145bbdc6b4e0c0556cdca
Instruction Fuzzy Hash: EEA1A371A01245AFEB10DF69CC84BAFBBB9EF45710F188159E815E7381D7789E01CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0043E2C0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 117registryclipboardCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(004CDB70,00000000,00000000), ref: 0043E2D1
RegisterClipboardFormatW.USER32(WM_ATLGETHOST), ref: 0043E2E2
RegisterClipboardFormatW.USER32(WM_ATLGETCONTROL), ref: 0043E2EE
GetClassInfoExW.USER32(00000000,AtlAxWin90,?), ref: 0043E30F
LoadCursorW.USER32 ref: 0043E34B
RegisterClassExW.USER32 ref: 0043E372
_memset.LIBCMT ref: 0043E39E
GetClassInfoExW.USER32(00000000,AtlAxWinLic90,?), ref: 0043E3BB
LoadCursorW.USER32 ref: 0043E3FB
RegisterClassExW.USER32 ref: 0043E422
LeaveCriticalSection.KERNEL32(004CDB70,?,?,?,?,?,?,?,?,?), ref: 0043E44D
LeaveCriticalSection.KERNEL32(004CDB70), ref: 0043E463

Part of subcall function 00413BD0: VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?,004139C7), ref: 00413EF7

Strings

WM_ATLGETCONTROL, xrefs: 0043E2E4
AtlAxWinLic90, xrefs: 0043E3B1
AtlAxWin90, xrefs: 0043E300, 0043E366
$+K, xrefs: 0043E416
WM_ATLGETHOST, xrefs: 0043E2DD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$EnterProtectVirtual_memset
String ID: $+K$AtlAxWin90$AtlAxWinLic90$WM_ATLGETCONTROL$WM_ATLGETHOST
API String ID: 3448900847-2093449559
Opcode ID: ae2e03cfb2382fb44ff4b74b207b67911d7a09c7d1bec0336e18ce4c74faab64
Instruction ID: 9242dc451afa638cdca0116d7d51e30222040591e5736590d3b427a57a6b023a
Opcode Fuzzy Hash: ae2e03cfb2382fb44ff4b74b207b67911d7a09c7d1bec0336e18ce4c74faab64
Instruction Fuzzy Hash: D2412CB1908300AFC310DF569C44A5BFBE8FB99754F41892FF49993250E7B8A905CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0044E8D0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 207COMMON

Download Yara Rule

Strings

\Device\Floppy, xrefs: 0044EA79
360SANDBOX\SHADOW, xrefs: 0044EB0A

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: 360SANDBOX\SHADOW$\Device\Floppy
API String ID: 0-1934113487
Opcode ID: 63a3a9e153631dc3816185d2489b1827349a8e3288459402917acfe008033d7a
Instruction ID: 60224e2b770b9b1e3fc39dfc3f207c6372e170c233eba6c5e796d164682c6d2b
Opcode Fuzzy Hash: 63a3a9e153631dc3816185d2489b1827349a8e3288459402917acfe008033d7a
Instruction Fuzzy Hash: 0671E7B1644341ABE324EF21DC45BABB3E4BF94314F044A2EF95597281E738E905CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6F0 Relevance: 27.1, APIs: 18, Instructions: 109COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0040A6F6
AllowSetForegroundWindow.USER32(00000000), ref: 0040A6FD
GetForegroundWindow.USER32 ref: 0040A712

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ForegroundWindow$AllowCurrentProcess
String ID:
API String ID: 2235791723-0
Opcode ID: 5e6e4bf00a86041b879989b133f68845dfa9bbe7d78b2005605e8bf5e938ff6a
Instruction ID: 91440e2689112069f276c84a47a5dedbb9d2d1fd036e83ed71647aedcb227235
Opcode Fuzzy Hash: 5e6e4bf00a86041b879989b133f68845dfa9bbe7d78b2005605e8bf5e938ff6a
Instruction Fuzzy Hash: 3B31B536B05204BBD7209FA5FC8CF9E7FB8EB86312F1000B5F909D2650DB3599109AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00442090 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308COMMON

Download Yara Rule

APIs

Part of subcall function 0045CB10: IsWindow.USER32(?), ref: 0045CB5B
Part of subcall function 0045CB10: GetActiveWindow.USER32 ref: 0045CC49
Part of subcall function 0045CB10: _memset.LIBCMT ref: 0045CC75
Part of subcall function 0045CB10: GetLongPathNameW.KERNEL32(?,?,00000400), ref: 0045CC90

PathFileExistsW.SHLWAPI(?), ref: 0044210D
PathFileExistsW.SHLWAPI(?), ref: 00442179
StrStrIW.SHLWAPI(?,:\360SANDBOX\SHADOW\), ref: 004421B1
PathFindFileNameW.SHLWAPI(?,00000000,-00000004,00000000,00000000,?,?,?,?,?), ref: 00442252

Strings

<p=ipc><c=sbx><autostartprocess><file=%s>, xrefs: 004423F8
:\360SANDBOX\SHADOW\, xrefs: 004421AB
IDS_INVALID_PATH, xrefs: 0044220B
Qh`1K, xrefs: 004423F7
ToyList, xrefs: 0044246D
\Program Files (x86)\, xrefs: 00442126, 0044215D
\Program Files\, xrefs: 00442158
CAppListPage::OnBtnAdd, xrefs: 0044245F, 00442489

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Path$File$ExistsNameWindow$ActiveFindLong_memset
String ID: :\360SANDBOX\SHADOW\$<p=ipc><c=sbx><autostartprocess><file=%s>$CAppListPage::OnBtnAdd$IDS_INVALID_PATH$Qh`1K$ToyList$\Program Files (x86)\$\Program Files\
API String ID: 2337388275-1275842389
Opcode ID: 07dfa87fbec7f786f2f936e5a850b8e6207ff8654eef1a955382d92288e07357
Instruction ID: 9e9a2a0c02360940dabdc456635472bb6701d7fbb308234c0a4223bfb30283a4
Opcode Fuzzy Hash: 07dfa87fbec7f786f2f936e5a850b8e6207ff8654eef1a955382d92288e07357
Instruction Fuzzy Hash: 03C1D570A012149FEB20DB65CC81FEEB779AB80304F5081EEF50967291DB79AE45CF69

Uniqueness

Uniqueness Score: -1.00%

Function 0043A7B0 Relevance: 24.3, APIs: 16, Instructions: 328COMMON

Download Yara Rule

APIs

RedrawWindow.USER32(?,00000000,00000000,00000507), ref: 0043A80C
IsWindow.USER32(?), ref: 0043A81B
GetSysColor.USER32(00000005), ref: 0043A858
GetWindowLongW.USER32(?,000000F0), ref: 0043A908

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Window$ColorLongRedraw
String ID:
API String ID: 4056730343-0
Opcode ID: 05766a75aab237b120e421f96ffe8308545724be47f8d37eccf0df799bac6305
Instruction ID: fa2c2f95e212f0749ad7aaee22ef47d1ff8c3ded928a4a4240d4c8e519b4ae9c
Opcode Fuzzy Hash: 05766a75aab237b120e421f96ffe8308545724be47f8d37eccf0df799bac6305
Instruction Fuzzy Hash: 46C1EF752442029FD710DF58C884B6BB7E5AF8C704F14851EF988973A0D738EC56CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00468730 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 107COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00468758
__finite.LIBCMT ref: 00468766
swprintf.LIBCMT ref: 00468785

Part of subcall function 004815EC: __vsprintf_s_l.LIBCMT ref: 00481600

swprintf.LIBCMT ref: 004687EA

Strings

1e+9999, xrefs: 004687DE, 004687E3
NaN, xrefs: 0046879C
%%.%dg, xrefs: 0046874B
-Infinity, xrefs: 004687BE
-1e+9999, xrefs: 004687C7, 004687CC
Infinity, xrefs: 004687D5
null, xrefs: 004687A5, 004687AA

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: swprintf$__finite__vsprintf_s_l_sprintf
String ID: %%.%dg$-1e+9999$-Infinity$1e+9999$Infinity$NaN$null
API String ID: 2795707815-1955747591
Opcode ID: 414b12e0921f40a4da96ebe239964feb0bf9c8febcde673b2a3d188a15ddeabc
Instruction ID: 4d6e18440e45d6dfcc118bea7ed48a1e74604ea07405840d8456e660b82580d5
Opcode Fuzzy Hash: 414b12e0921f40a4da96ebe239964feb0bf9c8febcde673b2a3d188a15ddeabc
Instruction Fuzzy Hash: 9131FB70E0020597DB00AA74DD54BEEB7BC9B18301F10866FE981A7281FB79950987BE

Uniqueness

Uniqueness Score: -1.00%

Function 0046C720 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 152libraryloaderCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0046C789
SHGetFolderPathW.SHELL32(00000000,00000025,00000000,00000000,?,004D0C60,00000000,00000000), ref: 0046C79D
LoadLibraryW.KERNEL32(?), ref: 0046C84F
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 0046C85B
LoadLibraryW.KERNEL32(?), ref: 0046C8C9
GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 0046C8D5

Strings

SetProcessDPIAware, xrefs: 0046C8CF
\User32.dll, xrefs: 0046C892
\Shcore.dll, xrefs: 0046C818
SetProcessDpiAwareness, xrefs: 0046C855

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$FolderPath_memset
String ID: SetProcessDPIAware$SetProcessDpiAwareness$\Shcore.dll$\User32.dll
API String ID: 1748625455-566016977
Opcode ID: 0efb2813bc956c18bab8d691fdd49d927549464681c90aa3feb04d830a7b3193
Instruction ID: e2b3ee595215d82283f162d04ad4643fb21a4c49f583e77b402dca476d4e70c1
Opcode Fuzzy Hash: 0efb2813bc956c18bab8d691fdd49d927549464681c90aa3feb04d830a7b3193
Instruction Fuzzy Hash: 6F51B571D0122996DF30EB65CC89BEEB774AF15705F0045EAE409A3241E7789F44CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00452020 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,771883B0,00000000,?,00437D06), ref: 00452041
CoTaskMemFree.OLE32(?), ref: 0045208E
CoTaskMemFree.OLE32(?), ref: 004520A1
CoTaskMemFree.OLE32(?), ref: 004520B4
CoTaskMemFree.OLE32(?), ref: 004520C7
CoTaskMemFree.OLE32(?), ref: 004520DA
CoTaskMemFree.OLE32(?), ref: 004520ED
CoTaskMemFree.OLE32(?), ref: 00452100
ILFree.SHELL32(?,?,?), ref: 0045214A

Strings

<=K, xrefs: 0045202E

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Free$Task$CriticalDeleteSection
String ID: <=K
API String ID: 1544146821-1507202368
Opcode ID: 9ebe05c4accf80656303c294f9622db808461cd3405d67000f039428b406aa55
Instruction ID: d428f397aa311ce30c429e0989741c611b8de0c823ad603075a9d17154ee739d
Opcode Fuzzy Hash: 9ebe05c4accf80656303c294f9622db808461cd3405d67000f039428b406aa55
Instruction Fuzzy Hash: 3951DAB1600B019BC720EF69C9C0A5BB7E9BF49304B54892EE68AC7752C774F845CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0044C220 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 277COMMON

Download Yara Rule

APIs

ILClone.SHELL32(000000FD), ref: 0044C2F7
PathIsFileSpecW.SHLWAPI(?,?,?,?,00000000,?,?,004A58FA,000000FF,?,00449C16,000000FD,00000001), ref: 0044C3AA
PathFileExistsW.SHLWAPI(?,?,?,00000000,?,?,004A58FA,000000FF,?,00449C16,000000FD,00000001), ref: 0044C3B5

Strings

360SandBox\Shadow, xrefs: 0044C420

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: FilePath$CloneExistsSpec
String ID: 360SandBox\Shadow
API String ID: 3878658872-629509615
Opcode ID: f02ff6333fde37ea2d48348f14a391e7e85a4aead04f1fc77cdc38f8081a1832
Instruction ID: 0beeffff74d7cf93fbcffa7cb7cafc1186113296c97e2da3066521dbc7487889
Opcode Fuzzy Hash: f02ff6333fde37ea2d48348f14a391e7e85a4aead04f1fc77cdc38f8081a1832
Instruction Fuzzy Hash: 79A127712043019FE340DF69C885BABB7E4AF95314F08467EF8589B392DB78D805C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 00472560 Relevance: 15.4, APIs: 10, Instructions: 350COMMON

Download Yara Rule

APIs

std::_String_base::_Xlen.LIBCPMT ref: 004725A9
std::_String_base::_Xlen.LIBCPMT ref: 004725CB
_memmove_s.LIBCMT ref: 00472634
_memcpy_s.LIBCMT ref: 00472660

Part of subcall function 0047D1CF: __EH_prolog3.LIBCMT ref: 0047D1D6
Part of subcall function 0047D1CF: __CxxThrowException@8.LIBCMT ref: 0047D201

_memcpy_s.LIBCMT ref: 00472675
_memmove_s.LIBCMT ref: 004726AB
_memmove_s.LIBCMT ref: 004726E3
_memmove_s.LIBCMT ref: 00472724
_memmove_s.LIBCMT ref: 0047274A
_memmove_s.LIBCMT ref: 0047275F

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: _memmove_s$String_base::_Xlen_memcpy_sstd::_$Exception@8H_prolog3Throw
String ID:
API String ID: 11168885-0
Opcode ID: 455f545b2900b8e0f0c7a9bed5149251e284f532bf72dad3deb9b96b6dd25c0b
Instruction ID: e301232acbc4b55a50c33738da1e2146c753b821e7ae76d0766916b50813cd8e
Opcode Fuzzy Hash: 455f545b2900b8e0f0c7a9bed5149251e284f532bf72dad3deb9b96b6dd25c0b
Instruction Fuzzy Hash: 63C17170610105AFDB0CDF1DCA949AEB7AAFF49304760CA1EE459CB381C674ED918B99

Uniqueness

Uniqueness Score: -1.00%

Function 00484053 Relevance: 15.1, APIs: 10, Instructions: 95COMMONLIBRARYCODE

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0048406C

Part of subcall function 0048627A: __calloc_impl.LIBCMT ref: 0048628B
Part of subcall function 0048627A: Sleep.KERNEL32(00000000,?,004877EE,00000001,00000214), ref: 004862A2

__calloc_crt.LIBCMT ref: 00484090
__calloc_crt.LIBCMT ref: 004840AC
__copytlocinfo_nolock.LIBCMT ref: 004840D1
__setlocale_nolock.LIBCMT ref: 004840DE
___removelocaleref.LIBCMT ref: 004840EA
___freetlocinfo.LIBCMT ref: 004840F1
__setmbcp_nolock.LIBCMT ref: 00484109
___removelocaleref.LIBCMT ref: 0048411E
___freetlocinfo.LIBCMT ref: 00484125

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2969281212-0
Opcode ID: 3458a49887a695e65ea1402f8464baae7af5b2c0b9f51050c0714042f99b3d18
Instruction ID: 475c96c9a014c6fe819157cfd337c4d1671cd1f559f4a26d6043e424b5b844a0
Opcode Fuzzy Hash: 3458a49887a695e65ea1402f8464baae7af5b2c0b9f51050c0714042f99b3d18
Instruction Fuzzy Hash: 9F210435104202EBD7217F66D806A0FBBE5EF82B68B208C2FF58846251EF3D9801875D

Uniqueness

Uniqueness Score: -1.00%

Function 0045E7B0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 392COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000002,SOFTWARE\360Safe\safemon,SB_Clear,?,?,?,00000A28,00000000,000009C4,00000000), ref: 0045E9BF

Strings

SOFTWARE\360Safe\safemon, xrefs: 0045E991
SB_RightMenu, xrefs: 0045E859
SB_B_TRAF, xrefs: 0045E8EC
SB_TrojanTips, xrefs: 0045E8BB
SB_Mark_Proc, xrefs: 0045E88A
SB_State, xrefs: 0045EC1B
SB_Clear, xrefs: 0045E98C

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Value
String ID: SB_B_TRAF$SB_Clear$SB_Mark_Proc$SB_RightMenu$SB_State$SB_TrojanTips$SOFTWARE\360Safe\safemon
API String ID: 3702945584-912737521
Opcode ID: b415e42c5c8133bb039cd99713f112fc0b5336b735174f6409bbe5cf3ae9aca9
Instruction ID: 749fc8d7fc3e6ce02dfdda49edc5a81d3260fadbf250b64458cefe3494409f9f
Opcode Fuzzy Hash: b415e42c5c8133bb039cd99713f112fc0b5336b735174f6409bbe5cf3ae9aca9
Instruction Fuzzy Hash: 50D106B0604340AFD304DB2AD842B6B7BE4AF95749F04441EF9458B383D77ADA09C7AB

Uniqueness

Uniqueness Score: -1.00%

Function 00460450 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 350COMMON

Download Yara Rule

APIs

PathFindExtensionW.SHLWAPI(?), ref: 004605F3
StrCmpIW.SHLWAPI(.lnk,00000000), ref: 00460612

Part of subcall function 0045F080: IsWindow.USER32(?), ref: 0045F0CB
Part of subcall function 0045F080: GetActiveWindow.USER32 ref: 0045F1B9
Part of subcall function 0045F080: _memset.LIBCMT ref: 0045F1E5
Part of subcall function 0045F080: GetLongPathNameW.KERNEL32(?,?,00000400), ref: 0045F200

Strings

<p=ipc><c=sbx><startprocess><file=%s>, xrefs: 00460879
CStatusPage::OnBtnRunApp, xrefs: 004604ED, 00460534, 004607AC, 004607F7
\Program Files (x86)\, xrefs: 0046068C
.lnk, xrefs: 004605E6, 0046060D

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: PathWindow$ActiveExtensionFindLongName_memset
String ID: .lnk$<p=ipc><c=sbx><startprocess><file=%s>$CStatusPage::OnBtnRunApp$\Program Files (x86)\
API String ID: 442431254-1629397419
Opcode ID: bc4be8cd6fce6518da4b5d151303aa687b197c665e318e16f705797011ce122c
Instruction ID: ed9a060e413aa0a8cd4ebc27c26230b2e98e3e1ede90a347c88f19392a8a3b2a
Opcode Fuzzy Hash: bc4be8cd6fce6518da4b5d151303aa687b197c665e318e16f705797011ce122c
Instruction Fuzzy Hash: AEE1B170A002049FDB24DF24CC41F9AB3B6FF84314F1442AAE5199B2E1EB79AE55CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0045C2C0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 177COMMON

Download Yara Rule

APIs

GetSystemWindowsDirectoryW.KERNEL32(?,00000104), ref: 0045C312
PathAppendW.SHLWAPI(?,\EXPLORER.EXE), ref: 0045C32C
__wcsicoll.LIBCMT ref: 0045C33D

Part of subcall function 004046E0: _wcsnlen.LIBCMT ref: 0040478E

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0045C410
PathCombineW.SHLWAPI(?,?), ref: 0045C43A
__wcsicoll.LIBCMT ref: 0045C44F

Strings

\EXPLORER.EXE, xrefs: 0045C320
IDS_SYS_EXE_NOT_IN_SB, xrefs: 0045C394, 0045C4CE

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DirectoryPathSystem__wcsicoll$AppendCombineWindows_wcsnlen
String ID: IDS_SYS_EXE_NOT_IN_SB$\EXPLORER.EXE
API String ID: 2029103654-2210204759
Opcode ID: 8a959e0774e459c7d6ae054e6a4ca6701830b746f655ae118908c5e0e81dbae2
Instruction ID: 14491e1284e08a75d12c1ebc9429af5dfdb12a81333b788884fe88583f3a331e
Opcode Fuzzy Hash: 8a959e0774e459c7d6ae054e6a4ca6701830b746f655ae118908c5e0e81dbae2
Instruction Fuzzy Hash: DB61B7B1A00318AFDB10DB55DC81FD977B8EB05714F0081EAF909A7291D7789E44CF69

Uniqueness

Uniqueness Score: -1.00%

Function 0049A860 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00462460: _vswprintf_s.LIBCMT ref: 00462492

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,0000011C,?,?), ref: 0049A8D2
_memset.LIBCMT ref: 0049A8FF
_strncpy.LIBCMT ref: 0049A93B
DeviceIoControl.KERNEL32 ref: 0049A971
CloseHandle.KERNEL32(00000000), ref: 0049A9DB

Strings

\\.\Scsi%d:, xrefs: 0049A8A1
SCSIDISK, xrefs: 0049A90D

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle_memset_strncpy_vswprintf_s
String ID: SCSIDISK$\\.\Scsi%d:
API String ID: 170396225-2176293039
Opcode ID: 3949bb7df2990e8c0f3cff2dabc6c096ff76e72da68429ad84dda9068e1c35e0
Instruction ID: 8ac058af6980bc5c4d0936d78cf53abd2d394c2295dd4b296c4390326c09ad28
Opcode Fuzzy Hash: 3949bb7df2990e8c0f3cff2dabc6c096ff76e72da68429ad84dda9068e1c35e0
Instruction Fuzzy Hash: 9B4194B1648340AEE730DB14DC85FABB7D8BB84704F400D2EB689962C1E7B9A554C79B

Uniqueness

Uniqueness Score: -1.00%

Function 0043C760 Relevance: 12.1, APIs: 8, Instructions: 91memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 0043C799
SysFreeString.OLEAUT32(00000000), ref: 0043C7BB
SysStringLen.OLEAUT32(?), ref: 0043C7CB
SysStringLen.OLEAUT32(?), ref: 0043C7D5
CoTaskMemAlloc.OLE32(00000002), ref: 0043C7DC
SysFreeString.OLEAUT32(?), ref: 0043C7EF

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: String$AllocFree$Task
String ID:
API String ID: 1511711959-0
Opcode ID: 54fe988ca1c22090a2fd9eeab0a6067a5b90c8678ef42d144e57ac649a239a4f
Instruction ID: 6b4b751e251b61ed9ef8173d3c87b3bb8e75c6d1d8fd6db18a63274726ccb1d6
Opcode Fuzzy Hash: 54fe988ca1c22090a2fd9eeab0a6067a5b90c8678ef42d144e57ac649a239a4f
Instruction Fuzzy Hash: 74212C7A700209ABDB10DF59ECC4DAB77A8EBC8765B118426FE08DB301C675E9419BE4

Uniqueness

Uniqueness Score: -1.00%

Function 0049A490 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0049A4C5

Part of subcall function 00462460: _vswprintf_s.LIBCMT ref: 00462492

_memset.LIBCMT ref: 0049A56B
_strncat.LIBCMT ref: 0049A5EF
_memset.LIBCMT ref: 0049A60C
__strlwr.LIBCMT ref: 0049A627

Strings

%02x, xrefs: 0049A585

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: _memset$__strlwr_strncat_vswprintf_s
String ID: %02x
API String ID: 259801040-560843007
Opcode ID: 2dc4547141a784d42d4eea05d67ac39c17c8aa196ad4f3ddedd3888300a032d6
Instruction ID: fccae88f4c75beb4e353cec9a1a8331dad11910c0a51cefe3bd6c93a793a48af
Opcode Fuzzy Hash: 2dc4547141a784d42d4eea05d67ac39c17c8aa196ad4f3ddedd3888300a032d6
Instruction Fuzzy Hash: 3E41E171608341AFD734DB75C885FEB7BE8AF88304F00492EF69987141EA38D5088B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0044C580 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

ILClone.SHELL32(000000FD), ref: 0044C5C4
ILFree.SHELL32(?), ref: 0044C5D7
StrStrIW.SHLWAPI(000000FD,360SandBox\Shadow), ref: 0044C607
ILCreateFromPath.SHELL32(00000000), ref: 0044C620
ILFree.SHELL32(00000000,00000000), ref: 0044C640

Strings

360SandBox\Shadow, xrefs: 0044C601

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Free$CloneCreateFromPath
String ID: 360SandBox\Shadow
API String ID: 208885804-629509615
Opcode ID: 3aedcf5c951fe9dfa17256571b5c35cbf15092c5952749219eee764c60c1e90f
Instruction ID: 4f08be6ebec6471463c8f04dbc084e502aeb1cb3582a41955eb94686ea4bac6b
Opcode Fuzzy Hash: 3aedcf5c951fe9dfa17256571b5c35cbf15092c5952749219eee764c60c1e90f
Instruction Fuzzy Hash: F4410571600605AFD710DF68CC84B9AB7B8FF85324F14C66EE8258B391CB38AA05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00458870 Relevance: 10.6, APIs: 7, Instructions: 121windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 004588AD
GetMessagePos.USER32 ref: 004588E6
ScreenToClient.USER32(?,?), ref: 00458906
CopyRect.USER32(?,?), ref: 0045892A
PtInRect.USER32(?,?,?), ref: 0045893F
SetFocus.USER32(?), ref: 0045894E
IsDialogMessageW.USER32(?,?), ref: 004589D3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: MessageRect$ClientCopyDialogFocusScreenVisibleWindow
String ID:
API String ID: 3885823864-0
Opcode ID: 51250fbb11edfc844140fd075d99deedea4c2b8ff47a53dc26ece339091104a8
Instruction ID: b42750015c751ddcd8580174a1fd90735734668e9db8edde58db682d9d2cf6cc
Opcode Fuzzy Hash: 51250fbb11edfc844140fd075d99deedea4c2b8ff47a53dc26ece339091104a8
Instruction Fuzzy Hash: 1B41C3B1604601AFD714DF25CC84F6BB7A8FB99711F004A1EF941A7380DB39E805CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004641E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0046420C
std::_Lockit::_Lockit.LIBCPMT ref: 0046422F
std::bad_exception::bad_exception.LIBCMT ref: 004642B0
__CxxThrowException@8.LIBCMT ref: 004642BE
std::locale::facet::facet_Register.LIBCPMT ref: 004642D4

Strings

bad cast, xrefs: 004642A8

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::facet_
String ID: bad cast
API String ID: 2820251361-3145022300
Opcode ID: 15c56367ba2297c79ae0820a43d5e779f900c1646ab2f034677b79654816722b
Instruction ID: b7429f993ba560f0c68cf0c53b2b12dbf682e323634b69b11f654f8473095cc6
Opcode Fuzzy Hash: 15c56367ba2297c79ae0820a43d5e779f900c1646ab2f034677b79654816722b
Instruction Fuzzy Hash: 99310535D002109FCF54EF95D991BAEB3B8AF54724F2002AFE91163291EB786D44C7DA

Uniqueness

Uniqueness Score: -1.00%

Function 00464300 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0046432C
std::_Lockit::_Lockit.LIBCPMT ref: 0046434F
std::bad_exception::bad_exception.LIBCMT ref: 004643D0
__CxxThrowException@8.LIBCMT ref: 004643DE
std::locale::facet::facet_Register.LIBCPMT ref: 004643F4

Strings

bad cast, xrefs: 004643C8

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::facet_
String ID: bad cast
API String ID: 2820251361-3145022300
Opcode ID: 70df8920032dba74b7baae052911ca05fdadd385ac53d2ab71cd2a85347c8495
Instruction ID: 8b44bc144b0255f6509722c548130b6cf85c508f825d26ee306282e0afa91433
Opcode Fuzzy Hash: 70df8920032dba74b7baae052911ca05fdadd385ac53d2ab71cd2a85347c8495
Instruction Fuzzy Hash: EC31BE35E002159FCF18EF54D941BAEB3B4AB58724F10026FE81667391EB786D80CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C590 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040C5B1
GetSystemWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040C5C5

Part of subcall function 0040C540: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 0040C54F
Part of subcall function 0040C540: GetProcAddress.KERNEL32(00000000), ref: 0040C556
Part of subcall function 0040C540: GetCurrentProcess.KERNEL32(?), ref: 0040C56B

PathCombineW.SHLWAPI(?,?,System32\ntoskrnl.exe), ref: 0040C5E9
PathCombineW.SHLWAPI(?,?,SysNative\ntoskrnl.exe), ref: 0040C60C

Strings

SysNative\ntoskrnl.exe, xrefs: 0040C5FF
System32\ntoskrnl.exe, xrefs: 0040C5DC

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CombinePath$AddressCurrentDirectoryHandleModuleProcProcessSystemWindows_memset
String ID: SysNative\ntoskrnl.exe$System32\ntoskrnl.exe
API String ID: 3000881479-3236087421
Opcode ID: 772b94eafc8b4c5e10b05523957fb2f1a75c49640b29c033edd364d56f745016
Instruction ID: f51e8015be0d75bc3b4082a392197db6835306047e750f7953eeb18022503c20
Opcode Fuzzy Hash: 772b94eafc8b4c5e10b05523957fb2f1a75c49640b29c033edd364d56f745016
Instruction Fuzzy Hash: 7401DB70600208ABDB20EB719C4ABAD77A8EF5C304F5007EEF90E961C1EA345A14878D

Uniqueness

Uniqueness Score: -1.00%

Function 00430080 Relevance: 9.4, APIs: 6, Instructions: 365COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96f44135370419453a3b079a8d78be7f854e9148cb7af413d87b21e0775dc099
Instruction ID: b2a3643ae1d6468001741b308941717d24de8edca1fb66faf65dd1a710605137
Opcode Fuzzy Hash: 96f44135370419453a3b079a8d78be7f854e9148cb7af413d87b21e0775dc099
Instruction Fuzzy Hash: 59D18F71A002059FCB14DFA9C994AAFB7B5BF8C314F24825AF905A7351D738ED01CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004400B0 Relevance: 9.1, APIs: 6, Instructions: 135COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,00000000,00000000,?,?,?,004409FD), ref: 004400EF
CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,004409FD), ref: 00440107
CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,004409FD), ref: 00440120
CharNextW.USER32(7693A7D0,?,00000000,00000000,?,?,?,004409FD), ref: 00440127
CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,004409FD), ref: 00440181

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: 2190517cf58c8b5b0cc21c7602d7e8750ea9133ff063c596c2b252f88651bcbb
Instruction ID: abef29cc3d613c68cbb535442e5254110430d6263978d02f9d4416def72caffe
Opcode Fuzzy Hash: 2190517cf58c8b5b0cc21c7602d7e8750ea9133ff063c596c2b252f88651bcbb
Instruction Fuzzy Hash: 5841D2316042028BE7349F38DC84677B3E5FFA9310B64496BD989C7354E73AD861C788

Uniqueness

Uniqueness Score: -1.00%

Function 004525F0 Relevance: 9.1, APIs: 6, Instructions: 135windowCOMMON

Download Yara Rule

APIs

ILClone.SHELL32(?), ref: 0045263F
ILFree.SHELL32(F44D8B01), ref: 0045264F
ILClone.SHELL32(?), ref: 00452709
ILFree.SHELL32(?), ref: 0045271A
SendMessageW.USER32(8308458B,00000464,?,?), ref: 00452737
ILFree.SHELL32(?), ref: 00452746

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Free$Clone$MessageSend
String ID:
API String ID: 2623104593-0
Opcode ID: 5d489322d8682ab275be21ab2d6a6fadbd5f1eb4fddfcba54fbc2f4ae17a13c9
Instruction ID: d433f156e7115eb2176f9971e767788a5d2f149078fb56f683fc1d4df81eb4f2
Opcode Fuzzy Hash: 5d489322d8682ab275be21ab2d6a6fadbd5f1eb4fddfcba54fbc2f4ae17a13c9
Instruction Fuzzy Hash: 13517A712083009FD710DF29C984B1BBBE8AF89765F044A6EF845DB392D778E844CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004380E0 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00438117
_memset.LIBCMT ref: 0043812D
GetCurrentProcess.KERNEL32 ref: 00438161
_memset.LIBCMT ref: 00438194
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004381A9
WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000004,?,?), ref: 004381D2

Part of subcall function 00437130: GetSystemDirectoryW.KERNEL32(?,00000103), ref: 0043713F

Part of subcall function 00436F70: _memset.LIBCMT ref: 00436FBB
Part of subcall function 00436F70: ExpandEnvironmentStringsW.KERNEL32(%SystemDrive%,?,00000103), ref: 00436FDA
Part of subcall function 00436F70: __wcsnicmp.LIBCMT ref: 00436FF5
Part of subcall function 00436F70: _memset.LIBCMT ref: 0043701F
Part of subcall function 00436F70: ExpandEnvironmentStringsW.KERNEL32(%windir%,?,00000103), ref: 00437038
Part of subcall function 00436F70: __wcsicoll.LIBCMT ref: 00437042
Part of subcall function 00436F70: _memset.LIBCMT ref: 0043705F
Part of subcall function 00436F70: ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%,?,00000103), ref: 00437078
Part of subcall function 00436F70: __wcsicoll.LIBCMT ref: 00437082
Part of subcall function 00436F70: _memset.LIBCMT ref: 0043709F
Part of subcall function 00436F70: ExpandEnvironmentStringsW.KERNEL32(%ComSpec%,?,00000103), ref: 004370B8
Part of subcall function 00436F70: __wcsnicmp.LIBCMT ref: 004370DA
Part of subcall function 00436F70: __wcsicoll.LIBCMT ref: 004370F3

Part of subcall function 00437190: SetEnvironmentVariableW.KERNEL32(windir,?), ref: 004371BA
Part of subcall function 00437190: SetEnvironmentVariableW.KERNEL32(SystemRoot,?), ref: 004371C2
Part of subcall function 00437190: _memset.LIBCMT ref: 004371DA
Part of subcall function 00437190: SetEnvironmentVariableW.KERNEL32(ComSpec,?), ref: 00437290
Part of subcall function 00437190: SetEnvironmentVariableW.KERNEL32(SystemDrive,?), ref: 004372A7

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Environment_memset$ExpandStringsVariable$__wcsicoll$__wcsnicmp$CurrentDirectoryFileInformationModuleNameProcessQuerySessionSystem
String ID:
API String ID: 3875749331-0
Opcode ID: b0329e3fd0f1825e354b42a143efed0f4d540dfbdc2734afd56fad8cbf1d00a7
Instruction ID: 54575e3e1dcb29ce6dacfa761d8ae1c686852bbec517d2dd2cea38a38e6b5a6f
Opcode Fuzzy Hash: b0329e3fd0f1825e354b42a143efed0f4d540dfbdc2734afd56fad8cbf1d00a7
Instruction Fuzzy Hash: 0E31E971A0031866DF20AB219C45BEEB7799F59704F0001EEB904672C2EF795B49CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0047C5C0 Relevance: 9.1, APIs: 6, Instructions: 93synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF,?,7622DFA0,004AA7AC), ref: 0047C639
__CxxThrowException@8.LIBCMT ref: 0047C669
TlsSetValue.KERNEL32(00000000,00000000,004D1F8C,?,7622DFA0,004AA7AC), ref: 0047C67E
__CxxThrowException@8.LIBCMT ref: 0047C698
ReleaseMutex.KERNEL32(?,00000004,004BD138), ref: 0047C6CE

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$MutexObjectReleaseSingleValueWait
String ID:
API String ID: 2684265641-0
Opcode ID: 2758c1fbae51c1f3631e2fe26f82f9e89310e3e848529fbd17a74005aa804a09
Instruction ID: d0da56629ec16928174e50729b097d87bc63e89db3a6e55c17f7af2c40ac1f0b
Opcode Fuzzy Hash: 2758c1fbae51c1f3631e2fe26f82f9e89310e3e848529fbd17a74005aa804a09
Instruction Fuzzy Hash: 4C31A975A04604AFCB10DF68DCC4AEEB7B5EB45764F20866FE815E33D0D73999018758

Uniqueness

Uniqueness Score: -1.00%

Function 00480188 Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON

Download Yara Rule

APIs

___set_flsgetvalue.LIBCMT ref: 004801B9
__calloc_crt.LIBCMT ref: 004801C5
__getptd.LIBCMT ref: 004801D2
CreateThread.KERNEL32(?,?,00480105,00000000,?,?), ref: 00480209
GetLastError.KERNEL32(?,?,004435AF,?,?,?,?,?,?,?,?,?,00000000,00000000,00443240,?), ref: 00480213
__dosmaperr.LIBCMT ref: 0048022B

Part of subcall function 00484D9C: __getptd_noexit.LIBCMT ref: 00484D9C

Part of subcall function 0047EF0D: __decode_pointer.LIBCMT ref: 0047EF18

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
String ID:
API String ID: 1803633139-0
Opcode ID: c111022664f41eea7e030c0b44b7a844b53db1d9fc11b53ca53c6c9e447f707b
Instruction ID: 413ce0f0e1380343f6243b5b2820eaa50f33ff62ecc5890fbcda771bef9fd428
Opcode Fuzzy Hash: c111022664f41eea7e030c0b44b7a844b53db1d9fc11b53ca53c6c9e447f707b
Instruction Fuzzy Hash: 43113472504209AFCB10BFA99C4689F3BE5EF00328B21487FF10492151EB79DD01C769

Uniqueness

Uniqueness Score: -1.00%

Function 0043A140 Relevance: 9.0, APIs: 6, Instructions: 40COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0043A14B
GetDeviceCaps.GDI32(00000000,00000058), ref: 0043A156
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0043A162
ReleaseDC.USER32(00000000,00000000), ref: 0043A16E
MulDiv.KERNEL32(000009EC,?,?), ref: 0043A186
MulDiv.KERNEL32(000009EC,?,?), ref: 0043A197

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 1114a6dfb10eca33261bce9053868b563919a0e1dfed5622c3856e53378f19ca
Instruction ID: a200db4a4277a4d764c2c365dccb17b6f1eb408b0b0b482f61d6f891ba2191f3
Opcode Fuzzy Hash: 1114a6dfb10eca33261bce9053868b563919a0e1dfed5622c3856e53378f19ca
Instruction Fuzzy Hash: CDF031B1A45214BFE710DFA5DC49F9A7FACEB0A751F008155FA08DB280D6715D008BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0043A1B0 Relevance: 9.0, APIs: 6, Instructions: 40COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0043A1BB
GetDeviceCaps.GDI32(00000000,00000058), ref: 0043A1C6
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0043A1D2
ReleaseDC.USER32(00000000,00000000), ref: 0043A1DE
MulDiv.KERNEL32(?,00000000,000009EC), ref: 0043A1F6
MulDiv.KERNEL32(00000000,00000004,000009EC), ref: 0043A207

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 4924afd95b70364593f1ce6e188a638237f1430b7a6baba8dcd5e426a922e816
Instruction ID: d9f0e2beb4f07f661f4011c81e1602d31219bbd844ba6352aff73821edcadb16
Opcode Fuzzy Hash: 4924afd95b70364593f1ce6e188a638237f1430b7a6baba8dcd5e426a922e816
Instruction Fuzzy Hash: 3EF031B1A45214BFDB10DFA4DC49E9B7FACEB0A751F008155FA08DB281D6759D008BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004440B0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 288threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 004440DF
EnterCriticalSection.KERNEL32(?), ref: 004440F3
LeaveCriticalSection.KERNEL32(?), ref: 0044410B

Strings

360sandbox\close_dlg.xml, xrefs: 00444154
IDS_WINDOW_TITLE, xrefs: 004441EF

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CriticalSection$CurrentEnterLeaveThread
String ID: 360sandbox\close_dlg.xml$IDS_WINDOW_TITLE
API String ID: 2351996187-2457622634
Opcode ID: 828b006397e4146148305ba19510e17f5bfcd22539243bf5806ee6f486b0d9d0
Instruction ID: e74c3110e0af512bca413fae3f011e5771a54954e264cfd9fe865cd0ce222395
Opcode Fuzzy Hash: 828b006397e4146148305ba19510e17f5bfcd22539243bf5806ee6f486b0d9d0
Instruction Fuzzy Hash: 83A1B071204300AFE700DF69D881B5BB7E9AFC8704F14465EFA459B391DB79E801CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00438020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00438049
GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0043805F
PathRemoveFileSpecW.SHLWAPI(?), ref: 0043806C
PathCombineW.SHLWAPI(?,?,..\ipc\ipcservice.dll), ref: 00438085

Part of subcall function 00445890: EnterCriticalSection.KERNEL32(004CC8D0,?,?,?,?,?,0043809B,004D06D8), ref: 004458A5
Part of subcall function 00445890: LoadLibraryW.KERNEL32(?,?,?,?,?,?,0043809B,004D06D8), ref: 004458BB
Part of subcall function 00445890: GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 004458D3
Part of subcall function 00445890: GetProcAddress.KERNEL32(00000000,DllCanUnloadNow), ref: 004458E7
Part of subcall function 00445890: LeaveCriticalSection.KERNEL32(004CC8D0,?,?,?,?,?,0043809B,004D06D8), ref: 00445944

Strings

..\ipc\ipcservice.dll, xrefs: 00438072

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressCriticalFilePathProcSection$CombineEnterLeaveLibraryLoadModuleNameRemoveSpec_memset
String ID: ..\ipc\ipcservice.dll
API String ID: 3894807288-2015977190
Opcode ID: 24af29707bf18b22e96fd9c2919faca108aca1f925c07dd44196b86718d6d864
Instruction ID: 563bde876b10278dcd89484a61c042a9ea1dc234b23c18b0223a05d64a972569
Opcode Fuzzy Hash: 24af29707bf18b22e96fd9c2919faca108aca1f925c07dd44196b86718d6d864
Instruction Fuzzy Hash: 3E11E771A0020C9BDB10EB60DC89FEE7774EB58304F4049EEF50A9B191EE74AA858B58

Uniqueness

Uniqueness Score: -1.00%

Function 0040C540 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 0040C54F
GetProcAddress.KERNEL32(00000000), ref: 0040C556
GetCurrentProcess.KERNEL32(?), ref: 0040C56B

Strings

kernel32, xrefs: 0040C54A
IsWow64Process, xrefs: 0040C545

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32
API String ID: 4190356694-3789238822
Opcode ID: d3c1783ec03d037a76624f659db8eaf2903ba5336957af90e21a61d94fe241d9
Instruction ID: 8f609f22051cd97c1ad41cfe6baac2dbbf670db894ded962ead79b783dda7e72
Opcode Fuzzy Hash: d3c1783ec03d037a76624f659db8eaf2903ba5336957af90e21a61d94fe241d9
Instruction Fuzzy Hash: 1FE06572E15218A78B20DBB4AC099DA7BACDA0665170006A2FC08D3600E674995097E9

Uniqueness

Uniqueness Score: -1.00%

Function 00480087 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__IsNonwritableInCurrentImage.LIBCMT ref: 0048009A

Part of subcall function 0048AB50: __FindPESection.LIBCMT ref: 0048ABAB

__getptd_noexit.LIBCMT ref: 004800AA
__freeptd.LIBCMT ref: 004800B4
ExitThread.KERNEL32 ref: 004800BD

Strings

fcH, xrefs: 0048008C, 00480095, 004800A4

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
String ID: fcH
API String ID: 3182216644-2244779846
Opcode ID: f3bacf825c64a84c763f649814da4701e5ccc065564a2a38f137013e2a3be3e6
Instruction ID: b31b2503304a8c049135183edee3d096c28b07ddc09ab7cdbc8e8906a3ec2817
Opcode Fuzzy Hash: f3bacf825c64a84c763f649814da4701e5ccc065564a2a38f137013e2a3be3e6
Instruction Fuzzy Hash: E7D0C2380082016AE7203732EC19B1F7AD9DB83341B74082BB804801A1CF7CD895C72D

Uniqueness

Uniqueness Score: -1.00%

Function 004784C0 Relevance: 7.7, APIs: 5, Instructions: 212fileCOMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(?,?,?,?,?,00000000,00000002,00476F20,?,?,?,?,?,?,?,?), ref: 004784D9
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00478565
ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 00478581
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 0047860D

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: File$Pointer$ReadSize
String ID:
API String ID: 1971422761-0
Opcode ID: e7a5485f4ced2a2d0264254dfc20a1e3d26bdd921c7a806ab18d5b9ef312d9aa
Instruction ID: c6e9f9330f3da9c89220d02ca944c6d9d836131e910e53daef23142c97ab52ed
Opcode Fuzzy Hash: e7a5485f4ced2a2d0264254dfc20a1e3d26bdd921c7a806ab18d5b9ef312d9aa
Instruction Fuzzy Hash: B761D171744201ABD720DA69DC84BABB7E8EBC5714F58886EF948D7340DA29EC04C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00470610 Relevance: 7.7, APIs: 5, Instructions: 184COMMON

Download Yara Rule

APIs

std::_String_base::_Xlen.LIBCPMT ref: 00470692
_memmove_s.LIBCMT ref: 004706CF
std::_String_base::_Xlen.LIBCPMT ref: 004706F0
_memmove_s.LIBCMT ref: 00470776
_memcpy_s.LIBCMT ref: 00470796

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: String_base::_Xlen_memmove_sstd::_$_memcpy_s
String ID:
API String ID: 3768917404-0
Opcode ID: 548ac6cf0ee9aadea0cf283a34a4aeb4f1869f347a91fdea6729d6ab9bf72236
Instruction ID: b4fdfa97a5f62fc1e0a5802ae262bc91c7eab326f04cd0a00ff1bd9b6e5f0a69
Opcode Fuzzy Hash: 548ac6cf0ee9aadea0cf283a34a4aeb4f1869f347a91fdea6729d6ab9bf72236
Instruction Fuzzy Hash: EA51E1B1A01415EBD708DE59CA909AAF366FB91310B50C26BE91CC7740D734FDA0CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 0043E630 Relevance: 7.5, APIs: 5, Instructions: 49threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,004B27B8,00000000,00000000,00437907,?,?,?), ref: 0043E63D
GetCurrentThreadId.KERNEL32 ref: 0043E643
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 0043E66F
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 0043E683
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 0043E697

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CriticalSection$Leave$CurrentEnterThread
String ID:
API String ID: 2905768538-0
Opcode ID: 010be6293cb65cf6025151b67dbc61f101f5e19fc9bc5705ca29571015862dc2
Instruction ID: b111ef0c635aeb7312638dd9634d4f8816587a9ba551fc706fb8b5b40617058d
Opcode Fuzzy Hash: 010be6293cb65cf6025151b67dbc61f101f5e19fc9bc5705ca29571015862dc2
Instruction Fuzzy Hash: 4F01A437302111AB9B205BAAAC4455BB7A4EBD6677711097FFA11D3291C3349C02879C

Uniqueness

Uniqueness Score: -1.00%

Function 00446160 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 00446228
StrCmpNW.SHLWAPI(?,004AAC48,00000002,?,?,?,?,?,004423F5), ref: 0044626C

Strings

%machinename%, xrefs: 004462C9

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: _memcpy_s
String ID: %machinename%
API String ID: 2001391462-2716098280
Opcode ID: 80bb991826a787ba0f05bdf08604f2196398aa98c73d595917cf22f92bd6bd36
Instruction ID: e24c2a0f0405e18b2e0674fcd74976570ff6f0edc2dfdedf70873d34827d976e
Opcode Fuzzy Hash: 80bb991826a787ba0f05bdf08604f2196398aa98c73d595917cf22f92bd6bd36
Instruction Fuzzy Hash: 6D51D276A006149FD710DF5DCC41AABB7B4FF99324F15826AE814A7381DB38AE01CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 0044C700 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

StrCmpNIW.SHLWAPI(004AAC48,000000FF,00000002,C847C5BF,76BFB560,00000000,?), ref: 0044C749
_memset.LIBCMT ref: 0044C76B
GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0044C77F

Strings

360SANDBOX\SHADOW\, xrefs: 0044C7D2, 0044C8C1

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DirectorySystem_memset
String ID: 360SANDBOX\SHADOW\
API String ID: 3633563235-3764258526
Opcode ID: cae11aca23d0ccfc2fd9691e3842bdaf41e49510ffd9f586a4d6ede3b93c02d3
Instruction ID: 9e26971179c5ad29fd721802c12e2b23549dbd2a2f866c06f0df01cfe64fede1
Opcode Fuzzy Hash: cae11aca23d0ccfc2fd9691e3842bdaf41e49510ffd9f586a4d6ede3b93c02d3
Instruction Fuzzy Hash: 5451C571601604AFD740DB6CCC85F9AB7B9EF99324F248399E029972E2DB349E05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0046C690 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00469800: __wcsnicmp.LIBCMT ref: 00469836
Part of subcall function 00469800: GetCurrentProcessId.KERNEL32(00000000,?,004081B5,?,?,00000000,?,00000000,?,004079D6), ref: 00469842

LoadLibraryW.KERNEL32(00000000,00000000,004D04D0,004D04D0,?,00469BC5,00000000,\i18n.dll,00000009,004D0520,http://s.360safe.com/safei18n/,0000001E,C847C5BF,004D04B4,00000000,00000000), ref: 0046C6AE
GetProcAddress.KERNEL32(00000000,CreateI18N), ref: 0046C6C1
FreeLibrary.KERNEL32(?,?,00469BC5,00000000,\i18n.dll,00000009,004D0520,http://s.360safe.com/safei18n/,0000001E,C847C5BF,004D04B4,00000000,00000000), ref: 0046C6D3

Strings

CreateI18N, xrefs: 0046C6BB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Library$AddressCurrentFreeLoadProcProcess__wcsnicmp
String ID: CreateI18N
API String ID: 2666891623-2042046878
Opcode ID: d5ee1614d61f3492ef7efcadd9314f1787663d09aa3a87108a593e071019b0e5
Instruction ID: da2ac73733dc0b273a5b00f48d3e660840cd77b5c63be5ab8045be2d93e92011
Opcode Fuzzy Hash: d5ee1614d61f3492ef7efcadd9314f1787663d09aa3a87108a593e071019b0e5
Instruction Fuzzy Hash: C301B5B2204201ABDB109F65DC85BA7B7ACAF95355B00803BEC54C3201FF78E812D7AE

Uniqueness

Uniqueness Score: -1.00%

Function 00464810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(\\.\360SelfProtection,00000080,00000003,00000000,00000003,00000000,00000000), ref: 00464832
DeviceIoControl.KERNEL32(00000000,0022204C,?,00000004,00000000,00000004,?,00000000), ref: 0046485F
CloseHandle.KERNEL32(00000000), ref: 00464868

Strings

\\.\360SelfProtection, xrefs: 00464826

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: \\.\360SelfProtection
API String ID: 33631002-936859468
Opcode ID: 9a3fdb8c119a6324d1f8cd2fd4d53d0fd62ded7900a2a661cde74b81bfad67e0
Instruction ID: bc144f303f19445feb223c9a68dcc8d673bc88389b2f3c77592df9092e16bb3f
Opcode Fuzzy Hash: 9a3fdb8c119a6324d1f8cd2fd4d53d0fd62ded7900a2a661cde74b81bfad67e0
Instruction Fuzzy Hash: 5BF068367D5314BAE620E6A8EC06FDA7BACD745B21F104251FB14E71C0E6B45B0487E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(sites.dll,8007000E,00000000), ref: 0040C2D6
GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 0040C2E6

Strings

DllGetClassObject, xrefs: 0040C2E0
sites.dll, xrefs: 0040C2C8

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: DllGetClassObject$sites.dll
API String ID: 1646373207-4240289350
Opcode ID: 91c103f26ecf023c9abbe931d9fa72f11bfa175e55b1a7f7569c4143e1246ac2
Instruction ID: 939778ed34a5f390e072eb9ee001f2656ea29b55d94919a3e02a9bc65edfcdd0
Opcode Fuzzy Hash: 91c103f26ecf023c9abbe931d9fa72f11bfa175e55b1a7f7569c4143e1246ac2
Instruction Fuzzy Hash: C9018171600204AFC750DFA9DC44F9ABBE8EF99711F24816AF948D3380DB74D952CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0047E7B3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0047E7CD

Part of subcall function 0047FDE5: __FF_MSGBANNER.LIBCMT ref: 0047FE08
Part of subcall function 0047FDE5: __NMSG_WRITE.LIBCMT ref: 0047FE0F
Part of subcall function 0047FDE5: HeapAlloc.KERNEL32(00000000,004877DF,00000001,00000000,00000000,?,00486246,004877EE,00000001,004877EE,?,00489E1D,00000018,004BCC18,0000000C,00489EAE), ref: 0047FE5C

std::bad_alloc::bad_alloc.LIBCMT ref: 0047E7F0

Part of subcall function 0047E798: std::exception::exception.LIBCMT ref: 0047E7A4

__CxxThrowException@8.LIBCMT ref: 0047E812

Strings

u%@, xrefs: 0047E7CA

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AllocException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
String ID: u%@
API String ID: 2954547021-861201118
Opcode ID: 6b13ac96116e3c794c9a9b558824408164b50eb759083c858f2cb54a727ee41b
Instruction ID: 19b2009a3150746215e866996ff241766be81696790eed49dac9499397f8ec23
Opcode Fuzzy Hash: 6b13ac96116e3c794c9a9b558824408164b50eb759083c858f2cb54a727ee41b
Instruction Fuzzy Hash: D9F0E224D0020622DB4CB233EC86EDD3A694F94398B2585BFF81B950E1DF6C9985826D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0040A6B1
GetProcAddress.KERNEL32(00000000,AttachConsole), ref: 0040A6C1

Strings

kernel32.dll, xrefs: 0040A6AC
AttachConsole, xrefs: 0040A6BB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: AttachConsole$kernel32.dll
API String ID: 1646373207-3937112332
Opcode ID: c36efefb045afc3a6dfa5b78bb03240fb7f390a86030c8ef29781529e99f0423
Instruction ID: 50c16ec3a7fecc743ccecd28aac330f3de599043cc96e473e6fa7a469ea1501b
Opcode Fuzzy Hash: c36efefb045afc3a6dfa5b78bb03240fb7f390a86030c8ef29781529e99f0423
Instruction Fuzzy Hash: 83E04830B543056FDB109FB0AD04A7337BC5A0579030C043BB849DB2A1E77ED820D61E

Uniqueness

Uniqueness Score: -1.00%

Function 00436390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(yes), ref: 0043639A
VarBstrCmp.OLEAUT32(?,00000000,00000400,00000000), ref: 004363B0
SysFreeString.OLEAUT32(00000000), ref: 004363BC

Strings

yes, xrefs: 00436395

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: String$AllocBstrFree
String ID: yes
API String ID: 359749342-1978086825
Opcode ID: de3d0fc55452e6d98e9b470e76ff3f73aa20b00ee005df9734c5178de2a086a6
Instruction ID: b42a65e4c13b5b0323c11ee56dd8971918363706febe42d52d83d94bdb6cc6a4
Opcode Fuzzy Hash: de3d0fc55452e6d98e9b470e76ff3f73aa20b00ee005df9734c5178de2a086a6
Instruction Fuzzy Hash: BBE0C2721812247FC520A7559C89FC73F9CDB0A6A0F014013FA0597180C5A69840D7F8

Uniqueness

Uniqueness Score: -1.00%

Function 004087F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(sites.dll,0042E8E5,?,?,?,00000000), ref: 004087FB
GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 0040880B

Strings

DllGetClassObject, xrefs: 00408805
sites.dll, xrefs: 004087F0

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: DllGetClassObject$sites.dll
API String ID: 1646373207-4240289350
Opcode ID: ffc1e6ad60f3b1d8d9141b74a53c323709dfc333686b0490aecb144f94a8fd92
Instruction ID: f3bb219cb91ddff6943c717b3f3d7ee322d7f61b9364e883c029390449ec70a3
Opcode Fuzzy Hash: ffc1e6ad60f3b1d8d9141b74a53c323709dfc333686b0490aecb144f94a8fd92
Instruction Fuzzy Hash: D3D0C9717443018BDB605F64AD087017BE8AB59F01F18442EA4C5D2291DBB88090DB19

Uniqueness

Uniqueness Score: -1.00%

Function 00478710 Relevance: 6.2, APIs: 4, Instructions: 190fileCOMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00479308,?,00000000,?), ref: 0047872C
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,00479308,?,00000000,?), ref: 004787CB
ReadFile.KERNEL32(?,?,00008000,?,00000000,?,?,?,?,?,00479308,?,00000000,?), ref: 004787E7
_memset.LIBCMT ref: 0047888E

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize_memset
String ID:
API String ID: 1834740430-0
Opcode ID: 93e0cf3900c3e1f5d7ad07b43bbaed51a932666ced29b82e541d36c2ca1e666d
Instruction ID: d9b4b9d5291d5b4b034eda3349d35af16b8cdf59cf35bf54646a3fc2717bb333
Opcode Fuzzy Hash: 93e0cf3900c3e1f5d7ad07b43bbaed51a932666ced29b82e541d36c2ca1e666d
Instruction Fuzzy Hash: BA51A1716483009BD714DE29D8847ABB7E4FB88354F54892EF88DD7340EB38E9458B9B

Uniqueness

Uniqueness Score: -1.00%

Function 0046E7F0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

ColorRGBToHLS.SHLWAPI(?,?,?,?), ref: 0046E834
ColorHLSToRGB.SHLWAPI(000000EF,000000F0,000000F0), ref: 0046E915
ColorHLSToRGB.SHLWAPI(?,?,?), ref: 0046E928
ColorHLSToRGB.SHLWAPI(?,?,?), ref: 0046E93C

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Color
String ID:
API String ID: 2811717613-0
Opcode ID: dcc54533caa6b7f16dd1fe40463aadcc305ba25e75443bdc3b9a4081116a790c
Instruction ID: 2a187452c64b5235577ebd51601ca0745d3243ae4ca4a7f53b1d49af8c7ac1ca
Opcode Fuzzy Hash: dcc54533caa6b7f16dd1fe40463aadcc305ba25e75443bdc3b9a4081116a790c
Instruction Fuzzy Hash: C1419D7490822DABDF048F9AD8440FE7BF5FF84702F50895AFCA597280E3388661D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 004386D0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,0000000D,?,?,00000000,?,?,004385FA,?,00000000,8602C200,00040100,004B27B8,?), ref: 00438714
FlushInstructionCache.KERNEL32(00000000,?,?,004385FA,?,00000000,8602C200,00040100,004B27B8,?), ref: 0043871B
CreateWindowExW.USER32(00000000,004BA3AC,00040100,8602C200,?,0043E6B0,004BA3AC,Function_00037740,00000000,?,00000000,00000000), ref: 00438783

Part of subcall function 0047CFC2: GetProcessHeap.KERNEL32(00000000,0000000D,?,004073E0), ref: 0047CF43
Part of subcall function 0047CFC2: HeapAlloc.KERNEL32(00000000,?,004073E0), ref: 0047CF4A

SetLastError.KERNEL32(0000000E,?,?,00000000,?,?,004385FA,?,00000000,8602C200,00040100,004B27B8,?), ref: 00438793

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: HeapProcess$AllocCacheCreateCurrentErrorFlushInstructionLastWindow
String ID:
API String ID: 806723916-0
Opcode ID: e6440ff4708c7c29b34824eb328cfe53e29ae7a2a10fa981132853788137d603
Instruction ID: f320c900ab5e19bdba160cd50a5e7e69dd50df769eddb92a022e82aa64c14bc7
Opcode Fuzzy Hash: e6440ff4708c7c29b34824eb328cfe53e29ae7a2a10fa981132853788137d603
Instruction Fuzzy Hash: 05219172204205AFD7109F69EC48FA7BBA9EB89360F15811AF9048B291D774ED50CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0043E580 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

_memmove_s.LIBCMT ref: 0043E5B2
_memmove_s.LIBCMT ref: 0043E5D0
__recalloc.LIBCMT ref: 0043E5E8
__recalloc.LIBCMT ref: 0043E607

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: __recalloc_memmove_s
String ID:
API String ID: 1992126439-0
Opcode ID: 683fa03dac8628bc2921a144d9d3c6d82b1041b8117cb43b6bdd1013152ccdb6
Instruction ID: 16731d4d0bf53eef8cbab9dfcea345554f94c277bb9d9a47676763fcfa547f16
Opcode Fuzzy Hash: 683fa03dac8628bc2921a144d9d3c6d82b1041b8117cb43b6bdd1013152ccdb6
Instruction Fuzzy Hash: 2111D2B22017029FD320CA6ACC85D67B3E6DBD4304B548A2EE596C7744EA39E841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0043E760 Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(004B27D4,00000000,00000000,00000000,00000000), ref: 0043E781
GetMessageW.USER32(004B27D4,00000000,00000000,00000000), ref: 0043E7A4
TranslateMessage.USER32(004B27D4), ref: 0043E7C1
DispatchMessageW.USER32(004B27D4), ref: 0043E7C8

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: ea50d4b1d277b43a811dae1f433c8255f1451a1b08bd39b63d36dffb40b08e18
Instruction ID: ae8f7be16e1fc3fa5ea43dcbbd7217ac78ef99d7bccabded5ef20c2d38a9f56e
Opcode Fuzzy Hash: ea50d4b1d277b43a811dae1f433c8255f1451a1b08bd39b63d36dffb40b08e18
Instruction Fuzzy Hash: 5F118230302205EBE7309B5ACC89BBBB7A9FF49744F245123F615D72D0E768AD01869D

Uniqueness

Uniqueness Score: -1.00%

Function 0042E150 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,00000064), ref: 0042E16E
MulDiv.KERNEL32(?,00000064), ref: 0042E185
MulDiv.KERNEL32(?,00000064), ref: 0042E198
MulDiv.KERNEL32(?,00000064), ref: 0042E1AB

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e3693da22a76b64f22e3117f7f6c7f1b2de1cc7f494e8a81d66893576795912
Instruction ID: 65841c3cbb3b2ffb4f76e990970846e926388a07a400f8376c9c90e21504de20
Opcode Fuzzy Hash: 7e3693da22a76b64f22e3117f7f6c7f1b2de1cc7f494e8a81d66893576795912
Instruction Fuzzy Hash: D9111CB0A00705AFE720CFA9C885F26FBE5AF44704F54C55DE59983640E778B860CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00436440 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(?), ref: 00436472
CreateCompatibleBitmap.GDI32(?,?,?), ref: 0043648C
SelectObject.GDI32(?,00000000), ref: 00436499
SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 004364B3

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: CompatibleCreate$BitmapObjectSelectViewport
String ID:
API String ID: 1881423421-0
Opcode ID: 870e9c836bc56d70e5abd9cc5da19048ce5dd592f1e58212d9ecfeccb09fa467
Instruction ID: fbf8eb7d61190507ff1fe04981e36d0ce8a5cb484cd9f5bc05838d87aac995b3
Opcode Fuzzy Hash: 870e9c836bc56d70e5abd9cc5da19048ce5dd592f1e58212d9ecfeccb09fa467
Instruction Fuzzy Hash: 15115EB8504B019FD334CF29D998A23BBF5EB49700B108A1DE99A87B60D774E944CF90

Uniqueness

Uniqueness Score: -1.00%

Function 004363D0 Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON

Download Yara Rule

APIs

BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004363F2
SelectObject.GDI32(?,?), ref: 004363FF
DeleteObject.GDI32(?), ref: 0043640D
DeleteDC.GDI32(?), ref: 0043642B

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: DeleteObject$Select
String ID:
API String ID: 207189511-0
Opcode ID: 53285d941577162d5b3fb2f0cfa61c2da97720317080a6b189884ee0f0f2fec3
Instruction ID: b51f5a54fde25b0e2797d25a18c28e6fe88c33d04caa87317b6ed4b270fd4289
Opcode Fuzzy Hash: 53285d941577162d5b3fb2f0cfa61c2da97720317080a6b189884ee0f0f2fec3
Instruction Fuzzy Hash: 94F0B6B4604601AFE730CF69CD88E27BBF9EF88700B108A1DA896C3654DB74F844CA64

Uniqueness

Uniqueness Score: -1.00%

Function 0043A220 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 458COMMON

Download Yara Rule

Strings

AXWIN, xrefs: 0043A573

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: AXWIN
API String ID: 0-1948516679
Opcode ID: d05f469aa2e7983cfc18fa62c788c079d40b01589a9dba85772ab0f8188af657
Instruction ID: c9e329e4ecaa427cadab0c399dd41d22ad76b282ded5feb5cbf4c71530461125
Opcode Fuzzy Hash: d05f469aa2e7983cfc18fa62c788c079d40b01589a9dba85772ab0f8188af657
Instruction Fuzzy Hash: BB021674600605AFDB14CF68C880FABB3B9FF89704F20864DE9699B390D775E902CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00434800 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0043486F

Part of subcall function 004848AB: RaiseException.KERNEL32(?,?,0047E817,00000002,?,?,?,u%@,0047E817,00000002,004BCF18,004CDDEC,?,00402575,?,?), ref: 004848ED

Strings

%B, xrefs: 00434816
invalid map/set<T> iterator, xrefs: 00434835

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExceptionException@8RaiseThrow
String ID: %B$invalid map/set<T> iterator
API String ID: 3976011213-1877368840
Opcode ID: e29a406ace44bda80ef9ba0938f9a329e1e2940b156eb02ba95179202711fe16
Instruction ID: e340317a645bf64e706546f57a8986df4c203bdf7098070d84a614c692460c64
Opcode Fuzzy Hash: e29a406ace44bda80ef9ba0938f9a329e1e2940b156eb02ba95179202711fe16
Instruction Fuzzy Hash: 22C183B49042809FD755DF25C080796BBA1AF99318F68E08ED4894F792C3B9FC86CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00442550 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240COMMON

Download Yara Rule

Strings

IDS_APP_NOT_FOUND_MSG, xrefs: 004426AB
IDS_WINDOW_TITLE, xrefs: 0044266C

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: IDS_APP_NOT_FOUND_MSG$IDS_WINDOW_TITLE
API String ID: 0-3020183872
Opcode ID: adcc8cc1454d7e37c79ab0d1cce89fb51e97407f4da595bc05ce1d6daafc3798
Instruction ID: 890d96e76aa528e86193d441bad30fe029b877659ec07bf3fe58074a25363326
Opcode Fuzzy Hash: adcc8cc1454d7e37c79ab0d1cce89fb51e97407f4da595bc05ce1d6daafc3798
Instruction Fuzzy Hash: 0C91D470A002149FEB20EF65CD85B9EB3B4EF44314F5442EAF819AB351C774AE81CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004428D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON

Download Yara Rule

Strings

IDS_REMOVE_PROMPT_MSG, xrefs: 00442A13
IDS_WINDOW_TITLE, xrefs: 004429D2

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID:
String ID: IDS_REMOVE_PROMPT_MSG$IDS_WINDOW_TITLE
API String ID: 0-262009415
Opcode ID: 07227dee94f39d4c66dcb9410a412327c69bf0ca052aa385798a114f5d15d2e0
Instruction ID: 090f21a3e505ad217488302c0f993fd2418b415fea5df78cdb81b79706de4a19
Opcode Fuzzy Hash: 07227dee94f39d4c66dcb9410a412327c69bf0ca052aa385798a114f5d15d2e0
Instruction Fuzzy Hash: 1891B371A002549FEB20EF65CD85BDAB7B4EF44304F5081DAF909AB291CB74AE81CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00476030 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

_localeconv.LIBCMT ref: 0047605E

Part of subcall function 004825CA: __getptd.LIBCMT ref: 004825CA

Part of subcall function 0047D299: ____lc_handle_func.LIBCMT ref: 0047D29C
Part of subcall function 0047D299: ____lc_codepage_func.LIBCMT ref: 0047D2A4

Strings

true, xrefs: 004760EC
false, xrefs: 004760B5

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ____lc_codepage_func____lc_handle_func__getptd_localeconv
String ID: false$true
API String ID: 679402580-2658103896
Opcode ID: c9018b2fa59e483d36c3cdc01a9ab7e40a957cd7783f95306a3e0afdbd357c1a
Instruction ID: 2ef4e7ab34cee9a3d9022e9bf5b37deb0640a3bcb7cc5e6068835b9d2cd27269
Opcode Fuzzy Hash: c9018b2fa59e483d36c3cdc01a9ab7e40a957cd7783f95306a3e0afdbd357c1a
Instruction Fuzzy Hash: 9D418975C046808BC702DF7494486DA7BE1AF46340729C1AAC8899F307D639C90AC7E4

Uniqueness

Uniqueness Score: -1.00%

Function 0045C870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

ILIsEqual.SHELL32(00000000,?), ref: 0045C8AD
StrCmpIW.SHLWAPI(?,?), ref: 0045C90F

Strings

\Documents, xrefs: 0045C8DD

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: Equal
String ID: \Documents
API String ID: 4016716531-2263542325
Opcode ID: d0793cff13121c0ad14d7232393cdaef487dd806f14b8e9f79fa5f81e6054c6e
Instruction ID: 2a4fa88df90f0d9cbe2a5d7b66558ec021cbc0f0614003e97ab8167b2f7be63f
Opcode Fuzzy Hash: d0793cff13121c0ad14d7232393cdaef487dd806f14b8e9f79fa5f81e6054c6e
Instruction Fuzzy Hash: D521A7B2A042489FCB14DF99D882BFEB7BCEB55725F00416FEC0593381EB395908C699

Uniqueness

Uniqueness Score: -1.00%

Function 00470400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

std::_String_base::_Xlen.LIBCPMT ref: 00470410

Part of subcall function 0047D197: __EH_prolog3.LIBCMT ref: 0047D19E
Part of subcall function 0047D197: __CxxThrowException@8.LIBCMT ref: 0047D1C9

std::_String_base::_Xlen.LIBCPMT ref: 00470424

Strings

d;G, xrefs: 00470440

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: String_base::_Xlenstd::_$Exception@8H_prolog3Throw
String ID: d;G
API String ID: 1336181293-1687519717
Opcode ID: 33fef47c4c9ec2aa92be4da4c27a9d21410c4b9b48755e5a640eaab81d4a1843
Instruction ID: 5ff7ab0ffb3300d734fb5707dd9a9c2477fead84825366a8a5e18af81700fcbd
Opcode Fuzzy Hash: 33fef47c4c9ec2aa92be4da4c27a9d21410c4b9b48755e5a640eaab81d4a1843
Instruction Fuzzy Hash: E211E672701551ABC610AE5DA9C0A96F7A9BF55320B44823BE718C7B81C365FC50C3F9

Uniqueness

Uniqueness Score: -1.00%

Function 00436540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 004365B8

Part of subcall function 004848AB: RaiseException.KERNEL32(?,?,0047E817,00000002,?,?,?,u%@,0047E817,00000002,004BCF18,004CDDEC,?,00402575,?,?), ref: 004848ED

Strings

list<T> too long, xrefs: 00436576
QfC, xrefs: 0043657B, 00436595, 00436598

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: ExceptionException@8RaiseThrow
String ID: QfC$list<T> too long
API String ID: 3976011213-1489742909
Opcode ID: c4ce011bf326b4ee01ce90b3643b4f86f372e031c13ac89f4d2d49b36012945f
Instruction ID: 421bf4812bbf72ff835e3a4871fea5a1d8b838cee450d3927f654d5be3faa89d
Opcode Fuzzy Hash: c4ce011bf326b4ee01ce90b3643b4f86f372e031c13ac89f4d2d49b36012945f
Instruction Fuzzy Hash: C601B171904208AFCB00DFA4C945BDDB7B8FB19724F20066EE815B76C5D7B95604CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0049A3B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,Netbios), ref: 0049A3D3

Strings

Netbios, xrefs: 0049A3CD
Netapi32.dll, xrefs: 0049A3BC

Memory Dump Source

Source File: 00000000.00000002.2281987357.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2281971350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282061998.00000000004A7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282088211.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282108087.00000000004CA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004E1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2282145487.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Documento_Remisorio_Activo_N#8475684756.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: Netapi32.dll$Netbios
API String ID: 190572456-3142203730
Opcode ID: 6bf514f1fe1541b4ec4bd71b0c9de3d8fb04841b870750fd086e58eddca07eb6
Instruction ID: b4aab1eb1e6885cc061206f1623e6f4618f1238f39078a8550fffe30555ff2f3
Opcode Fuzzy Hash: 6bf514f1fe1541b4ec4bd71b0c9de3d8fb04841b870750fd086e58eddca07eb6
Instruction Fuzzy Hash: 3BE09AB23442015BAE608BA2ACC5F5B2B989A457883280477FC05C6390E77EC870E66F

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Documento_Remisorio_Activo_N#8475684756..exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Documents\ChromeUpdate\cr0wdik.exe

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Windows Analysis Report
Documento_Remisorio_Activo_N#8475684756..exe

Function 0042960E Relevance: 68.8, APIs: 2, Strings: 37, Instructions: 506
memoryCOMMON

Function 0042975C Relevance: 45.9, APIs: 2, Strings: 24, Instructions: 357
memoryCOMMON

Function 00429836 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 338
COMMON

Function 00429F4F Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 324
memoryCOMMON

Function 00429905 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 288
memoryCOMMON

Function 0041A1A2 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 265
COMMON

Function 004296DB Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Function 004296A9 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Function 00429700 Relevance: 45.8, APIs: 2, Strings: 24, Instructions: 265
memoryCOMMON

Function 0042A069 Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 237
memoryCOMMON

Function 0042A07B Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 232
memoryCOMMON

Function 00429E1E Relevance: 45.7, APIs: 2, Strings: 24, Instructions: 229
memoryCOMMON

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre