Play interactive tour

Edit tour

Analysis Report file

Overview

General Information

Sample Name:	file (renamed file extension from none to exe)
Analysis ID:	339189
MD5:	4be8c93e9f60d0c2503dc3c6869975c4
SHA1:	3554a4a68003edeef2e4385ec70d7d477fed77c0
SHA256:	f188b5182bfe25b85b5748ae7932ff857fbeebe45c9b67718d708fa843d3b7b6
Tags:	exeGuLoader
Most interesting Screenshot:

Detection

GuLoader

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected GuLoader

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found potential dummy code loops (likely to delay analysis)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected VB6 Downloader Generic

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

file.exe (PID: 6492 cmdline: 'C:\Users\user\Desktop\file.exe' MD5: 4BE8C93E9F60D0C2503DC3C6869975C4)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 6492	JoeSecurity_VB6DownloaderGeneric	Yara detected VB6 Downloader Generic	Joe Security
Process Memory Space: file.exe PID: 6492	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: file.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: file.exe, 00000000.00000002.1276886652.000000000077A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\Desktop\file.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00737B9C NtProtectVirtualMemory,

0_2_00737B9C

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733876	0_2_00733876
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737C7A	0_2_00737C7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735463	0_2_00735463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731857	0_2_00731857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732C54	0_2_00732C54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073685F	0_2_0073685F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736C43	0_2_00736C43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733442	0_2_00733442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736046	0_2_00736046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737045	0_2_00737045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073243A	0_2_0073243A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733822	0_2_00733822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073542F	0_2_0073542F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073801A	0_2_0073801A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073201E	0_2_0073201E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00730804	0_2_00730804
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735CF7	0_2_00735CF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007354FD	0_2_007354FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007374E7	0_2_007374E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007300EB	0_2_007300EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737CD3	0_2_00737CD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007328D0	0_2_007328D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007330C2	0_2_007330C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007358C6	0_2_007358C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007380C5	0_2_007380C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007354CC	0_2_007354CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732CA7	0_2_00732CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007334A6	0_2_007334A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007364AF	0_2_007364AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736892	0_2_00736892
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735494	0_2_00735494
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073808A	0_2_0073808A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732173	0_2_00732173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737D77	0_2_00737D77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073256C	0_2_0073256C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735D5F	0_2_00735D5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735941	0_2_00735941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073754B	0_2_0073754B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737D48	0_2_00737D48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737133	0_2_00737133
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735D30	0_2_00735D30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073292E	0_2_0073292E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737D10	0_2_00737D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073211B	0_2_0073211B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735908	0_2_00735908
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073650D	0_2_0073650D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007301F5	0_2_007301F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007351F4	0_2_007351F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731DF8	0_2_00731DF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007355FC	0_2_007355FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737DDC	0_2_00737DDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007301C4	0_2_007301C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007359CE	0_2_007359CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007355CC	0_2_007355CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007339AB	0_2_007339AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737DAB	0_2_00737DAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007321A8	0_2_007321A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007371AE	0_2_007371AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00738194	0_2_00738194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736D8A	0_2_00736D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732274	0_2_00732274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735678	0_2_00735678
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735E7F	0_2_00735E7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737260	0_2_00737260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737664	0_2_00737664
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732E4E	0_2_00732E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735A4D	0_2_00735A4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735638	0_2_00735638
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737E3E	0_2_00737E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737E10	0_2_00737E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732E07	0_2_00732E07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737206	0_2_00737206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735A0B	0_2_00735A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007352F1	0_2_007352F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735AE2	0_2_00735AE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737EE7	0_2_00737EE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007372D6	0_2_007372D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732EC0	0_2_00732EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736ECD	0_2_00736ECD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735AB0	0_2_00735AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007376B7	0_2_007376B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736EA3	0_2_00736EA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733EA8	0_2_00733EA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007356A8	0_2_007356A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007366A8	0_2_007366A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733293	0_2_00733293
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732698	0_2_00732698
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732A98	0_2_00732A98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731A9C	0_2_00731A9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073737A	0_2_0073737A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735779	0_2_00735779
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731F61	0_2_00731F61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733368	0_2_00733368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732352	0_2_00732352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737F5C	0_2_00737F5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735B43	0_2_00735B43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736744	0_2_00736744
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731F35	0_2_00731F35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735F3C	0_2_00735F3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737321	0_2_00737321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737F27	0_2_00737F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732F1B	0_2_00732F1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073371A	0_2_0073371A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736F03	0_2_00736F03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733302	0_2_00733302
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007317F2	0_2_007317F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735BF1	0_2_00735BF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007353FC	0_2_007353FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007363EA	0_2_007363EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007367ED	0_2_007367ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737FD0	0_2_00737FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007333D8	0_2_007333D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731BDE	0_2_00731BDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007313DC	0_2_007313DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007337C7	0_2_007337C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736BC6	0_2_00736BC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007373CA	0_2_007373CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735BB0	0_2_00735BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737F9A	0_2_00737F9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731B84	0_2_00731B84

Source: file.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: file.exe, 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameDenotationen5.exe vs file.exe
Source: file.exe, 00000000.00000002.1276790560.00000000005E0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameDenotationen5.exe vs file.exe

Source: file.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal68.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5C53FDF4DEAA7056.TMP

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: Process Memory Space: file.exe PID: 6492, type: MEMORY

Yara detected VB6 Downloader Generic

Show sources

Source: Yara match

File source: Process Memory Space: file.exe PID: 6492, type: MEMORY

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C41E pushfd ; retf	0_2_0040C425
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409D74 push ebp; retf	0_2_00409D75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004075AA push 00000000h; ret	0_2_004075AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408AD8 pushfd ; retf	0_2_00408AD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733C73 pushf ; iretd	0_2_00733C75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733C37 pushfd ; iretd	0_2_00733C75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00730036 push eax; retf	0_2_0073003E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733CE5 push 85335BCEh; ret	0_2_00733CEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007319A1 push F7665BCEh; ret	0_2_007319A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00730A65 push 85C039CEh; retf	0_2_00730A6A

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732865	0_2_00732865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073284A	0_2_0073284A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073280D	0_2_0073280D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007358C6	0_2_007358C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007358C4	0_2_007358C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735941	0_2_00735941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735908	0_2_00735908
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007359CE	0_2_007359CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735A4D	0_2_00735A4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735A0B	0_2_00735A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007352F1	0_2_007352F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735AE2	0_2_00735AE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735AB0	0_2_00735AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735B7F	0_2_00735B7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735B43	0_2_00735B43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073534F	0_2_0073534F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731F1A	0_2_00731F1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735B0B	0_2_00735B0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007353E5	0_2_007353E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007327D3	0_2_007327D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00735BB0	0_2_00735BB0

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: file.exe

Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\file.exe

RDTSC instruction interceptor: First address: 0000000000736986 second address: 0000000000736986 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F42B49A9418h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test al, bl 0x0000001f cmp bh, ch 0x00000021 test ebx, edx 0x00000023 add edi, edx 0x00000025 test cl, dl 0x00000027 dec dword ptr [ebp+000000F8h] 0x0000002d cmp dword ptr [ebp+000000F8h], 00000000h 0x00000034 jne 00007F42B49A93A9h 0x00000036 push ss 0x00000037 pop ss 0x00000038 jmp 00007F42B49A942Bh 0x0000003a jmp 00007F42B49A943Ah 0x0000003c test ch, bh 0x0000003e cmp ecx, ecx 0x00000040 call 00007F42B49A946Bh 0x00000045 call 00007F42B49A9428h 0x0000004a lfence 0x0000004d mov edx, dword ptr [7FFE0014h] 0x00000053 lfence 0x00000056 ret 0x00000057 mov esi, edx 0x00000059 pushad 0x0000005a rdtsc

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00737C70 rdtsc

0_2_00737C70

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: file.exe

Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\file.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00737C70 rdtsc

0_2_00737C70

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00736074 mov eax, dword ptr fs:[00000030h]	0_2_00736074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00732865 mov eax, dword ptr fs:[00000030h]	0_2_00732865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073284A mov eax, dword ptr fs:[00000030h]	0_2_0073284A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073280D mov eax, dword ptr fs:[00000030h]	0_2_0073280D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737133 mov eax, dword ptr fs:[00000030h]	0_2_00737133
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737131 mov eax, dword ptr fs:[00000030h]	0_2_00737131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007365F7 mov eax, dword ptr fs:[00000030h]	0_2_007365F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007325A2 mov eax, dword ptr fs:[00000030h]	0_2_007325A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007336B1 mov eax, dword ptr fs:[00000030h]	0_2_007336B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731F1A mov eax, dword ptr fs:[00000030h]	0_2_00731F1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007327D3 mov eax, dword ptr fs:[00000030h]	0_2_007327D3

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: file.exe, 00000000.00000002.1276937539.0000000000D00000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: file.exe, 00000000.00000002.1276937539.0000000000D00000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: file.exe, 00000000.00000002.1276937539.0000000000D00000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: file.exe, 00000000.00000002.1276937539.0000000000D00000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: file.exe, 00000000.00000002.1276937539.0000000000D00000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00735941 cpuid

0_2_00735941

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	Input Capture1	Security Software Discovery411	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Virtualization/Sandbox Evasion11	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery211	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	4%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339189
Start date:	13.01.2021
Start time:	17:03:41
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	file (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	38
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.evad.winEXE@1/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 27.3% (good quality ratio 5.7%) Quality average: 12.1% Quality standard deviation: 25%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe VT rate limit hit for: /opt/package/joesandbox/database/analysis/339189/sample/file.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.855768456782711
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	81920
MD5:	4be8c93e9f60d0c2503dc3c6869975c4
SHA1:	3554a4a68003edeef2e4385ec70d7d477fed77c0
SHA256:	f188b5182bfe25b85b5748ae7932ff857fbeebe45c9b67718d708fa843d3b7b6
SHA512:	b2606e00286ad269019b4cc791a533c4b8c9b37dade838cf799b7b3bc5ca5988cb62dd21ce3682f4be7d61ee269c8e7c79196ef7a9ad5e8fc5bcc4431988af0c
SSDEEP:	768:n5u4XZE+wBI17dRUdE2BdjuL1WGi7wLcx6/e2NaMs1JcLAVOIyIGbZD:n5x8I1EE7UGnLcU2WMVOzR
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...I.._.....................0............... ....@................

File Icon


Icon Hash:	6eeed0e4a4a4e0d2

Static PE Info

General
Entrypoint:	0x40121c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5FFECC49 [Wed Jan 13 10:32:41 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f08e2fa188bfdb85d74117a6c20b7544

Entrypoint Preview

Instruction
push 00401D98h
call 00007F42B4AE7805h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
pop ecx
push FFFFFFD3h
mov al, FDh
add al, byte ptr [ebx-61h]
cmp dword ptr [edx-6Bh], FFFFFFBFh
std
fimul dword ptr [ecx+00000000h]
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esi
outsd
outsb
bound esi, dword ptr [edx+6Fh]
outsd
imul ebp, dword ptr fs:[esi+67h], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
and ebp, dword ptr [edi+5845D204h]
bound eax, dword ptr [esi-37D271B6h]
retf
lea ebp, dword ptr [esi]
inc edi
pop es
insd
std
mov bl, 63h
mov dh, 8Fh
loopne 00007F42B4AE7858h
mov dl, 57h
mov dx, fs
sahf
mov word ptr [edx-71h], fs
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
sub dword ptr [edx], ecx
add byte ptr [eax], al
int 05h
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax+48h], dl
pop ecx
push edx
pop ecx
dec esi
dec ecx
inc ecx
add byte ptr [62000601h], cl
imul esi, dword ptr [edx+67h], 00007365h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x113a4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x14000	0x8a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0xcc	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x107b8	0x11000	False	0.385397518382	data	6.31245721333	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x12000	0x1160	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x14000	0x8a8	0x1000	False	0.332275390625	data	3.04749531766	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x14340	0x568	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x1432c	0x14	data
RT_VERSION	0x140f0	0x23c	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, _adj_fpatan, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarAdd, __vbaVarLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Denotationen5
FileVersion	1.00
CompanyName	Web Share.
ProductName	Ungdomshjemmenes
ProductVersion	1.00
OriginalFilename	Denotationen5.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: file.exe PID: 6492 Parent PID: 5744

General

Start time:	17:04:40
Start date:	13/01/2021
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\file.exe'
Imagebase:	0x400000
File size:	81920 bytes
MD5 hash:	4BE8C93E9F60D0C2503DC3C6869975C4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: file.exe PID: 6492 Parent PID: 5744 file.exeCOMMON

Executed Functions

Function 0040121C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 72%

			_entry_(signed int __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _t46;
				signed int _t48;
				signed int _t49;
				signed char _t50;
				signed int _t57;
				void* _t62;
				void* _t64;
				signed int* _t66;
				intOrPtr* _t70;
				void* _t73;
				void* _t75;
				signed int _t77;
				void* _t82;
				signed int _t91;
				intOrPtr _t98;
				intOrPtr _t99;
				void* _t102;

				_t102 = __fp0;
				_push("VB5!6&*"); // executed
				L00401216(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t46 = __eax + 1;
				 *_t46 =  *_t46 + _t46;
				 *_t46 =  *_t46 + _t46;
				 *_t46 =  *_t46 + _t46;
				 *_t46 =  *_t46 + __ecx;
				_pop(_t62);
				_t48 = 0xfd +  *((intOrPtr*)(__ebx - 0x61));
				asm("std");
				asm("fimul dword [ecx]");
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 + _t48;
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 + 0xfd;
				_t75 = __esi - 1;
				asm("outsd");
				asm("outsb");
				asm("bound esi, [edx+0x6f]");
				asm("outsd");
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 + 0xfd;
				 *_t48 =  *_t48 ^ _t48;
				asm("bound eax, [esi-0x37d271b6]");
				asm("retf");
				_t82 = _t75;
				_t73 = __edi + 1;
				es = 0xffffffd3;
				asm("insd");
				asm("std");
				asm("loopne 0x48");
				_t70 = fs;
				asm("sahf");
				 *((intOrPtr*)(_t70 - 0x71)) = fs;
				_t49 = _t48;
				asm("stosb");
				 *((intOrPtr*)(_t49 - 0x2d)) =  *((intOrPtr*)(_t49 - 0x2d)) + _t49;
				_t50 = 0x00000063 ^  *(_t62 - 0x48ee309a);
				_t57 = _t49;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + 0xfd;
				 *_t70 =  *_t70 - _t62;
				 *_t50 =  *_t50 + 0xfd;
				asm("int 0x5");
				 *_t50 =  *_t50 + 0xfd;
				 *_t50 =  *_t50 + _t62;
				 *((intOrPtr*)(_t50 + 0x48)) =  *((intOrPtr*)(_t50 + 0x48)) + 0x57;
				_t64 = _t70;
				while(1) {
					_t66 = _t64 - 1 + 1;
					 *0x62000601 =  *0x62000601 + _t66;
					while(1) {
						_push(es);
						 *((intOrPtr*)(_t70 + 0x69)) =  *((intOrPtr*)(_t70 + 0x69)) + _t50;
						while(1) {
							_t77 =  *(_t70 + 0x67) * 0x19007365;
							_t91 = _t77;
							if (_t91 >= 0) goto L6;
							asm("sbb [ecx], eax");
							 *_t70 =  *_t70 + _t50;
							_t50 = _t50 &  *_t66 &  *(_t77 + 0x6c000005);
							if (_t50 == 0) goto L7;
							 *((intOrPtr*)(_t77 + 5)) =  *((intOrPtr*)(_t77 + 5)) + _t57;
							asm("retf");
							_t24 = _t70 - 0x59;
							 *_t24 =  *((intOrPtr*)(_t70 - 0x59)) + _t66;
							_t99 =  *_t24;
							asm("rol dword [eax], cl");
							_push(0xffffffa8);
							asm("rol dword [eax], cl");
							_push(0x6700d5a8);
							asm("lodsb");
							_push(0xffffffab);
							_t102 = _t102 +  *_t50 +  *_t50;
							if(_t99 >= 0) {
								 *_t50 =  *_t50 + _t50;
								asm("adc [eax], al");
								 *_t50 =  *_t50 + _t50;
								L11:
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t66 =  *_t66 + _t50;
								 *_t50 =  *_t50 + _t66;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *((intOrPtr*)(_t50 + 1)) =  *((intOrPtr*)(_t50 + 1)) + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t66 =  *_t66 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								 *_t50 =  *_t50 + _t50;
								_t22 = _t73 - 0x66;
								 *_t22 =  *((intOrPtr*)(_t73 - 0x66)) + _t70;
								_t98 =  *_t22;
							}
							asm("aad 0x0");
							if(_t99 < 0) {
								goto L11;
							}
							asm("fiadd dword [eax]");
							asm("insd");
							 *((intOrPtr*)(_t77 - 0x4b)) =  *((intOrPtr*)(_t77 - 0x4b)) + 0xe5;
							goto 0xe8f57d71;
							 *((intOrPtr*)(_t73 - 0x45)) =  *((intOrPtr*)(_t73 - 0x45)) + _t57;
						}
					}
				}
			}

0x0040121c
0x0040121c
0x00401221
0x00401226
0x00401228
0x0040122a
0x0040122c
0x0040122e
0x00401230
0x00401231
0x00401233
0x00401235
0x00401237
0x00401239
0x0040123e
0x00401245
0x00401246
0x0040124c
0x0040124e
0x00401250
0x00401252
0x00401254
0x00401256
0x00401258
0x00401259
0x0040125a
0x0040125b
0x0040125e
0x00401267
0x00401269
0x0040126e
0x00401276
0x0040127c
0x0040127d
0x0040127f
0x00401280
0x00401281
0x00401282
0x00401287
0x0040128b
0x0040128d
0x0040128e
0x0040129a
0x0040129c
0x0040129d
0x004012a0
0x004012a0
0x004012a1
0x004012a3
0x004012a5
0x004012a7
0x004012a9
0x004012ab
0x004012ad
0x004012af
0x004012b1
0x004012b3
0x004012b5
0x004012b7
0x004012b9
0x004012bb
0x004012bd
0x004012bf
0x004012c1
0x004012c3
0x004012c5
0x004012c7
0x004012c9
0x004012cb
0x004012cd
0x004012cf
0x004012d4
0x004012d6
0x004012d7
0x004012d8
0x004012db
0x004012db
0x004012dc
0x004012de
0x004012de
0x004012de
0x004012e1
0x004012e4
0x004012e6
0x004012eb
0x004012f1
0x004012f3
0x00401348
0x00401349
0x00401349
0x00401349
0x0040134c
0x0040134e
0x00401350
0x00401352
0x00401357
0x0040135a
0x0040135c
0x0040135e
0x00401310
0x00401312
0x00401314
0x00401315
0x00401315
0x00401317
0x00401319
0x0040131b
0x0040131d
0x0040131f
0x00401321
0x00401324
0x00401326
0x00401328
0x0040132a
0x0040132c
0x0040132e
0x00401330
0x00401331
0x00401333
0x00401335
0x00401337
0x00401339
0x00401339
0x00401339
0x00401339
0x00401360
0x00401362
0x00000000
0x00000000
0x00401364
0x00401366
0x00401369
0x0040136c
0x00401371
0x00401373
0x004012de
0x004012db

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401221

Strings

VB5!6&*, xrefs: 0040121C

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: f4625ba0e66e62fa55909cd4fcb5213e28137572a35113c60d0841abee74e017
Instruction ID: 3b1b98cc4335f670927d1dbebc53c4ecc532a8ce1e7ad9edf3b6fe254e69ecc0
Opcode Fuzzy Hash: f4625ba0e66e62fa55909cd4fcb5213e28137572a35113c60d0841abee74e017
Instruction Fuzzy Hash: 94018C2294E7C18FC31787709A69244BFB0AF13624B1A01E7C4A0DF4F3D26C2959C772

Uniqueness

Uniqueness Score: -1.00%

Function 004067A8, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 294memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Strings

., xrefs: 004067BB

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID: .
API String ID: 4275171209-248832578
Opcode ID: e9081e146d7528c5bdda2b557e8375724172382f1656c94e2f7823874a199fd8
Instruction ID: 62f9c27ce61c75d62221d59e139956f63e065be018aa3498286822c802d08f2f
Opcode Fuzzy Hash: e9081e146d7528c5bdda2b557e8375724172382f1656c94e2f7823874a199fd8
Instruction Fuzzy Hash: 975199E1E6F347D9E22C951458901F9615CAA0FB18632A97BC94F3B4C3953C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 00406C58, Relevance: 1.7, APIs: 1, Instructions: 408memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1878f1ad4bfc9899f2c64a7f732026c388b6221575a2734cc9b82858bf34245d
Instruction ID: 209e1be0a1a81493d67293303b2aaa107214e05b9643036f6db164d164ef577b
Opcode Fuzzy Hash: 1878f1ad4bfc9899f2c64a7f732026c388b6221575a2734cc9b82858bf34245d
Instruction Fuzzy Hash: 8A5120A9F2EA07D9DA2C141988811B4219CAD2F72C133693FC50F7A1C2553C7A33B94F

Uniqueness

Uniqueness Score: -1.00%

Function 004065A6, Relevance: 1.6, APIs: 1, Instructions: 359memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 906e90782019643539cbae09db5e116c77973a63b5f3e05e3d192b878c055200
Instruction ID: a53fad1c1edb774aebfc202f81d115d25b89aa07abe69691c6bbfc30bdee1d5b
Opcode Fuzzy Hash: 906e90782019643539cbae09db5e116c77973a63b5f3e05e3d192b878c055200
Instruction Fuzzy Hash: 5B5195E1E6F203D9EA68540098601F5215CAA1FB18933A83BD54F371C7913D3A37795F

Uniqueness

Uniqueness Score: -1.00%

Function 004069DF, Relevance: 1.6, APIs: 1, Instructions: 345memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: eb002420abde71c129701f45a1fe1440d4c5753342bf9a4e473e23855190c514
Instruction ID: e6167def8e3b0c889b4e8eb7f993a51b804ccc272d3ade363d8a31e922b0370c
Opcode Fuzzy Hash: eb002420abde71c129701f45a1fe1440d4c5753342bf9a4e473e23855190c514
Instruction Fuzzy Hash: FF519096F2E683C9E22869544C910B6215CF64F724136A4BBD90F372C3513C3A23BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 0040693B, Relevance: 1.6, APIs: 1, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 30bac14f0b5ec9e7266a10163aa2728295849dda838754abf19a57ae4d9635c7
Instruction ID: 08268bf9dbc64cdfb58373837f8fc68a36d9b0c2827d0d4203b90f45cb3cf981
Opcode Fuzzy Hash: 30bac14f0b5ec9e7266a10163aa2728295849dda838754abf19a57ae4d9635c7
Instruction Fuzzy Hash: C261D9E8E7E297C8D6186A1408509BA1D49E70BF545B36CBB9A0F379CB503C2633764F

Uniqueness

Uniqueness Score: -1.00%

Function 0040662A, Relevance: 1.6, APIs: 1, Instructions: 307memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fd94a74d19e45fad16bb1ab41a41d8ec8438b047ee4c8852e200c93718633553
Instruction ID: 728dcd155b902f8d036aab6be8d02c7913017b6359896b79834ff018e6f1dda9
Opcode Fuzzy Hash: fd94a74d19e45fad16bb1ab41a41d8ec8438b047ee4c8852e200c93718633553
Instruction Fuzzy Hash: 3D4134E1E6F357D9E26C950048901F8615CAA4FB48532B83B994F374C3913C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 0040669F, Relevance: 1.5, APIs: 1, Instructions: 299memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3d3117c4a6ec3d3cc89a886a49a55f1538d2050779d78f69313f372442b8d107
Instruction ID: ed064658e7bb0262431a150216e55589e250ff9d90132148e58dd3c4a3084e5d
Opcode Fuzzy Hash: 3d3117c4a6ec3d3cc89a886a49a55f1538d2050779d78f69313f372442b8d107
Instruction Fuzzy Hash: 3B4134E1E6F357D9E25C951058901F8616CAA4FB58532B83B964F374C3913C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 00406669, Relevance: 1.5, APIs: 1, Instructions: 295memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5db106871b9414f83785f59e42fda7037ff613d02ee6ee621ac3bce23200038e
Instruction ID: e5dc76ab3ce10d7532b068cfdea09a1939a9565de57b55103c075d2676c6835e
Opcode Fuzzy Hash: 5db106871b9414f83785f59e42fda7037ff613d02ee6ee621ac3bce23200038e
Instruction Fuzzy Hash: 8B4143E1E6F353D9E26C650048901F8616CAA4FB48632B83B994F374C3913C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 004067F3, Relevance: 1.5, APIs: 1, Instructions: 287memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e05fc6ef7a6eeab847536892a92a8814a4e3a991d32397977e8ad74d1f38c5e0
Instruction ID: 46737c38723203a4cd4dd5b75ef95e579a42ca534ace39dcc113d38fbcee6692
Opcode Fuzzy Hash: e05fc6ef7a6eeab847536892a92a8814a4e3a991d32397977e8ad74d1f38c5e0
Instruction Fuzzy Hash: 184133E1E6F347D9E26CA51058901F8615CEA4FB48632A83B9A4F374C3553C3623BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 00406601, Relevance: 1.5, APIs: 1, Instructions: 281memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a6ee2911164ee0704e232aa8888548056bb9b1a966628ee770645e9d00399761
Instruction ID: d29ca1ad2401254059c104602cac8baa48ddabf5c9b6366a89d1592c878aaeab
Opcode Fuzzy Hash: a6ee2911164ee0704e232aa8888548056bb9b1a966628ee770645e9d00399761
Instruction Fuzzy Hash: C34131E1E6F357D9E26CA51058901F8616CAA4FB48532B83B994F374C3953C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 0040677D, Relevance: 1.5, APIs: 1, Instructions: 274memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d3c848dea70bad35f6866be853a91dc633667f7b82de74a9f1b3fac86ce61ff5
Instruction ID: de5458ae79162962c2349a50654bc68a3d42c2fb2c0bc71efc305098f57ab9e6
Opcode Fuzzy Hash: d3c848dea70bad35f6866be853a91dc633667f7b82de74a9f1b3fac86ce61ff5
Instruction Fuzzy Hash: 764131E1E6F343D9E26CA50048901F8615CAA4FB48532B83B9A4F374C3913C3623B99F

Uniqueness

Uniqueness Score: -1.00%

Function 00406ACD, Relevance: 1.5, APIs: 1, Instructions: 273memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 171796e5128d849b6a24fc3b20c276bce82d5e228c10bc1ee633d774f3d69d01
Instruction ID: a8d871a56871ed1d3b59f9f85945e3fd3073ae87ea5a723f76cdbd4eb78017d4
Opcode Fuzzy Hash: 171796e5128d849b6a24fc3b20c276bce82d5e228c10bc1ee633d774f3d69d01
Instruction Fuzzy Hash: CA4154D1E6F353D9E66C981058900F9251CAA4FB48532A87B994F371C3513C3623B6AF

Uniqueness

Uniqueness Score: -1.00%

Function 004068E1, Relevance: 1.5, APIs: 1, Instructions: 270memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 675d3864b5a616c44a8857ece83c49bf556f85c08c0aaf29bf6cef805abbdb96
Instruction ID: 627b34056cb7fb3bb428ae4d32923693c79b08ece06237e77f8373dc044c53ad
Opcode Fuzzy Hash: 675d3864b5a616c44a8857ece83c49bf556f85c08c0aaf29bf6cef805abbdb96
Instruction Fuzzy Hash: FE4121D1E6F353D9E26C951058901F8615CAA4FB48532A83BDA4F374C3553C3623BA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00406718, Relevance: 1.5, APIs: 1, Instructions: 269memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d2a65245fb0b3e3b062e5c5a266ed9f476c6196f99ab724593048e7db5abcc58
Instruction ID: a341a361ddf757c55a864ae489dfcc6fcd486bdefa0cec79dabf027d171a5ccc
Opcode Fuzzy Hash: d2a65245fb0b3e3b062e5c5a266ed9f476c6196f99ab724593048e7db5abcc58
Instruction Fuzzy Hash: A54155E1E6F347D9E21C951458901F9659CAA4FB48632A83BD94F374C3913C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 0040687C, Relevance: 1.5, APIs: 1, Instructions: 268memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 65ff26f5dabdff6c29e4ee424fa1ee8338d38a163830f996b1ab4ca9d130e45f
Instruction ID: a561ee2c2092de59e10c86adb8cd58e948a2488c63f7ba0864a04ed74284be22
Opcode Fuzzy Hash: 65ff26f5dabdff6c29e4ee424fa1ee8338d38a163830f996b1ab4ca9d130e45f
Instruction Fuzzy Hash: 324130E1E6F353D9E26C951058900F8255CAA4FB08532A83BDA4F374C3513C3223BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 00406B97, Relevance: 1.5, APIs: 1, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ba3772beacbeeebd3d89e4aeb11572a39f5dc1998c55198ffa6c2c67aead4181
Instruction ID: 3a05cfea31ed3674a2ee91d3ecc19c326325d7003a3f310d0de21621dcb93386
Opcode Fuzzy Hash: ba3772beacbeeebd3d89e4aeb11572a39f5dc1998c55198ffa6c2c67aead4181
Instruction Fuzzy Hash: CD3111D1E6F343D9E66C941058900F8211CAA4FB48532A97BDA4F375C3553C3623B6AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406A23, Relevance: 1.5, APIs: 1, Instructions: 266memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a59eec09dd1af9432661862529942fbbd0619aa6479f570fcef470e0f86fc950
Instruction ID: 6ad8f71688ed5013be20ecb51ce8ffd04c92a395c7798094b9c366ae33632190
Opcode Fuzzy Hash: a59eec09dd1af9432661862529942fbbd0619aa6479f570fcef470e0f86fc950
Instruction Fuzzy Hash: AB4122E1E6F357D9E25C941048900F8615CAA4FB48532A87BDA4F371C3553C3623B6AF

Uniqueness

Uniqueness Score: -1.00%

Function 004066DE, Relevance: 1.5, APIs: 1, Instructions: 260memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b953d821d4791429ca105df7e2b2f2862cf40e52058f6539e4b1c0bd9e8be9c6
Instruction ID: 19e14443ed2edc3e4336c1974aa8ad5e5c4f6673d43412e106cd59d3f78a5c51
Opcode Fuzzy Hash: b953d821d4791429ca105df7e2b2f2862cf40e52058f6539e4b1c0bd9e8be9c6
Instruction Fuzzy Hash: 194134E1E6F347D9E25CA51048901F8615CAA4FB48632B93B994F374C3953C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 00406C09, Relevance: 1.5, APIs: 1, Instructions: 254
memoryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00406C09(void* __eax, void* __edx) {

				L0:
				while(1) {
					asm("out 0x2, eax");
					__dh = __dh +  *((intOrPtr*)(__ebp - 5));
				}
				return __eax;
			}

0x00406c09
0x00406c09
0x00406c09
0x00406c0a
0x00406c0a
0x00406bf1

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 44e186cb7606a63d8f8113b6141ca332879f694e1670f45491ad7d297bf08a87
Instruction ID: 618c22aefe51ae5dd22c6848e5cc06a58617071bc340e44507fbdd8b5ded6109
Opcode Fuzzy Hash: 44e186cb7606a63d8f8113b6141ca332879f694e1670f45491ad7d297bf08a87
Instruction Fuzzy Hash: FD3142D1E6F243D9E66C941058900F8211DAA4FB48632A87BDA4F375C3553C3623BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 00406834, Relevance: 1.5, APIs: 1, Instructions: 251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6b1e694c7121256261a01f005e977312eeb78cda68c57051c23cf6ba235c1a7f
Instruction ID: e29650bcd3bba32260703be582beb179080769925e2abb4b59954cf4452e0289
Opcode Fuzzy Hash: 6b1e694c7121256261a01f005e977312eeb78cda68c57051c23cf6ba235c1a7f
Instruction Fuzzy Hash: C44131D1E6F347D9E65C951048900F8655CAA0FB48632A87B9A4F374C3503C3623BA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00406CEB, Relevance: 1.5, APIs: 1, Instructions: 243memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 37c4455a5476b4435ea0881aa317d59e9a717f9f00d7e67ca88ccdae55629e33
Instruction ID: 4a6e675afeafd265a6bd1af4aa89731d3eb7aba8c24be19213c443dda8a0f184
Opcode Fuzzy Hash: 37c4455a5476b4435ea0881aa317d59e9a717f9f00d7e67ca88ccdae55629e33
Instruction Fuzzy Hash: 133178D1E6F343D9D66C991458900F8211CAA0FB58631A97BC50F3B5C36A3C3613B99F

Uniqueness

Uniqueness Score: -1.00%

Function 00406919, Relevance: 1.5, APIs: 1, Instructions: 241memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 207e362325efb8a9f3e44e78e9815fce72661a93c99a412b704dbffb7d3e0ff4
Instruction ID: 4b5bc4004ab07970599c36a55159d76729281c48888fffdc0d8ea1244dd31328
Opcode Fuzzy Hash: 207e362325efb8a9f3e44e78e9815fce72661a93c99a412b704dbffb7d3e0ff4
Instruction Fuzzy Hash: F94142D1EAF353D9E66C951048901F8615CAA4FB48632A87BDA4F374C3553C3223BA9F

Uniqueness

Uniqueness Score: -1.00%

Function 00406987, Relevance: 1.5, APIs: 1, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 48ddb2e7daba0452ce2ba3101988605d746426975b15b0054baeb4e80e1acdd4
Instruction ID: 8f6954721d66469a9e18006b82f5a37d401ad64d99c38596a39e82a548c7045c
Opcode Fuzzy Hash: 48ddb2e7daba0452ce2ba3101988605d746426975b15b0054baeb4e80e1acdd4
Instruction Fuzzy Hash: FA4132D1E6F343D9E25C941058901F8215CAA4FB48532A87BDA4F374C3553C3623BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 004068B2, Relevance: 1.5, APIs: 1, Instructions: 232memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ffc61537adf24e87273dc00d7a0b7f78ca490650de62cad9963ddc631dbb916a
Instruction ID: 650317beee29ca09500ed733a070731d9821e79ff4acf8126e8d0d98e901583f
Opcode Fuzzy Hash: ffc61537adf24e87273dc00d7a0b7f78ca490650de62cad9963ddc631dbb916a
Instruction Fuzzy Hash: 524120E1E6F353D9E26C951058900F8615CAA4FB48532A83BD94F374C3513C3623BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 0040686E, Relevance: 1.5, APIs: 1, Instructions: 229memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bb556fe5bd472ab81b76ae8ceef87793e27f5fed1b4b05fedcdef1ad42a7cca7
Instruction ID: 7844cae1d4523805a8e79921ceb59447fdc021f8cc1328ee04b23b2fdefcf3b3
Opcode Fuzzy Hash: bb556fe5bd472ab81b76ae8ceef87793e27f5fed1b4b05fedcdef1ad42a7cca7
Instruction Fuzzy Hash: D04132E1E6F343D9E25C991048901F8655CAA4FB48232A977D94F374C3553C3223BA5F

Uniqueness

Uniqueness Score: -1.00%

Function 004069C5, Relevance: 1.5, APIs: 1, Instructions: 223memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 70faa9587c390ef0429ad12b2660700c05e7c642153d75ca29d4ed794c48f5c6
Instruction ID: a13f377f39176695009dc706b759363fc7826afd38022d1a79e7f9efdd63e137
Opcode Fuzzy Hash: 70faa9587c390ef0429ad12b2660700c05e7c642153d75ca29d4ed794c48f5c6
Instruction Fuzzy Hash: 4C4131D1E6F353D9E2AC941048901F8215CAA4FB48532A83BDA4F370C3553C3623BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 00406926, Relevance: 1.5, APIs: 1, Instructions: 222memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 83027749090a6f477aeaecdac9034c3a34036ff282a3c5ebacefdfcfa29fa41c
Instruction ID: 581d2d9ef3881cfe5c5585980841702d8fdebf5f71b7685dbc2c5a1366180c54
Opcode Fuzzy Hash: 83027749090a6f477aeaecdac9034c3a34036ff282a3c5ebacefdfcfa29fa41c
Instruction Fuzzy Hash: 1C412FD1E6F253D9E26C951048901F8615CEA4FB48632A87B9A4F374C3553C3623BAAF

Uniqueness

Uniqueness Score: -1.00%

Function 00406B4A, Relevance: 1.5, APIs: 1, Instructions: 209memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D58

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c9e98163cf0c75c3fc57b267718e7e6433b204fb91d23921e26434c871047f3b
Instruction ID: 7ddeed2a37da276d460a1e06e6aa071249f396bb5b2c9fdda92fd0fc1a24e880
Opcode Fuzzy Hash: c9e98163cf0c75c3fc57b267718e7e6433b204fb91d23921e26434c871047f3b
Instruction Fuzzy Hash: CA3131D1E6F347D9E66C981098901F8211CAA4FB48132A97BDA4F375C3553C3223B6AF

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00731F1A, Relevance: 2.0, Strings: 1, Instructions: 773COMMON

Download Yara Rule

Strings

^lJ, xrefs: 00732728

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID: ^lJ
API String ID: 0-1528692970
Opcode ID: 2e79a23d4fbbc82d902fdd072cf5a9766dd562337716bf8f5fe8d6bc2bb768dd
Instruction ID: 1456c8bcb178a4ed10d350ce694fae15fa4a7d300082c4a4bb8c525dccb822ce
Opcode Fuzzy Hash: 2e79a23d4fbbc82d902fdd072cf5a9766dd562337716bf8f5fe8d6bc2bb768dd
Instruction Fuzzy Hash: 77425A71740306EFFB249E28CC95BE973A1BF14750F648229FD9997283D77D98828B90

Uniqueness

Uniqueness Score: -1.00%

Function 007325A2, Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

^lJ, xrefs: 00732728

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID: ^lJ
API String ID: 0-1528692970
Opcode ID: 3c8fcfccde45c6729e102d9a1f656b1f836b6183a0b9a897019d09e382a4cba2
Instruction ID: 09cb0774c16ed1a939474aa9de283e20788a5658726628ee6d7600fe3e9ec192
Opcode Fuzzy Hash: 3c8fcfccde45c6729e102d9a1f656b1f836b6183a0b9a897019d09e382a4cba2
Instruction Fuzzy Hash: 41311871704312DFFB68AA28CC95BE633A4BF14750F144229EC9AD3253DB2ED8469B50

Uniqueness

Uniqueness Score: -1.00%

Function 00732698, Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

^lJ, xrefs: 00732728

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID: ^lJ
API String ID: 0-1528692970
Opcode ID: 60c03170da5eafe8f8bfbdd2400bb6d222a888ddac4e95bc7a46ce802a6a9bb5
Instruction ID: e5ff250708d3a37a96f3281f33ed8a2235f28cd89cf0607ca19529397446ddf0
Opcode Fuzzy Hash: 60c03170da5eafe8f8bfbdd2400bb6d222a888ddac4e95bc7a46ce802a6a9bb5
Instruction Fuzzy Hash: A721BA73245305EFE724FE68DC997DBF3A5FF04320F214126E964C7A52DB2AA8119710

Uniqueness

Uniqueness Score: -1.00%

Function 00736ECD, Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

f, xrefs: 00736ED8

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID: f
API String ID: 0-1993550816
Opcode ID: cbe07339c79da10259cd225b7093b082b40149d887ba925400c76f0d11c2a6d6
Instruction ID: ec52b6b3006e5357c6bc090e7c0cd38fa6e5796dd9f882263021622b622ac4fd
Opcode Fuzzy Hash: cbe07339c79da10259cd225b7093b082b40149d887ba925400c76f0d11c2a6d6
Instruction Fuzzy Hash: BC117932449344EFD721EFB0E0D928BFB62FF19320F268097C2500BE16EB2A2560DB05

Uniqueness

Uniqueness Score: -1.00%

Function 00737C7A, Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b284eb56ef4cec9ba60e962001be5c459c55e3b52dc5f6b371541a1895fa17
Instruction ID: abcb28a92987498b1b2918b6f808806f5341479d9765c9cdf327441061536400
Opcode Fuzzy Hash: d1b284eb56ef4cec9ba60e962001be5c459c55e3b52dc5f6b371541a1895fa17
Instruction Fuzzy Hash: 00E130B1244309EEFB356E20CC89BEA7362FF04354F65422AFE459A1D2C77D9885E742

Uniqueness

Uniqueness Score: -1.00%

Function 0073534F, Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888a2e95cd37a472344ca3edb89d6f6531bc1e3be662b32a4cb0fb5e1c8d26fb
Instruction ID: d153f4801138fd910a1a8ae6f6eed871ba485ec6e76cc16568f1dc7a07f006e3
Opcode Fuzzy Hash: 888a2e95cd37a472344ca3edb89d6f6531bc1e3be662b32a4cb0fb5e1c8d26fb
Instruction Fuzzy Hash: E3C153B0344349EFFF351E24CC86BF93662AF15380F604229FE859A183D7BE89859751

Uniqueness

Uniqueness Score: -1.00%

Function 00731F61, Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a6bd673d33655eaedbe2145ef24bc4a498c77cff35c32a5d8338dc7bb291ce
Instruction ID: c782003c13b3c32d8d16d96b555ec9ee4a9cdfb64abc2555264584a2fa295935
Opcode Fuzzy Hash: 67a6bd673d33655eaedbe2145ef24bc4a498c77cff35c32a5d8338dc7bb291ce
Instruction Fuzzy Hash: 13B11872740707EFF7149E68CC94BE6B3A1FF08720F948229DD9983642D739A852CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00731F35, Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26e4a344f03214af0e75f1a85503dcc3df60d7afd8dbe2fc2ffbebe0643cabcd
Instruction ID: 5fd952b331e7abab42278f9b28b7e79a85754f78f123c1384fbdf5602f032377
Opcode Fuzzy Hash: 26e4a344f03214af0e75f1a85503dcc3df60d7afd8dbe2fc2ffbebe0643cabcd
Instruction Fuzzy Hash: 68A10772740707EFF7149E28CC95BE5B3A1FF18710FA48229DD9983642D739A8928B80

Uniqueness

Uniqueness Score: -1.00%

Function 00732E4E, Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f490c4040fa28e0673da0560001d4b20b8e3f79c4d98a4d8d0dc1ba87071a7db
Instruction ID: b9972ed93fcbe5898e9957bef56f79c279834866783b9ff98b44f4ed794b94fc
Opcode Fuzzy Hash: f490c4040fa28e0673da0560001d4b20b8e3f79c4d98a4d8d0dc1ba87071a7db
Instruction Fuzzy Hash: ACA104B1240349EFFB316F20CC89BEAB762FF04344F654226EE845B192D7BE99959740

Uniqueness

Uniqueness Score: -1.00%

Function 00732EC0, Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd341a9bde3d01ce7bb82333dc868fbdd1c1eb63253e969f82f9898d8f55ac29
Instruction ID: e0ea9d0f99836ca1352c1166148d7f3b27793d60fc96f062acf115243f03802f
Opcode Fuzzy Hash: cd341a9bde3d01ce7bb82333dc868fbdd1c1eb63253e969f82f9898d8f55ac29
Instruction Fuzzy Hash: BF9102B1240349EFFB316F20DC89BEA7762EF14344F614226FE849A192D7BE9994D740

Uniqueness

Uniqueness Score: -1.00%

Function 00737131, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 300cbebb28605153b695764285f52bb202a368329ba9927161bc84d1db908ced
Instruction ID: e9db0390ba4e42aacda68a5b67b8cc1702a098f8d5565a06d7968f69b2f21e52
Opcode Fuzzy Hash: 300cbebb28605153b695764285f52bb202a368329ba9927161bc84d1db908ced
Instruction Fuzzy Hash: B0A1DCB0A0C782CFFB39CE2884D5765B7D19F62320F5482A9D9968B2D7D3388842C712

Uniqueness

Uniqueness Score: -1.00%

Function 0073201E, Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8e79ef54225bd66017269406d03d7eb5f272f4c0a404984bcbe2530babd3ce
Instruction ID: a17449530fb0872eed3cc06ee693cf1fe53523fa6ff09c2a28e2bc1e8b19ef49
Opcode Fuzzy Hash: ba8e79ef54225bd66017269406d03d7eb5f272f4c0a404984bcbe2530babd3ce
Instruction Fuzzy Hash: 1E910972744703EFF714DE68CC95BD6B3A1FF14720FA48229DDA583642D729A892CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00732F1B, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a0f65893c2ba93578b7f43f0eeea25ab829123c91f5d2d3eceaf6875a7cf68d
Instruction ID: 6252178dc5b1c8908ec5c4213e26822915ac8a5ee33b8d69a3760466877573ed
Opcode Fuzzy Hash: 2a0f65893c2ba93578b7f43f0eeea25ab829123c91f5d2d3eceaf6875a7cf68d
Instruction Fuzzy Hash: 86910571240349EFFB316F20CC897E9B762FF14344F554226EE845B192D77E99949740

Uniqueness

Uniqueness Score: -1.00%

Function 0073211B, Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bea4b850d48e40262e8201d84bde45757ca7e4b67c843c9d2874c55d40cb5be
Instruction ID: 56f9274446e05029dcdc0fc6a8ce9a4f9f74107c41a3fedb7ee419533e72e469
Opcode Fuzzy Hash: 0bea4b850d48e40262e8201d84bde45757ca7e4b67c843c9d2874c55d40cb5be
Instruction Fuzzy Hash: 9B612B72240702EFFB19AE28CC95BE6B3A1BF14320F644229DD9583543D72DAC93CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00732173, Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da2c561e6d3712a9ec81ab3af06c47f80efe4b2160dd066ccefc340874bddc1
Instruction ID: e6b95fea07a0689dd9ac3245d9aa8d499e641ee738872707408b95fbaf188b07
Opcode Fuzzy Hash: 4da2c561e6d3712a9ec81ab3af06c47f80efe4b2160dd066ccefc340874bddc1
Instruction Fuzzy Hash: 97513F72240702EFF725EE68CC95BE6B3A1FF15720F644229DD6583543D72DA852CB50

Uniqueness

Uniqueness Score: -1.00%

Function 007330C2, Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a59528aa9f60b7c99230bd0908da1da482ea4bd153f9bf88165e22bb90b8771b
Instruction ID: 9946d102ac63a30ea6d89ad9df6151bfa3bc968c8eb6e85f68bf84bc1cef3294
Opcode Fuzzy Hash: a59528aa9f60b7c99230bd0908da1da482ea4bd153f9bf88165e22bb90b8771b
Instruction Fuzzy Hash: 8161D371244348EFFB31AE10DC89BEA7712EF14350F654126FE859A192D7BE5A949B00

Uniqueness

Uniqueness Score: -1.00%

Function 007321A8, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1681a7876c566f44bd287cad7d73fc284bc2a0f11bdacb52eb2486f9ad5cc6bb
Instruction ID: 1f37742f60778dd66b188ce2696f6d93230d01286be4149b104b46ff41eda35c
Opcode Fuzzy Hash: 1681a7876c566f44bd287cad7d73fc284bc2a0f11bdacb52eb2486f9ad5cc6bb
Instruction Fuzzy Hash: F1511D72240702EFFB29EE68CC85BD6B3A1FF15720F644229DD6583543D76DA852CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00737133, Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0fdaec3a30f0274dc61cf348576627475ff7ab75de8bb3b59b003c7da814d1d
Instruction ID: 0ce35620af1f96aec60ed56a4c5024ad3d2f51574112593ef045d7cea46c8378
Opcode Fuzzy Hash: e0fdaec3a30f0274dc61cf348576627475ff7ab75de8bb3b59b003c7da814d1d
Instruction Fuzzy Hash: 5261F9B1608382CFEB39DF28C4D4756BBA1AF16320F14C29AD9958F2E7D7399841D712

Uniqueness

Uniqueness Score: -1.00%

Function 007371AE, Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4321e13de80e4988bcd2500b980f15d58db6aa5c7e02f05ee890433b394de31c
Instruction ID: 27d68aca9024ac2714b1d8a55f49a0b1e8bd04d4bfe02752effe3fe49a9f2c7e
Opcode Fuzzy Hash: 4321e13de80e4988bcd2500b980f15d58db6aa5c7e02f05ee890433b394de31c
Instruction Fuzzy Hash: 3851D9B150C382CFEB39DE288494756BBD1AF12320F14C2D9C9558F6E7D7699841D712

Uniqueness

Uniqueness Score: -1.00%

Function 007352F1, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3975297873861102ef858242c0f42c6b8219950559f4a91627238e913e70dc
Instruction ID: 412be06f578f92fb3b4d9a572a31e9c08711cea00e6b1fa4589d12a5967754ba
Opcode Fuzzy Hash: bd3975297873861102ef858242c0f42c6b8219950559f4a91627238e913e70dc
Instruction Fuzzy Hash: B041A573089608EFD720FEA094CD19BF763FF19320F628097C6614BE11EB6E7961A601

Uniqueness

Uniqueness Score: -1.00%

Function 00732274, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30fc268de6319b298f203826cc866f5f5e26f25c6dcc6d0cd62a1019a0630be
Instruction ID: 30b9e9f75fff9ffdb6db04e75da99b747a13d82b8c858546d9c586a3bb12c391
Opcode Fuzzy Hash: a30fc268de6319b298f203826cc866f5f5e26f25c6dcc6d0cd62a1019a0630be
Instruction Fuzzy Hash: AB51EA72240702EFF729EF68D8857D6F3A1FF08320F644225D96583652D76DA852DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00737C70, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beeeea287b002db6e6414a806d2b21ae3df151a591d372e81d51693173c40340
Instruction ID: 568085f2565c2af02912d44243661f84fd62162863e5a272b424f3b9c8918a60
Opcode Fuzzy Hash: beeeea287b002db6e6414a806d2b21ae3df151a591d372e81d51693173c40340
Instruction Fuzzy Hash: 204155B164C706CEFFB89924C9947B622A1FF55320F74416AEC5286197CB3C88C5EA53

Uniqueness

Uniqueness Score: -1.00%

Function 00737206, Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b4c45d2568ce3efa42f4c40982849cc91108c1aa32987522a50be703e9ffbac
Instruction ID: 76536ab1bb427e6fb5e819782f5ad29eb7ac08747adeb5f8d06e528480adeb06
Opcode Fuzzy Hash: 7b4c45d2568ce3efa42f4c40982849cc91108c1aa32987522a50be703e9ffbac
Instruction Fuzzy Hash: 4251FAA150C382DEEB39DF388488756FB91AF22330F24C2DAC9A58F6E7D3695441D312

Uniqueness

Uniqueness Score: -1.00%

Function 00737CD3, Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 102261f01fc634d553ca8f55b54851bfa8aaaaaa957c3602538b311e8dd59030
Instruction ID: c9f4bf88d0de191c7830102a0d70277635b8d5e6533e8d240cb4a51bbde4e62c
Opcode Fuzzy Hash: 102261f01fc634d553ca8f55b54851bfa8aaaaaa957c3602538b311e8dd59030
Instruction Fuzzy Hash: 4041157224D705DEFB78AE64C8983A6B362FF05320F754157E92287592DB3D5881EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00735941, Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d615f84f26f71133066797676b13b347af496cb27203dc8e88543dc5b5d3e3af
Instruction ID: 0a83af91c6aca50983e73db8d3b656026b7a8bd600f4e9d559c38ea1a1956e4f
Opcode Fuzzy Hash: d615f84f26f71133066797676b13b347af496cb27203dc8e88543dc5b5d3e3af
Instruction Fuzzy Hash: 7341247314E605EFE720FEA0918D5ABF762FF09360F728047D6610BD12EB6E3950AA11

Uniqueness

Uniqueness Score: -1.00%

Function 00737D10, Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae630fc685abd2293ac46558810692edff7f831211f1a8bdc2c82f419b5a8a4d
Instruction ID: e9276182f235671f758d5c11726089b28f1e0c043c5aaa7d56521e3a04791747
Opcode Fuzzy Hash: ae630fc685abd2293ac46558810692edff7f831211f1a8bdc2c82f419b5a8a4d
Instruction Fuzzy Hash: 4241283264D705DEFB78AE64C8983A6B361FF15320F754157E92287592DB3D9C80EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00737260, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c293f0a8b6ef0d0a138182b7b0b8087e8b460e09dd71ea091de003e095f29caf
Instruction ID: 2af953029ea5e130f91e949c3e9ac3ee2e9cddf9f6ff119cb5e2c3d029b30dbc
Opcode Fuzzy Hash: c293f0a8b6ef0d0a138182b7b0b8087e8b460e09dd71ea091de003e095f29caf
Instruction Fuzzy Hash: 2141C7A154C382DEEB35DE388488756FB91AF22330F28C3D6C9A54F2E7D7695842D712

Uniqueness

Uniqueness Score: -1.00%

Function 0073284A, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7213c639cf5347cb439a68349add643fec9a09e6b4617b87887bdeda8eddbaf2
Instruction ID: 0083a4b3291ae9316135e9c6b7f4fada4eeec7c0a4daeb7075578ccb2ab62cc0
Opcode Fuzzy Hash: 7213c639cf5347cb439a68349add643fec9a09e6b4617b87887bdeda8eddbaf2
Instruction Fuzzy Hash: 584122B0244301EFFB346A24895DBE973A2BF01754F608219FD869B0D7D77DC982CA22

Uniqueness

Uniqueness Score: -1.00%

Function 0073808A, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab1045c146bb7180d15fa2ebc075404a0a738da19b5cc7ede639eca65a2591a5
Instruction ID: c9c6a9d65be9abaa8a9dbc71605cf2cbd623eab8a8f7eea1bd040b974e30df57
Opcode Fuzzy Hash: ab1045c146bb7180d15fa2ebc075404a0a738da19b5cc7ede639eca65a2591a5
Instruction Fuzzy Hash: 6541883358A709DFD765FEA0948C197F322FF09330F668187D6214BD61EB3A3954AA01

Uniqueness

Uniqueness Score: -1.00%

Function 00737D48, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccad62a6a12a336481e0c24f86876feeb7adbac06d7725f25bd7b4cc51e40a49
Instruction ID: 964f2b37045254d74c7e54eaa46febd18834d0fd029a8573b241a04935c6c247
Opcode Fuzzy Hash: ccad62a6a12a336481e0c24f86876feeb7adbac06d7725f25bd7b4cc51e40a49
Instruction Fuzzy Hash: C441173224D705DEFB78AE64C8983A6B361FF05320F754157E92287592DB3D9C80EA43

Uniqueness

Uniqueness Score: -1.00%

Function 00737D77, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f69f80f1184a59fda110c4ec14376eb5885381f864d17fb6bb8907e1cb96d2
Instruction ID: 3786048326571e6a19891211d90abf3aa84ee0a4b8724f125adc4e82dd3c3fa8
Opcode Fuzzy Hash: 86f69f80f1184a59fda110c4ec14376eb5885381f864d17fb6bb8907e1cb96d2
Instruction Fuzzy Hash: 0F41F632649705DEFB78AE24C8983A6B361FF05320F754157E922875A2DB3D9C81EA43

Uniqueness

Uniqueness Score: -1.00%

Function 00737DAB, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6df4624e40e30a30314ec677cf1c9a0e11e3661a5bb1466bcd9486eca2fa30
Instruction ID: 884de6ffc300638923553ea031322c74b9d4ce5be7d2a2f3aa858ff3477bcfae
Opcode Fuzzy Hash: 8b6df4624e40e30a30314ec677cf1c9a0e11e3661a5bb1466bcd9486eca2fa30
Instruction Fuzzy Hash: 08410532289705DFFB78AE24C8483A6B361FF05320F754157E921875A2DB3D9C80EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00737DDC, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fbf05d7c4bd0176454ddfb8eb738c4636af52a46abfbb96bdf8a15b178278da
Instruction ID: 23ce0fb92b12d9d83f2b0991726cf1350b858c2b649c74a054998e1d8be3c63e
Opcode Fuzzy Hash: 3fbf05d7c4bd0176454ddfb8eb738c4636af52a46abfbb96bdf8a15b178278da
Instruction Fuzzy Hash: 2E41D531249705DFFB78AE64C8583A6B361FF05320F754157E921875A2DB3D9C81EA43

Uniqueness

Uniqueness Score: -1.00%

Function 0073280D, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c14ee8d564196ee11b6572985132f2d317a63d55c46066c707233bcf9f94f5
Instruction ID: 81676ae8b5dd76231091a274d818fb5773d898bb66bed47a3d60d91242ad7493
Opcode Fuzzy Hash: 41c14ee8d564196ee11b6572985132f2d317a63d55c46066c707233bcf9f94f5
Instruction Fuzzy Hash: 15412531149344EFF731AF20894CBD6B722FF01720F61814AEE055F9E3D72AA941DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00737E10, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14eb366fa809056bd45487a2350bc145b967b4d365a61c4392947674c2afc1aa
Instruction ID: 5469a56d8a360c12c12d32f2d9c3bf482d0fda8b6f6a01445c16ddb99b1b0659
Opcode Fuzzy Hash: 14eb366fa809056bd45487a2350bc145b967b4d365a61c4392947674c2afc1aa
Instruction Fuzzy Hash: 7941B132289705DEFB78AE64C8583A6B361FF15320F754157E922875A2DB3D9881EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00733293, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f67b54952cfd256db9b89a9fea54038e5d5cf9c448d1d28c0585f688c3d6002
Instruction ID: 44d57c5cba78e0486af95742e74475ff69c6ea102f08ffc96c81b67b4aa70230
Opcode Fuzzy Hash: 3f67b54952cfd256db9b89a9fea54038e5d5cf9c448d1d28c0585f688c3d6002
Instruction Fuzzy Hash: E641C471240348EFFB31AF20DCC97DAB362FF14350F654226EE5446592DB7E69949B00

Uniqueness

Uniqueness Score: -1.00%

Function 007358C6, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1082869bd718e1658bbd00c9e24f6aab9389f9235ac7e6bb3aa2b1c002e6a5a
Instruction ID: 257c74e298e548a2d24f1be432fc00cbaf565622d53c5a6569fc4d3c308c20e4
Opcode Fuzzy Hash: d1082869bd718e1658bbd00c9e24f6aab9389f9235ac7e6bb3aa2b1c002e6a5a
Instruction Fuzzy Hash: 4431B17310DA06EFF720BAA091897BBF366EF05320F71804AD5534B913E76D7940BA21

Uniqueness

Uniqueness Score: -1.00%

Function 00737E3E, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b4aebab6224be9acabcfab4885d6515e11d044d88d62536c633eda0b72fb88
Instruction ID: b30ba855dd350292482b8c364d46589ecfee713d71ea3ebda7b5a2e6b94fe33e
Opcode Fuzzy Hash: b9b4aebab6224be9acabcfab4885d6515e11d044d88d62536c633eda0b72fb88
Instruction Fuzzy Hash: FE31E532249705DEFB78EE64C8583A7B361FF05320F754157E921875A2DB3DA881EA03

Uniqueness

Uniqueness Score: -1.00%

Function 007327D3, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa0ffa1d10d0244ed4973d7b53316085b82ec842567ba98f419394a251fd101
Instruction ID: b7e15cb7be9b6e286e58b00180c82eab2238b7681f339c7557fd3a46c3d74d25
Opcode Fuzzy Hash: 8aa0ffa1d10d0244ed4973d7b53316085b82ec842567ba98f419394a251fd101
Instruction Fuzzy Hash: DD414470244301EFF7356B24C99ABD573A2BF02B50F608219FE469B0D3D76DD882CA22

Uniqueness

Uniqueness Score: -1.00%

Function 007372D6, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4deecf5dc42d61353493e0e37d443d0b4086d2512a51b6acc0562fdb21ed432
Instruction ID: 70d99b85e32ee6ce5ff71ec491af5846b2845c4b6ceb0ddcab18a037ecb22559
Opcode Fuzzy Hash: c4deecf5dc42d61353493e0e37d443d0b4086d2512a51b6acc0562fdb21ed432
Instruction Fuzzy Hash: 4631E9B154C382DEEB39DE7494D4366FB91EF12330F24C29ACDA24E5D7D3295841D612

Uniqueness

Uniqueness Score: -1.00%

Function 00735908, Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 179d77646aae26b2d3254855daa3eed7c18e3be3b074c126a1fa9816e9f1a4d5
Instruction ID: 27db94360d3c1cc1e578a9abcfe48e7481bd1f4398c14fd32d6fa78f0de27c46
Opcode Fuzzy Hash: 179d77646aae26b2d3254855daa3eed7c18e3be3b074c126a1fa9816e9f1a4d5
Instruction Fuzzy Hash: BB319E7310DA06EFF720BAA091896BBF766EF05320F61804AD6530B913E76D6940BA21

Uniqueness

Uniqueness Score: -1.00%

Function 00732352, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bd5a7c0d5b1668b32c2636c1adf7e055e1acbd2bfa271f860b3e7277ecff3e2
Instruction ID: ffc6843f903631801fed54d7071d0f2c5fcd7fcf3552900f4568de2776b0c83d
Opcode Fuzzy Hash: 3bd5a7c0d5b1668b32c2636c1adf7e055e1acbd2bfa271f860b3e7277ecff3e2
Instruction Fuzzy Hash: 7E31FB32244702EFF724EF68D8847D6F3A1FF09320F654266C92087A12D7297952DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00732865, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455473826dc142d393e365d2b4dcc6c4d527b4e9538d70a02222e1582c0a3f36
Instruction ID: 3a9f0a9ce54b6609fe37afc1c386918ffabea00a7da224efb4a2d49ccb36def6
Opcode Fuzzy Hash: 455473826dc142d393e365d2b4dcc6c4d527b4e9538d70a02222e1582c0a3f36
Instruction Fuzzy Hash: 2B312372289304EFF730AF20994DBDAF362FF05720F618146EE155B8E3D76AA941DA11

Uniqueness

Uniqueness Score: -1.00%

Function 007380C5, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55387b406e81efc8d1fd6cb690301784b1cdf1f4421360130b7d7d70597c1897
Instruction ID: 26d73b637b644672fb8eb2488ece56901c90a113de3a816744255fdb33b692c5
Opcode Fuzzy Hash: 55387b406e81efc8d1fd6cb690301784b1cdf1f4421360130b7d7d70597c1897
Instruction Fuzzy Hash: D931883358A319DFD761FEB4949C19BF322FF09330F668187D6214BD21EB2A3950AA01

Uniqueness

Uniqueness Score: -1.00%

Function 00737045, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e934e9babfef11b2ff5dc7ad4b56344f96c9909321f9469713488484045e9b65
Instruction ID: 5b65836dbd946fcfd369f1114b3950cffbecf3877db257833bb3e5e5dae953f5
Opcode Fuzzy Hash: e934e9babfef11b2ff5dc7ad4b56344f96c9909321f9469713488484045e9b65
Instruction Fuzzy Hash: 3F31C373559248DFC721FEB1A08C58BF762FF44230B668587C2644BD61EB267561DF01

Uniqueness

Uniqueness Score: -1.00%

Function 00737EE7, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de8bfd4f021ad5e6d1c13cde55de6701932f3ad8a6a3101ee6def50956f7a39
Instruction ID: 897abf162a6220f86916e53abf4e87fec96693a0bdeaa4b4ae5aeda28fd3f3b5
Opcode Fuzzy Hash: 7de8bfd4f021ad5e6d1c13cde55de6701932f3ad8a6a3101ee6def50956f7a39
Instruction Fuzzy Hash: 9E31AF32589709DEFB78AE64C88C3A7B361FF05320F754157E921479A2DB3D6884EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00735A4D, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68120fa3f1d19c67c0ce21804b1e8c5f4ad0424adf68b1f018e02d3edf71d817
Instruction ID: b7b0d90f24a093bee687fa6f1ea566e1eccf445aa2aa8e36cbb9864d3d1e4350
Opcode Fuzzy Hash: 68120fa3f1d19c67c0ce21804b1e8c5f4ad0424adf68b1f018e02d3edf71d817
Instruction Fuzzy Hash: E721157314E605EFE620FEA0948D5ABF366FF08360F718057D6510BD12E72E3950AA11

Uniqueness

Uniqueness Score: -1.00%

Function 00733302, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9c7af23060c275afd677f41f839d02b157a25f27217b50002a059ce0e5e4382
Instruction ID: 1fdb2f2ba156c09ba35bbdfff651b2c81ff44d985d307ac252b6b7f73c60275b
Opcode Fuzzy Hash: b9c7af23060c275afd677f41f839d02b157a25f27217b50002a059ce0e5e4382
Instruction Fuzzy Hash: 8431C172244308EFEB35AF20DCC87DAB763FF14350F654216EE5446592DB3AA994DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0073256C, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dcba1bb856d21b0d01632966231cb711aee07cd976136828046e2c7910815e6
Instruction ID: 7c777966487f3bef5e3e50a48fec6d84e89565c8ba959ddbe707c8004273964c
Opcode Fuzzy Hash: 3dcba1bb856d21b0d01632966231cb711aee07cd976136828046e2c7910815e6
Instruction Fuzzy Hash: D531E972644702EFF714EF68D8847D6F3A1FF09320F644266D92187653D729A852DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0073801A, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf2f2810c059c8be272cdd5db6c95bafb2fbe7a6bf814daacb073fd9458eef10
Instruction ID: 5307ea626a2ca8c43c32688a3105676839a6b1fddff7c90465e8c81311d67878
Opcode Fuzzy Hash: bf2f2810c059c8be272cdd5db6c95bafb2fbe7a6bf814daacb073fd9458eef10
Instruction Fuzzy Hash: AF312F3358A309DFE760FEA0A49C297F322FF09330F658157D5214BD61EB3A7954AA02

Uniqueness

Uniqueness Score: -1.00%

Function 007359CE, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d31f54f8efc3240b92d3d35e9de144dc0270c07750942f48d91545223a3bbec7
Instruction ID: 0f41c592df08e0317d4548b4bdd2140f545a4c1bc6ca1aae0996a471562d441a
Opcode Fuzzy Hash: d31f54f8efc3240b92d3d35e9de144dc0270c07750942f48d91545223a3bbec7
Instruction Fuzzy Hash: A021C27310DA06EFF720BEA0918D6BBF766EF09360F71805BD65207913E76D2940B621

Uniqueness

Uniqueness Score: -1.00%

Function 00737F27, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8e0800a7bd83266c75b2ef5e6e950af1789dd2a5f52898fd845a0d3de80b6d7
Instruction ID: 65e2721284d916f3f010f68abf7cbcb2739366e4c8fd94451be4dba245da514e
Opcode Fuzzy Hash: c8e0800a7bd83266c75b2ef5e6e950af1789dd2a5f52898fd845a0d3de80b6d7
Instruction Fuzzy Hash: 0F317E32589709DEEB74AE60889C3A7B361FF05320F654157E921479A6DB396884EA03

Uniqueness

Uniqueness Score: -1.00%

Function 007300EB, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3929dabaf69fda41fb8fdf0e454c9228ef350c105446bc51d1ec537b5151e7b7
Instruction ID: fab86f667d23c09f6e82148278cbfd8fe868cdd04ca39a272ca0b6a2af081ac5
Opcode Fuzzy Hash: 3929dabaf69fda41fb8fdf0e454c9228ef350c105446bc51d1ec537b5151e7b7
Instruction Fuzzy Hash: F631A93308E358EFD221FEB1959C19BF366FF09320F658097C6514BE11EB2A3A10AB41

Uniqueness

Uniqueness Score: -1.00%

Function 007358C4, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63972b3912e8ff8bb179771bceb0910dbe970f92558baa7d763f2f37576d21f
Instruction ID: 6f44cabb348fa74915c6390024ddf4033b1d3d8e980be1c15c8cac664cb4e484
Opcode Fuzzy Hash: c63972b3912e8ff8bb179771bceb0910dbe970f92558baa7d763f2f37576d21f
Instruction Fuzzy Hash: A8218BA260CE03EFF72066548285BFA6795DF15360FB08119E98747007E36CA880B622

Uniqueness

Uniqueness Score: -1.00%

Function 00737321, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2057e9f61b3b6e14fff921608b60e196dcc4b8d2f6e055db2486f5ee15e23e4f
Instruction ID: 8a31dbe1325bfb6266c6aeaab0fd3ae21324013c631426c17cdcdfb007fe7ca4
Opcode Fuzzy Hash: 2057e9f61b3b6e14fff921608b60e196dcc4b8d2f6e055db2486f5ee15e23e4f
Instruction Fuzzy Hash: 6F312BB284C381DFEB39DE3454D8366FB91EF12330F24C296C9A14E6D7D3291402D612

Uniqueness

Uniqueness Score: -1.00%

Function 007313DC, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 285a48396c5786399fca575a0b13fee38f61e778941221799e17afffc969cdc2
Instruction ID: 98cc4cfb0dee151d78beb14e8fab637abfe1398800a96b6640674605010a0b83
Opcode Fuzzy Hash: 285a48396c5786399fca575a0b13fee38f61e778941221799e17afffc969cdc2
Instruction Fuzzy Hash: EA314922549205EFE321BAA48C8C3DBF323BF85334FB98197D45117642E76E7451A605

Uniqueness

Uniqueness Score: -1.00%

Function 00735BF1, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d865a9ed4c297c9890d35f704914a18094fdf0983844c787358c373fb8cb5bff
Instruction ID: 49801991ab1d7c6fc9bbd18eb9899616e159e40837aa12d85302a59949a8a0ba
Opcode Fuzzy Hash: d865a9ed4c297c9890d35f704914a18094fdf0983844c787358c373fb8cb5bff
Instruction Fuzzy Hash: 95213E3304E609EFD320FEB194CD59BF766FF09360B228487D6214BD21EB2A7650AB10

Uniqueness

Uniqueness Score: -1.00%

Function 007354FD, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c21e1b5842f8fcd3725426501f4dd62669db62d78b425c86d8ac23bd67e1c8e
Instruction ID: d8c647ef8dfcd05bca9e7f9463ffc4c4bad49a503e171dde3726b78ff7464a84
Opcode Fuzzy Hash: 8c21e1b5842f8fcd3725426501f4dd62669db62d78b425c86d8ac23bd67e1c8e
Instruction Fuzzy Hash: DB31493308A608EFD721FEB1948D197F763FF09320F668187C2210FE61A76A3561AA11

Uniqueness

Uniqueness Score: -1.00%

Function 00737F5C, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea0692eeb594918df41c428c42e439f9bc1872d8bd9d7631cf1a1ed5d2fd5ad6
Instruction ID: 9e78bf68c98ecc452c753265b95586832a753b9d2eb05216470d251d29ab844e
Opcode Fuzzy Hash: ea0692eeb594918df41c428c42e439f9bc1872d8bd9d7631cf1a1ed5d2fd5ad6
Instruction Fuzzy Hash: 3631BF32589709DEFB74EE60888C3A7B361FF05320F754153E921879A2DB3D6884EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00731A9C, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953dd051940929de508a01d72a28a7634301305f424f0335ce5d1673b1e197c1
Instruction ID: 97072a013e01710ca0248d41be0eb29d852318447b0280aac64e61bba9421d41
Opcode Fuzzy Hash: 953dd051940929de508a01d72a28a7634301305f424f0335ce5d1673b1e197c1
Instruction Fuzzy Hash: E7219F33685305EFF720BE60888D7EBB326FF56760F654052EA150B692E77E69509600

Uniqueness

Uniqueness Score: -1.00%

Function 00736BC6, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19da63f577547febdab29b7b117c081bcfcf2672858fcbb1f0961b4e4e9fd8b2
Instruction ID: f015eef2cf4c3eab0df1c86db0019eff07c1a8e137f120f4fd212271f957de7c
Opcode Fuzzy Hash: 19da63f577547febdab29b7b117c081bcfcf2672858fcbb1f0961b4e4e9fd8b2
Instruction Fuzzy Hash: F721E132645306FFF730AE64988D3D7F762FF05360F658122C9A107A92DB2D7A98D642

Uniqueness

Uniqueness Score: -1.00%

Function 00737F9A, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a5c2d44724232c729f124c73fb6d52d375132917aeba45c0597a0508218009
Instruction ID: baab58032f8d70c97ac56afabb35829c85695b8e876de7bf40638b3d96b79f9e
Opcode Fuzzy Hash: 21a5c2d44724232c729f124c73fb6d52d375132917aeba45c0597a0508218009
Instruction Fuzzy Hash: 94219132589308DEFB74EE60985C397F351FF05320F658147E92147966DB3D6984EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00735A0B, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 537b1d773a933e015f6e20de052ae6c13b1c4a64b248b869a885238547829099
Instruction ID: adb81148899a25737e39ce58fefcb0be7033bcd99af08270a482fc5bf45d2bf1
Opcode Fuzzy Hash: 537b1d773a933e015f6e20de052ae6c13b1c4a64b248b869a885238547829099
Instruction Fuzzy Hash: 3221AE7310DA06EFF720BEA0918D6BBF366EF15360F71805BD6520B913E72D2950B621

Uniqueness

Uniqueness Score: -1.00%

Function 007328D0, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7adecdc7d43e944ee2174389cfca4798149d346268c04bc828c68d9ccfaf8f
Instruction ID: f8eb29a16d83a202489996beed451583313f7449544fb08a08b94e159df9686f
Opcode Fuzzy Hash: 8a7adecdc7d43e944ee2174389cfca4798149d346268c04bc828c68d9ccfaf8f
Instruction Fuzzy Hash: 9521C772185309EFF730BE60998D7DAF322FF04710F618147EE151B8D2A76AAD41DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00733368, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f3de399afdfea8497d24bfd57ae4b5301d1b6eeb662a3b9cd18636af61d5ce
Instruction ID: ecc1d331bde482b1671a5e3f25baefd40a53b77bcfcf040cdabd0776b242ce78
Opcode Fuzzy Hash: 43f3de399afdfea8497d24bfd57ae4b5301d1b6eeb662a3b9cd18636af61d5ce
Instruction Fuzzy Hash: E8319F72244308EFEB31AF60ECC87DAB763FF14350F654126EE5446552DB3EA9A09B00

Uniqueness

Uniqueness Score: -1.00%

Function 0073737A, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1d0b595763aca3ab72986ae294d5518e912747b799f14e5ec6fb85a1c8b9d8
Instruction ID: 163708837cae1c600decd3b52cb9c41828ba4f8a169928963d851bd47f736473
Opcode Fuzzy Hash: 0a1d0b595763aca3ab72986ae294d5518e912747b799f14e5ec6fb85a1c8b9d8
Instruction Fuzzy Hash: 8D21B6B284C346DFEB34EE645498256FB92EF12330F25C2D7C9614E6D7E7292801D611

Uniqueness

Uniqueness Score: -1.00%

Function 00737FD0, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c80ac995b24c4075da4c44a8122ca3084021fbf18951ebd86623a19cc94c4b7
Instruction ID: 0cdbe0617bfc923c2638f865402c23c6b7f30f0c6bd52b4d3e142e4ffc986ff8
Opcode Fuzzy Hash: 9c80ac995b24c4075da4c44a8122ca3084021fbf18951ebd86623a19cc94c4b7
Instruction Fuzzy Hash: 7321E232585308CEFB74EE60889C397B351FF05320F658147E92147966DB3D6884EA03

Uniqueness

Uniqueness Score: -1.00%

Function 00735AE2, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fecc48ae0166aa7a646f2d8d357efa125dcc6bb6185834dfc04d52687b22867
Instruction ID: a2c8052f4fcf1a036eff42b27793a92cf7785b680e08cb40634512fff8d0de50
Opcode Fuzzy Hash: 9fecc48ae0166aa7a646f2d8d357efa125dcc6bb6185834dfc04d52687b22867
Instruction Fuzzy Hash: B821B47300D606EFE720BFA0918D6ABF365FF04360F318057D6524B912FB2D3950AA21

Uniqueness

Uniqueness Score: -1.00%

Function 00736D8A, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ea559370baf408602465ade0c8c3b1bc0a04111213656f7e18a56314ef69b1
Instruction ID: df3c33fa1ed6118ecf55e0a38c3e10f777ce2a9477220e9d18f4d76cade787b1
Opcode Fuzzy Hash: 65ea559370baf408602465ade0c8c3b1bc0a04111213656f7e18a56314ef69b1
Instruction Fuzzy Hash: 34210B3368E305EFEB24BE74948C29BF351FF02330F25C26BD52147992EB29A801D601

Uniqueness

Uniqueness Score: -1.00%

Function 00735AB0, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a6569ed9f5daadf7b7ffac56dcc484fde455305d4b57a3ca4d9682edbd44b0f
Instruction ID: 1d40212ac0c1cef58bc87f5dd8d099115869ab956850e9c30b80a864b4e62d9b
Opcode Fuzzy Hash: 8a6569ed9f5daadf7b7ffac56dcc484fde455305d4b57a3ca4d9682edbd44b0f
Instruction Fuzzy Hash: 9211827314DA0AEFF720BAA0918D6BBF356EF08360F718057D6520B913F76D3950AA21

Uniqueness

Uniqueness Score: -1.00%

Function 007373CA, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb23999ff571ef1b14f5fe8e7ab026e3c06effc65dffcede371a59fc7d2c6037
Instruction ID: 2ee4239a6851dbe65e373da7b9606dfc1856550b8f0946d679769da0ebb11eaa
Opcode Fuzzy Hash: cb23999ff571ef1b14f5fe8e7ab026e3c06effc65dffcede371a59fc7d2c6037
Instruction Fuzzy Hash: CF21C4B294C382DFEB38EE649488266FB91EF11330F25C297C9610E997D7296841D611

Uniqueness

Uniqueness Score: -1.00%

Function 00731DF8, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0968fa0f92baaae0393c1171d9467ba00ca57d85a79da7a644b35a45f2d0514b
Instruction ID: 9d4841fd7996ce328ce399f1a401fbdb3d7b67c170a068eba6ad33c188ef8471
Opcode Fuzzy Hash: 0968fa0f92baaae0393c1171d9467ba00ca57d85a79da7a644b35a45f2d0514b
Instruction Fuzzy Hash: 59118132185309EFF730BE90984C7DBF316EF45320FA18453EA504B991D76E6950A611

Uniqueness

Uniqueness Score: -1.00%

Function 007353FC, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bb74ff91368f28a492b81d3e931bae9baca0f877af3042f64121c3c16b66a7
Instruction ID: 4c03d48fc46218bb1e88db4673da3f4fda9bebc81b67a1738d54133e4a10fdb3
Opcode Fuzzy Hash: 84bb74ff91368f28a492b81d3e931bae9baca0f877af3042f64121c3c16b66a7
Instruction Fuzzy Hash: 9111E67304D709DFE720BE9494C92ABF363EF19320F604097C6124BA12E72D7960A601

Uniqueness

Uniqueness Score: -1.00%

Function 00736C43, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d00e0cd0893ba6a5708776be30435ef2366795ea773deb4874e1b47a084860f
Instruction ID: 2ae2bdc766754ff6641f77a3ae0c06c6e8ac08bdea781c7526318c80227ceca4
Opcode Fuzzy Hash: 7d00e0cd0893ba6a5708776be30435ef2366795ea773deb4874e1b47a084860f
Instruction Fuzzy Hash: 1011AC32A85306FFE730AEA4988C3D7F361FF06360F658162C95107DA1AB2E79A4D641

Uniqueness

Uniqueness Score: -1.00%

Function 007374E7, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: defc74af2355a5d83555c061c32ff9d3885a28f0ac73473f67a8857da5213b7e
Instruction ID: 4bad122564b9e7a171850b1c31fbb72e382292b0886651f29ab51b355bd0c370
Opcode Fuzzy Hash: defc74af2355a5d83555c061c32ff9d3885a28f0ac73473f67a8857da5213b7e
Instruction Fuzzy Hash: 6421C5B290D345DFEB3CED74949C39AF391EF15330F548287C1624ADA2E7296951DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00735779, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3d68a7bb2f8f36137ee686b80b61b80e75a66a2ececd4b92ba69231df73402
Instruction ID: 694686a6aa4ee766aa50176011c582e67bbd00d69b31e7ae3587eea53012513c
Opcode Fuzzy Hash: 2e3d68a7bb2f8f36137ee686b80b61b80e75a66a2ececd4b92ba69231df73402
Instruction Fuzzy Hash: B7218633089618DFD660FFA0A48D49BF326FF44320F239483D1114BD21DB2A3620EA44

Uniqueness

Uniqueness Score: -1.00%

Function 0073542F, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff84cfb0ea36c0e8dcdedbb816570c4a2a87959587c5ae634b3b3fef670c98c
Instruction ID: 11e8f794d20a06346b0766a17c6ec51abcd343700e074e6543658d9538fbb39b
Opcode Fuzzy Hash: 1ff84cfb0ea36c0e8dcdedbb816570c4a2a87959587c5ae634b3b3fef670c98c
Instruction Fuzzy Hash: 6B11947314D709DFE720BEA094C92ABF763FF19320F718097C2624BA12E76D7960A611

Uniqueness

Uniqueness Score: -1.00%

Function 0073292E, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b8d853929c5a42a5b7220581a3f8267226e9895ae953079afd8d4c02dd0d63
Instruction ID: 3544cec937a3be3ea11e43994ad6585770b24f226e2535310076682a2865bec0
Opcode Fuzzy Hash: 26b8d853929c5a42a5b7220581a3f8267226e9895ae953079afd8d4c02dd0d63
Instruction Fuzzy Hash: 65216672145308EFF730BF60958D7DBF323FF04320F618147DA150B996972AAA51DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00732A98, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b260e3769bbdaf3f01712b612d9a860453131f7da1feb12dcdb3ed0584ace137
Instruction ID: 36e79fdda47636b41bca1664a9a724aee836177e63de1e6b0a602c0f38c2c0ae
Opcode Fuzzy Hash: b260e3769bbdaf3f01712b612d9a860453131f7da1feb12dcdb3ed0584ace137
Instruction Fuzzy Hash: CA2180B2181204EFE314EE60D4CC7DAF361FF04364F21804AD5618B962DB39AA90DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00736892, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a42170aaac1f74afb2f184ce844ac3827aace0f8775f352a5eb9675863a8f2f
Instruction ID: 9515cdf023e08412899c5699972938195bc7769ab20e37fc24557748b16dd5fc
Opcode Fuzzy Hash: 4a42170aaac1f74afb2f184ce844ac3827aace0f8775f352a5eb9675863a8f2f
Instruction Fuzzy Hash: 0C119F3718A309EFD730FEA0949D2DBF362FF44360F228157CA240BD51AB393654AA01

Uniqueness

Uniqueness Score: -1.00%

Function 00735B43, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b94832367ca21d0fac01d7f77d19df55828f1619c2da82811386cd3c96a6cc9
Instruction ID: 715fe8ca2713c23f5c1fa4d20b21928de46b0f65f6403c5717687a6024408bb8
Opcode Fuzzy Hash: 3b94832367ca21d0fac01d7f77d19df55828f1619c2da82811386cd3c96a6cc9
Instruction Fuzzy Hash: ED11307314E60AEFE620BEA0918D6ABF356FF04360F318457D6624BD12F76D39506921

Uniqueness

Uniqueness Score: -1.00%

Function 00736EA3, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36089baaf1a446914192d912ef332d47e068261d563e7474ff113be5a6ac1592
Instruction ID: a83c5f08eebc4d57b10a3278cd773164207369a13ae50865797930543aa1e469
Opcode Fuzzy Hash: 36089baaf1a446914192d912ef332d47e068261d563e7474ff113be5a6ac1592
Instruction Fuzzy Hash: CB114C32549345EFD721EFB0E0D928BFB61FF19320F2A8497C2504BE12EB6A2551D705

Uniqueness

Uniqueness Score: -1.00%

Function 00733876, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e48b32ab2da68ab57a1c1777d39df4fa0de2793b5982effaeaa1542326214f
Instruction ID: 54be2c43e884a7b876c372b677a811d7ece8d3ac1e9da4d9ebc48ef9c4656dbf
Opcode Fuzzy Hash: 09e48b32ab2da68ab57a1c1777d39df4fa0de2793b5982effaeaa1542326214f
Instruction Fuzzy Hash: 5521A5B2185304EFE724BF70D48C78AF362FF04321F628186D6614B9A6D739EA80DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00735463, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214a0f70eb58f0744926d5e797def16d5add8c265a728e8e565186851c50e29f
Instruction ID: 1a02a4dfc78b43e9137d5f8afc2c57545c671a1b209e1daee83521f12268a5d9
Opcode Fuzzy Hash: 214a0f70eb58f0744926d5e797def16d5add8c265a728e8e565186851c50e29f
Instruction Fuzzy Hash: 3C11707304D609DFE721BEA494D92ABF763FF1A320F618097C2624BA12E75D3960A611

Uniqueness

Uniqueness Score: -1.00%

Function 0073371A, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6610e4a8292e5e6fb64fc691d90984955756642c1e67012509ad9cdecb30601
Instruction ID: 3ff4cf1ffd7e3e71c9d4f54c372208a5fab4b2b835c527bd1569ece93d47f645
Opcode Fuzzy Hash: a6610e4a8292e5e6fb64fc691d90984955756642c1e67012509ad9cdecb30601
Instruction Fuzzy Hash: 2501127354A244EFD321EEA494CC28BF762FF59320F268097D1204BF61EB2A3A11A700

Uniqueness

Uniqueness Score: -1.00%

Function 00735B0B, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89899083f263cb74204260885bf98dec5b66dd37a927859f7c3756ec4560ab0a
Instruction ID: 522c7e5450c2886a28e20f97b8f2605549e8eb23fbf15874b9d405c2372a80c9
Opcode Fuzzy Hash: 89899083f263cb74204260885bf98dec5b66dd37a927859f7c3756ec4560ab0a
Instruction Fuzzy Hash: CF114EA250CE03DEF7102BA4D1C9BBEB769EF11364F748419D5834A007F76C5480A636

Uniqueness

Uniqueness Score: -1.00%

Function 007333D8, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c4ab88afa0e4e381d63e1bf016b6999b97eb6a0e6b191170018b7a72d497ff
Instruction ID: 7a1dbda970c38bf2f9576ea730d98903932f636d5767a303fb6285945a9afdc7
Opcode Fuzzy Hash: 62c4ab88afa0e4e381d63e1bf016b6999b97eb6a0e6b191170018b7a72d497ff
Instruction Fuzzy Hash: 8C118E72244308EFEB21FF60E8C87DAF362FF08390F254156DE5407951DB3A69A0AB00

Uniqueness

Uniqueness Score: -1.00%

Function 00735494, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0469ade2debf900a3c64df9a5e600f3071af4417552b679f6801360d49393e8
Instruction ID: 9d6249b466e85a5cf9c0c10c6315fcdb2472682ae4c8d3008489ebe209064e30
Opcode Fuzzy Hash: b0469ade2debf900a3c64df9a5e600f3071af4417552b679f6801360d49393e8
Instruction Fuzzy Hash: 9611C46304D708DFEB31BEA094C92ABF763FF1A320F614097C2624BA12E75D3960A611

Uniqueness

Uniqueness Score: -1.00%

Function 00735B7F, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d016593ffc536a0f6eafe02744d05d42db948953eb7d68d4395d523705e3e717
Instruction ID: cfb45af9ab7b276ab5b89aa29032d26aa221a0116e751d2901721baad90ae59f
Opcode Fuzzy Hash: d016593ffc536a0f6eafe02744d05d42db948953eb7d68d4395d523705e3e717
Instruction Fuzzy Hash: 3E01807314E60AEFA620BAA0918D6ABF356FF08360F318447D2624BD12F76D3950A920

Uniqueness

Uniqueness Score: -1.00%

Function 0073243A, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01495e6b443345d9f2c789578f8dccb567d989c7c0dbff36d4aa4189a7cb98cf
Instruction ID: f09acddd9ce914bf890981216c1c754aa0e568ea76dd04f191a822aa51ad9617
Opcode Fuzzy Hash: 01495e6b443345d9f2c789578f8dccb567d989c7c0dbff36d4aa4189a7cb98cf
Instruction Fuzzy Hash: 27113D33145706EFE724FE68E4887D6F361FF09320F2581A7C92047A62D7297962DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00735BB0, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e368db7d7c07f671fab45f64c249ea5497c153f9eb7ac3b1843690e1daf0f91
Instruction ID: 0eec1ac0eb42ffa8b54744539bbb5e19b24e982c0d95c4cc635d6e19eba0a368
Opcode Fuzzy Hash: 5e368db7d7c07f671fab45f64c249ea5497c153f9eb7ac3b1843690e1daf0f91
Instruction Fuzzy Hash: 4401757314E60AFFA720FAA0908D5ABF356FF08360F718043D2624BE12F76D3950A920

Uniqueness

Uniqueness Score: -1.00%

Function 007353E5, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af413e1802c7520e0fab96bc1f57007493528fce25126cab5c96c6640e24ad4
Instruction ID: 61f078c9e9ba2a9f4028a142b278100df8ed85246c0c89edb24774749efabe2d
Opcode Fuzzy Hash: 6af413e1802c7520e0fab96bc1f57007493528fce25126cab5c96c6640e24ad4
Instruction Fuzzy Hash: D6017B9120CF45CFFF290A9489D23753AA38F2B320FB44169D953C7207D1AC94D1A226

Uniqueness

Uniqueness Score: -1.00%

Function 007367ED, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d302db3713b7dc0f43443a3fce33a091f395d811366ed70cf7f3b9045defce6
Instruction ID: acd5a3e38c1b6adb01ab6df920190e8d8877fe69f2cf4fc29aee0033a2dbf2d1
Opcode Fuzzy Hash: 4d302db3713b7dc0f43443a3fce33a091f395d811366ed70cf7f3b9045defce6
Instruction Fuzzy Hash: 2511B43718A658EFD631FEA4D49C29FF362FF05324F628097C51107D51E72E39559A01

Uniqueness

Uniqueness Score: -1.00%

Function 00736744, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa19086c511225a8c32e695008d9d7bfca5aaa9b0e14ed113683c365652d21da
Instruction ID: 285da6ebd3d562214cf601674653112d42c7577ba2b290e5f4b29d5d3dcc28af
Opcode Fuzzy Hash: aa19086c511225a8c32e695008d9d7bfca5aaa9b0e14ed113683c365652d21da
Instruction Fuzzy Hash: 7D115E33546308EFEB34BEA4959C3DFF362EF45370FA28457CA1007955EB2E29959A02

Uniqueness

Uniqueness Score: -1.00%

Function 007354CC, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd21e03e12e6c70746c2ebdcb5ba24d4cc2da1c24e9ea322d7e1660e5f3f09f5
Instruction ID: 903b4f5fc9597205c9a6cfeff9e520a05d9d181f34e3ef95d951cb4a2cc0bd3b
Opcode Fuzzy Hash: fd21e03e12e6c70746c2ebdcb5ba24d4cc2da1c24e9ea322d7e1660e5f3f09f5
Instruction Fuzzy Hash: 0F015273049708DFEB31AEA094D9297F763FF1A320F654187C2624BA12E75D3560A611

Uniqueness

Uniqueness Score: -1.00%

Function 007301F5, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a061b592c9e73014b5d5c6cca9f766243c21da4ba55dab429498092cbf7979c1
Instruction ID: 09915ebdde1f6ca33dddae5eb8faa266f1ac224143ff1884029f919207c17ca4
Opcode Fuzzy Hash: a061b592c9e73014b5d5c6cca9f766243c21da4ba55dab429498092cbf7979c1
Instruction Fuzzy Hash: 8F11173308E359EFD625FEB0949D19BF326FF05320F624097C55147D21EB2A7960A741

Uniqueness

Uniqueness Score: -1.00%

Function 007339AB, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb7a810bab77ae3b8721bee374780ebb56328bb2f75a3d020da70dffef5fad8
Instruction ID: 5e363b642c9f2b3efabcc39c5d379a37e2d2d86109b11ebf4cf52b6fe73c6bb2
Opcode Fuzzy Hash: fcb7a810bab77ae3b8721bee374780ebb56328bb2f75a3d020da70dffef5fad8
Instruction Fuzzy Hash: 5F012173145205EFD320FE64958C68BF326FF09370B218197DA614B961EB29B9519610

Uniqueness

Uniqueness Score: -1.00%

Function 0073754B, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c006fb7f7d8eccbac1827405949cb2df13a6dc46d3a027ef148de85b12c76c5
Instruction ID: 0be1129e1822e7b568e083dd507281feb67a1470a154a10c6e390239425fd418
Opcode Fuzzy Hash: 6c006fb7f7d8eccbac1827405949cb2df13a6dc46d3a027ef148de85b12c76c5
Instruction Fuzzy Hash: 1E11A57354D209EFE738EE74949D29BF311FF05330F618187C2624BEA2E7292961D601

Uniqueness

Uniqueness Score: -1.00%

Function 007317F2, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31de01a0685efbbe7b2dca73aa50558647990c920447a7b3acf13f3d5d78f750
Instruction ID: 3a859e2df4ad8c3af0bf770759314ca515c619a978afa3c702dfe0cb7c3268b5
Opcode Fuzzy Hash: 31de01a0685efbbe7b2dca73aa50558647990c920447a7b3acf13f3d5d78f750
Instruction Fuzzy Hash: 1E01DE33145208EFD631FEA0A88C6CBF726FF49360F664053E9541B9109B2B7964AA50

Uniqueness

Uniqueness Score: -1.00%

Function 007337C7, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d74e74b62bd3617456dff29f9026efb5ce0e1c5e6992cfaa43cc83f9edae01
Instruction ID: 0c42fd191368fd98ad360be8e68fbbdefd00cf7f4f8f171bcdab73605d3cc5af
Opcode Fuzzy Hash: b6d74e74b62bd3617456dff29f9026efb5ce0e1c5e6992cfaa43cc83f9edae01
Instruction Fuzzy Hash: 6901A172145305EFE720FF60948D69BF322FF04720F668187D6144BD629B2AB951DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00733822, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd745fe7cd0942a44e2918c88782c95cc284da5ef95474d3db9319fb539a402d
Instruction ID: 760fff4257f863424389f7c3100edbf4a011252f729af6d93ae241f3e251c0b9
Opcode Fuzzy Hash: cd745fe7cd0942a44e2918c88782c95cc284da5ef95474d3db9319fb539a402d
Instruction Fuzzy Hash: 6701C072189204EFE724FF60908C69BF362FF04320F66C187D6240BD669B2ABA51DA11

Uniqueness

Uniqueness Score: -1.00%

Function 00733442, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dbd54b6d332e3d9988ee6baa29bdcde730a5a055d8069557fc95d33259796f2
Instruction ID: dd77b49b7dad5a9922b728e588ffa2e1f86b8f88724e64b8265874b644efa7db
Opcode Fuzzy Hash: 6dbd54b6d332e3d9988ee6baa29bdcde730a5a055d8069557fc95d33259796f2
Instruction Fuzzy Hash: 7901C077185208EFD721FE60A4CC7DAF322FF14350F658053DA644B921EB3A7A60AA40

Uniqueness

Uniqueness Score: -1.00%

Function 00736F03, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 024cd59ce98d0b5e01136a26c73acf9866461c7e45e08705e784b959e47726af
Instruction ID: 06da5433b8645a051a5ca050a6233bef3b52fcab0a0e1ebc07c50cb8a16e008f
Opcode Fuzzy Hash: 024cd59ce98d0b5e01136a26c73acf9866461c7e45e08705e784b959e47726af
Instruction Fuzzy Hash: 7401A93318A208EFE720FEB0A59D79BF362FF15370F264183D6214BD60E76A79509600

Uniqueness

Uniqueness Score: -1.00%

Function 00731B84, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1d2d325f50927a2b46552d9b9168d2904831b6734acbdd186ee0ebf56d0c3a
Instruction ID: 9fff69dcdce9609b62ca98ce21fc0a1fc8640c5a549ef16d800ed8197e997833
Opcode Fuzzy Hash: ac1d2d325f50927a2b46552d9b9168d2904831b6734acbdd186ee0ebf56d0c3a
Instruction Fuzzy Hash: B9012B33585209DFD720FE94949D2D7F362FF18310FA29093C6554BE54E76A6A609A40

Uniqueness

Uniqueness Score: -1.00%

Function 007301C4, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f63aa6b53671a4656a7074e035b8365ca89788db3d339712a90742ae410c4192
Instruction ID: c86b337d18f4c8f4918555d55b10c0f2af1a3a6b2eba7ff7cdfc8d529f272084
Opcode Fuzzy Hash: f63aa6b53671a4656a7074e035b8365ca89788db3d339712a90742ae410c4192
Instruction Fuzzy Hash: 2EF06837149309EFD614FEA0559C29BF316FF05320F714093C61117E22AB6D7A64B781

Uniqueness

Uniqueness Score: -1.00%

Function 00737664, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4db7ce202bb48f4cb689088535fa40fea1c9c7d0471587a43df9c6314521fb9e
Instruction ID: 795e7de336aa46c306af42b33c04c1d0e61749f46c805693b795398ed21a4be0
Opcode Fuzzy Hash: 4db7ce202bb48f4cb689088535fa40fea1c9c7d0471587a43df9c6314521fb9e
Instruction Fuzzy Hash: BAF09173089608DFD724FEA4949D65BF321FF59324F218097C2614BE51DB2E3A11EA11

Uniqueness

Uniqueness Score: -1.00%

Function 007363EA, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f31192eb425751a8117d140002cf69435c95eeb04acad8c12354894d3c35723a
Instruction ID: b52bcc12a84baf60bab1dd59ee7fb257fa9d1c0643c92bb3ab36eb1fc0ca866a
Opcode Fuzzy Hash: f31192eb425751a8117d140002cf69435c95eeb04acad8c12354894d3c35723a
Instruction Fuzzy Hash: 0AF0943349A315EF9724FEB0A5DC1DBF312FF05660B72815BC9610BD11F72A7A51AA01

Uniqueness

Uniqueness Score: -1.00%

Function 007355CC, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda9c88353a05b1e773d26597bc6b55b8a4104334a35b8a375adce3bfa2417b9
Instruction ID: a840dc08ddd9599d4fad8f17340fd7d849f82fc0141a2a82718938e11923f58d
Opcode Fuzzy Hash: cda9c88353a05b1e773d26597bc6b55b8a4104334a35b8a375adce3bfa2417b9
Instruction Fuzzy Hash: CEF02133049608EF9220FEE0955D19BF753FF59230F719183C2710BE556B6D3561A614

Uniqueness

Uniqueness Score: -1.00%

Function 007355FC, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ea2b2a2cbe8f5f0726593412bac02131036e322f1bc9f452bdbe61d3330083
Instruction ID: 060486c409f5037192a56c5a75175cf581f1368ca2b1d88287347d835b62cbd3
Opcode Fuzzy Hash: e9ea2b2a2cbe8f5f0726593412bac02131036e322f1bc9f452bdbe61d3330083
Instruction Fuzzy Hash: 36F04033049208EF9220FEE0918D19BF753FF59230B718183C3310BF65AB6D3A61AA14

Uniqueness

Uniqueness Score: -1.00%

Function 00738194, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fff1c4f77499357a91cc216d26cb94754a88fcf5953fdf04b94c6e2ffa61e0
Instruction ID: c44570971579eb08ed29c10c5f8c4ffa32b43b14657a1a236115b6e1b4121aba
Opcode Fuzzy Hash: 80fff1c4f77499357a91cc216d26cb94754a88fcf5953fdf04b94c6e2ffa61e0
Instruction Fuzzy Hash: B1F0D633049309DF9615FEA0D09C28BF322FF48320F628047C66107D149B3A3955D601

Uniqueness

Uniqueness Score: -1.00%

Function 007334A6, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8d7d52b55c4123199ce0beb299a9f8354bfefde00b769683c0e5f85eb5ecaf
Instruction ID: e561f704def5078b4e2621dc2f6898819e889009fff836af43d31034bf6c83a5
Opcode Fuzzy Hash: 7b8d7d52b55c4123199ce0beb299a9f8354bfefde00b769683c0e5f85eb5ecaf
Instruction Fuzzy Hash: B5F0027308A748DFC311FEB4A45C18BF766FF452207568087C1604FE21E7593A15AB11

Uniqueness

Uniqueness Score: -1.00%

Function 007366A8, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ecd5c4e6a3ae49ff61441866c6bd5c3e0117f66c3783c2e53e6012fda3586a5
Instruction ID: c5f7752a2400de13427b45e6cea271f6cca5bcc1c3d116470fa0c62b4e714af7
Opcode Fuzzy Hash: 8ecd5c4e6a3ae49ff61441866c6bd5c3e0117f66c3783c2e53e6012fda3586a5
Instruction Fuzzy Hash: CBF01673586215DFD720FEA494DC187F362FF58261B66C097C66047E54EB2E3A64AB00

Uniqueness

Uniqueness Score: -1.00%

Function 007364AF, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aae9366d029c3a6b53fc92be709e3af85e7de3ea0f44830bb4b525094474d64
Instruction ID: 1151e1aff215c421e36305342c0bf7f3638feddeccf1ec9e46f35ee1b11af48a
Opcode Fuzzy Hash: 8aae9366d029c3a6b53fc92be709e3af85e7de3ea0f44830bb4b525094474d64
Instruction Fuzzy Hash: 3DF01C37545249EF9310FE64904C1DBF362FF09710B658093D5554BE21F7297A51EB04

Uniqueness

Uniqueness Score: -1.00%

Function 00732C54, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1d97fe74cd7603af96aca360ac68866f7012f58a40a49015d2d7f13f017c8e4
Instruction ID: 7783f6a6f14e81bf899f14e58797e3ec9349292683544510aa5ddffca281f2f2
Opcode Fuzzy Hash: a1d97fe74cd7603af96aca360ac68866f7012f58a40a49015d2d7f13f017c8e4
Instruction Fuzzy Hash: A0F06233089344DFC734FEB490CC15BF762FF18220F258197C6644BE66EB2A75519611

Uniqueness

Uniqueness Score: -1.00%

Function 0073650D, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 038e6a3aa56410ac643b925fb2e567b1d8a0d79d44bcd6b7079c6bd95e53b54e
Instruction ID: 547cb49c5675eb7800b11f74470972f6c102a2e77318f6b3b48e45390b2d9c71
Opcode Fuzzy Hash: 038e6a3aa56410ac643b925fb2e567b1d8a0d79d44bcd6b7079c6bd95e53b54e
Instruction Fuzzy Hash: 01F0247348E314FFD321FEA0A48D19BF362FF15620B328493C5100BD65E71A36209A01

Uniqueness

Uniqueness Score: -1.00%

Function 007365F7, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06db120707b3ef17c5400b106ec8a6f0625a04bfe0a7dc1164a2fdea0a761104
Instruction ID: 116c10756514ffecc831043fc71dd3da6f6db459673afc2ca2ea40999963a880
Opcode Fuzzy Hash: 06db120707b3ef17c5400b106ec8a6f0625a04bfe0a7dc1164a2fdea0a761104
Instruction Fuzzy Hash: FBF01C71300200EFE725CE14C6DAF6973A2AB15780FA5C5A9EC028B663D739EC80DF12

Uniqueness

Uniqueness Score: -1.00%

Function 00735CF7, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 690d2f83871aca2484de53003752ca1c7270c23a91a13906858db1993323f21a
Instruction ID: 466901d99bc025029fc39302c43657ba36d5e7457b3044195462f3ad0c0f7402
Opcode Fuzzy Hash: 690d2f83871aca2484de53003752ca1c7270c23a91a13906858db1993323f21a
Instruction Fuzzy Hash: D1F07E3319E605DF9610FEA0518D19BF366FF19750F328483C6654BD219B6A3525AA10

Uniqueness

Uniqueness Score: -1.00%

Function 00735638, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc77dcc9d4f9d8db90a82f7d0592a4a6fffa439cc4503b69123528669fa4dbdb
Instruction ID: a56aaf29613c24c40d40d1dcbec1e0a4ac0b4fbe805f2ca0fede2733500b2492
Opcode Fuzzy Hash: fc77dcc9d4f9d8db90a82f7d0592a4a6fffa439cc4503b69123528669fa4dbdb
Instruction Fuzzy Hash: 00F0743354511CEF9360FEE1918C19BF752FF5D260B618087C3704BE14AB6D3E60A654

Uniqueness

Uniqueness Score: -1.00%

Function 00735678, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7ad04a108ecfa0862b8dc949b3d19c9f0126ffaa3aefa77b7e1a44ebefae1f4
Instruction ID: 4379ebac348fa5c97880edacb41acbe77237a407bde1d14ffc7bf95040d2f944
Opcode Fuzzy Hash: d7ad04a108ecfa0862b8dc949b3d19c9f0126ffaa3aefa77b7e1a44ebefae1f4
Instruction Fuzzy Hash: 98F0EE3318A705EF9620FD9090DC19FF362FF18360F324453C6214BD11EB2A3A20A601

Uniqueness

Uniqueness Score: -1.00%

Function 00735E7F, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be16f2284810a0ec1b3fa4c50f7d715055e6c23e988aa7f9b13a26b4d193e030
Instruction ID: 623a2a853eb93847ec9953eff1d4242baa387ff736d77127307eef882719a149
Opcode Fuzzy Hash: be16f2284810a0ec1b3fa4c50f7d715055e6c23e988aa7f9b13a26b4d193e030
Instruction Fuzzy Hash: 5AF0E73348A205DFC620FFB0E48D59BF762FF09320F668083C1200FD21EB2A3621AA00

Uniqueness

Uniqueness Score: -1.00%

Function 00731857, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc8cca1b4737f63632985374d0f419941d9a9f14177837c64566418cd0e5433
Instruction ID: 2c9f15d16e7488bdad971325b4627b1da6a39f813f72a1428ebf9d3f2af58dd6
Opcode Fuzzy Hash: 7bc8cca1b4737f63632985374d0f419941d9a9f14177837c64566418cd0e5433
Instruction Fuzzy Hash: 14F0747314A209EF5521FEA051CD18BF316FF15250B318043C6500BD119F2F3524D555

Uniqueness

Uniqueness Score: -1.00%

Function 00730804, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4dc4b4ca8244eb882a18a435e93a735217d50ad623d2dbc0c169e66e47cfb51
Instruction ID: 5a95d40ee87cd4bb9548cca37eba1898bf6e96af68fbf03e0329e75a7b24b980
Opcode Fuzzy Hash: e4dc4b4ca8244eb882a18a435e93a735217d50ad623d2dbc0c169e66e47cfb51
Instruction Fuzzy Hash: 6DF07437086309DFD350FEA4A09C187F761FF19711F214097C1644BE20E72A3925DB00

Uniqueness

Uniqueness Score: -1.00%

Function 007356A8, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8357d3da47b851f6800ba6e705b528b367caab933346ad1465eff6999c1088f5
Instruction ID: 169e28778f9aa77b803737bf2c17c43ab1ab347af58e0b4c74b37b4a6db0a160
Opcode Fuzzy Hash: 8357d3da47b851f6800ba6e705b528b367caab933346ad1465eff6999c1088f5
Instruction Fuzzy Hash: 38F0743718A645EF5620FD9494DC19FF362FF48360B324453C66147D11EB2A3A50A611

Uniqueness

Uniqueness Score: -1.00%

Function 00735D30, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d40acfecbfa03fc64565094776f2dc0bf199b92a77f22f6f2ec6819625b9ba1a
Instruction ID: f171830b97e95c15a82d356105a5a07de9bf7a2cc7c772a7d629a0ed99f09974
Opcode Fuzzy Hash: d40acfecbfa03fc64565094776f2dc0bf199b92a77f22f6f2ec6819625b9ba1a
Instruction Fuzzy Hash: C9E08B3304E204DFD610FD5051CC0DBF315FF19354F215083C5600BD1197193524A600

Uniqueness

Uniqueness Score: -1.00%

Function 007351F4, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2d5befe839110c41ccfc549636b049487088e3ab4f7bec530cbe52f588b049
Instruction ID: bd4b50be5e82a32d85af7be9af4108131b5d36779310099356a1268a0f34af76
Opcode Fuzzy Hash: bd2d5befe839110c41ccfc549636b049487088e3ab4f7bec530cbe52f588b049
Instruction Fuzzy Hash: 44E00C3308A204EFD661FE61A49D097F322FF49324B769487C5151BD25972779119A40

Uniqueness

Uniqueness Score: -1.00%

Function 0073685F, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d2a2e1ffed4e5b1882b9f7af2c02c3af39a30b8355c9d79741bfdd5337aee6b
Instruction ID: cdfdb986842f31201a958c2360e05d6c5ac8028716c1cd99ae16873313664ba6
Opcode Fuzzy Hash: 4d2a2e1ffed4e5b1882b9f7af2c02c3af39a30b8355c9d79741bfdd5337aee6b
Instruction Fuzzy Hash: 1FE08B3314A305DF5310FD61518D187F321FF04750F318097C62007D50E71975306501

Uniqueness

Uniqueness Score: -1.00%

Function 007376B7, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df871971efd36977344dcab393bd84560e9dbfbe74f553579d04a81b69beeba
Instruction ID: e6eac5f95480299ea4578a32e49e83926dd27af0ed45ad9f8e9233f003d9a71c
Opcode Fuzzy Hash: 0df871971efd36977344dcab393bd84560e9dbfbe74f553579d04a81b69beeba
Instruction Fuzzy Hash: 28E08B3704D108DF4130FEE4505D54BF312FF14320B518043C11007D119B1A3925ED10

Uniqueness

Uniqueness Score: -1.00%

Function 00736046, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c0477916f4c0f9b7570e85bfdf109fb2df3925539e9b7e1a66db88f86a02bca
Instruction ID: e62f606d422f1fa5cb37e420c6cdb1ec8c85133acb1b0df0e4e82e1e9d4fe0d9
Opcode Fuzzy Hash: 9c0477916f4c0f9b7570e85bfdf109fb2df3925539e9b7e1a66db88f86a02bca
Instruction Fuzzy Hash: 06E00B73445104DFC220FE75508D087F711FF141207518157C53047D109B1635115500

Uniqueness

Uniqueness Score: -1.00%

Function 00735D5F, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59c7fc98a7630c808580ad4d498d607e14d1beb77cdd3ed2b269e684024b5241
Instruction ID: 2fe074df32c11910c5a0ca37cf0f7280bc73a00fb685a64312e255c206b936ca
Opcode Fuzzy Hash: 59c7fc98a7630c808580ad4d498d607e14d1beb77cdd3ed2b269e684024b5241
Instruction Fuzzy Hash: EBE0033318A209DF8660FEA0918D58BF322FF55654B228087C6601BD21AB263625AA14

Uniqueness

Uniqueness Score: -1.00%

Function 00732E07, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9a274c9af4df768a6232fbda83d3b152131fd27546f47182cf46c092cf7954
Instruction ID: b9d62b94563faabc46c51400592151ca233b76fbceb47f56c7192bf639f49bb8
Opcode Fuzzy Hash: 6e9a274c9af4df768a6232fbda83d3b152131fd27546f47182cf46c092cf7954
Instruction Fuzzy Hash: 2BE0037758A209DF9620FEA1918D14BF322FF44611B228097D6200BD24AB267624AA04

Uniqueness

Uniqueness Score: -1.00%

Function 00733EA8, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb65a3609ed4b45fdcfba2f81a532d7b05b9a52015e55645ca1020603808973a
Instruction ID: 42237e7161d595573cdeb4c6e88c75746421cd175aa682e01d78a0b718466aa3
Opcode Fuzzy Hash: bb65a3609ed4b45fdcfba2f81a532d7b05b9a52015e55645ca1020603808973a
Instruction Fuzzy Hash: AAE00477047115DFC510FD54505C0C7F711FF4431575150C3C55107D1557353571D504

Uniqueness

Uniqueness Score: -1.00%

Function 00735F3C, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2c10431d087c5f4dbe14a8de0577e06b888d92120a85fcd1a492431d6e386d
Instruction ID: 5813204e59478bd15f035227f7018c91133bac9caef160a5bfc064189eeb53b5
Opcode Fuzzy Hash: 1e2c10431d087c5f4dbe14a8de0577e06b888d92120a85fcd1a492431d6e386d
Instruction Fuzzy Hash: 1DE0033709A208EF8211FE90A09C1DBF325FF19325B615087C6200BE20AB2A3A60AA50

Uniqueness

Uniqueness Score: -1.00%

Function 00731BDE, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebd6c5478f477f4f64cf9c3b36b1c1a808cc4a320e093cd2dd650b44f151da2e
Instruction ID: d9a5d6f6a9ada2de77736c3b8e2f9eb58f6878590bc724327ff4f25c92a4a8dc
Opcode Fuzzy Hash: ebd6c5478f477f4f64cf9c3b36b1c1a808cc4a320e093cd2dd650b44f151da2e
Instruction Fuzzy Hash: D6E0037348A208DF8660FEA1A18C04BF322FF44220B628097D6200BD20AB263620AA01

Uniqueness

Uniqueness Score: -1.00%

Function 00732CA7, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1b5b4e2501ec158250caa31a0ce636151b6d5208f56a0cbc3fb7ee64d7ef13e
Instruction ID: e6fc32d502cbb0690279859a5fdd65f2e6bd18cfc46ee6ef9ebe4a84ee98751c
Opcode Fuzzy Hash: a1b5b4e2501ec158250caa31a0ce636151b6d5208f56a0cbc3fb7ee64d7ef13e
Instruction Fuzzy Hash: 07E00A3318A208DF8724FEA490DC05FF323FF04220B728097C2210BD20EB263A64AA00

Uniqueness

Uniqueness Score: -1.00%

Function 007336B1, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 461edd47576f8c99f63bbc703822cb450865021fd19ceec9bbbfb138aa86b0fa
Instruction ID: d0fb637aa538c41f1baa4b9ffd56e6f584406113a80b52a25f724e2daf119317
Opcode Fuzzy Hash: 461edd47576f8c99f63bbc703822cb450865021fd19ceec9bbbfb138aa86b0fa
Instruction Fuzzy Hash: F5C04CB6746680CFF755CA14C951B1073B0AB51644F180595E803CB752D319E9009500

Uniqueness

Uniqueness Score: -1.00%

Function 00736074, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 683a11861941633d81ed1e4e3aeb456972eb6612e636511f28ac5ae59364b715
Instruction ID: a277bcf0df820170296e404eb8dd447f0e16aa6ec834f479ff50ba42150486cd
Opcode Fuzzy Hash: 683a11861941633d81ed1e4e3aeb456972eb6612e636511f28ac5ae59364b715
Instruction Fuzzy Hash: ABB00275751A55CFCE55DF19C290F4173B4FF54B90F4154D4E455C7B11D364E900C910

Uniqueness

Uniqueness Score: -1.00%

Function 00737B9C, Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1276865896.0000000000730000.00000040.00000001.sdmp, Offset: 00730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337c54312234a7ee82ed7ac89356b9a7371381e069938ddb4d697ba2f42fb203
Instruction ID: 55415f2e2ee501461b49991e4aef86841b30de5bdb9ccae9afe4fd44cd0d999a
Opcode Fuzzy Hash: 337c54312234a7ee82ed7ac89356b9a7371381e069938ddb4d697ba2f42fb203
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00411076, Relevance: 63.2, APIs: 35, Strings: 1, Instructions: 221
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00411076(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v32;
				char _v44;
				char _v52;
				signed int _v56;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				char _t122;
				char* _t124;
				intOrPtr _t179;

				_push(0x4010f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t179;
				_push(0x68);
				L004010F0();
				_v12 = _t179;
				_v8 = 0x4010e0;
				_push(0x11);
				_push(0x40266c);
				_t122 =  &_v44;
				_push(_t122);
				L00401192();
				_v56 = _v56 & 0x00000000;
				if(_v56 >= 0x33) {
					L0040118C();
					_v64 = _t122;
				} else {
					_v64 = _v64 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 1;
				if(_v56 >= 0x33) {
					L0040118C();
					_v68 = _t122;
				} else {
					_v68 = _v68 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 2;
				if(_v56 >= 0x33) {
					L0040118C();
					_v72 = _t122;
				} else {
					_v72 = _v72 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 3;
				if(_v56 >= 0x33) {
					L0040118C();
					_v76 = _t122;
				} else {
					_v76 = _v76 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 4;
				if(_v56 >= 0x33) {
					L0040118C();
					_v80 = _t122;
				} else {
					_v80 = _v80 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 5;
				if(_v56 >= 0x33) {
					L0040118C();
					_v84 = _t122;
				} else {
					_v84 = _v84 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 6;
				if(_v56 >= 0x33) {
					L0040118C();
					_v88 = _t122;
				} else {
					_v88 = _v88 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 7;
				if(_v56 >= 0x33) {
					L0040118C();
					_v92 = _t122;
				} else {
					_v92 = _v92 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 8;
				if(_v56 >= 0x33) {
					L0040118C();
					_v96 = _t122;
				} else {
					_v96 = _v96 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 9;
				if(_v56 >= 0x33) {
					L0040118C();
					_v100 = _t122;
				} else {
					_v100 = _v100 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xa;
				if(_v56 >= 0x33) {
					L0040118C();
					_v104 = _t122;
				} else {
					_v104 = _v104 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xb;
				if(_v56 >= 0x33) {
					L0040118C();
					_v108 = _t122;
				} else {
					_v108 = _v108 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xc;
				if(_v56 >= 0x33) {
					L0040118C();
					_v112 = _t122;
				} else {
					_v112 = _v112 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xd;
				if(_v56 >= 0x33) {
					L0040118C();
					_v116 = _t122;
				} else {
					_v116 = _v116 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xe;
				if(_v56 >= 0x33) {
					L0040118C();
					_v120 = _t122;
				} else {
					_v120 = _v120 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_v56 = 0xf;
				if(_v56 >= 0x33) {
					L0040118C();
					_v124 = _t122;
				} else {
					_v124 = _v124 & 0x00000000;
				}
				L00401186();
				 *((char*)(_v32 + _v56)) = _t122;
				_push(0x411387);
				_v52 =  &_v44;
				_t124 =  &_v52;
				_push(_t124);
				_push(0);
				L00401180();
				return _t124;
			}

0x0041107b
0x00411086
0x00411087
0x0041108e
0x00411091
0x00411099
0x0041109c
0x004110a3
0x004110a5
0x004110aa
0x004110ad
0x004110ae
0x004110b3
0x004110bb
0x004110c3
0x004110c8
0x004110bd
0x004110bd
0x004110bd
0x004110cf
0x004110da
0x004110dc
0x004110e7
0x004110ef
0x004110f4
0x004110e9
0x004110e9
0x004110e9
0x004110fb
0x00411106
0x00411108
0x00411113
0x0041111b
0x00411120
0x00411115
0x00411115
0x00411115
0x00411127
0x00411132
0x00411134
0x0041113f
0x00411147
0x0041114c
0x00411141
0x00411141
0x00411141
0x00411153
0x0041115e
0x00411160
0x0041116b
0x00411173
0x00411178
0x0041116d
0x0041116d
0x0041116d
0x0041117f
0x0041118a
0x0041118c
0x00411197
0x0041119f
0x004111a4
0x00411199
0x00411199
0x00411199
0x004111ab
0x004111b6
0x004111b8
0x004111c3
0x004111cb
0x004111d0
0x004111c5
0x004111c5
0x004111c5
0x004111d7
0x004111e2
0x004111e4
0x004111ef
0x004111f7
0x004111fc
0x004111f1
0x004111f1
0x004111f1
0x00411203
0x0041120e
0x00411210
0x0041121b
0x00411223
0x00411228
0x0041121d
0x0041121d
0x0041121d
0x0041122f
0x0041123a
0x0041123c
0x00411247
0x0041124f
0x00411254
0x00411249
0x00411249
0x00411249
0x0041125b
0x00411266
0x00411268
0x00411273
0x0041127b
0x00411280
0x00411275
0x00411275
0x00411275
0x00411287
0x00411292
0x00411294
0x0041129f
0x004112a7
0x004112ac
0x004112a1
0x004112a1
0x004112a1
0x004112b3
0x004112be
0x004112c0
0x004112cb
0x004112d3
0x004112d8
0x004112cd
0x004112cd
0x004112cd
0x004112df
0x004112ea
0x004112ec
0x004112f7
0x004112ff
0x00411304
0x004112f9
0x004112f9
0x004112f9
0x0041130b
0x00411316
0x00411318
0x00411323
0x0041132b
0x00411330
0x00411325
0x00411325
0x00411325
0x00411337
0x00411342
0x00411344
0x0041134f
0x00411357
0x0041135c
0x00411351
0x00411351
0x00411351
0x00411363
0x0041136e
0x00411370
0x00411378
0x0041137b
0x0041137e
0x0041137f
0x00411381
0x00411386

APIs

__vbaChkstk.MSVBVM60(?,004010F6), ref: 00411091
__vbaAryConstruct2.MSVBVM60(?,0040266C,00000011,?,?,?,?,004010F6), ref: 004110AE
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004110C3
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004110CF
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004110EF
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004110FB
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041111B
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411127
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411147
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411153
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411173
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041117F
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041119F
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004111AB
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004111CB
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004111D7
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004111F7
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411203
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411223
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041122F
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041124F
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041125B
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411287
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004112A7
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004112B3
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004112D3
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004112DF
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 004112FF
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041130B
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 0041132B
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411337
__vbaGenerateBoundsError.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411357
__vbaUI1I2.MSVBVM60(?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411363
__vbaAryDestruct.MSVBVM60(00000000,?,00411387,?,?,?,?,0040266C,00000011,?,?,?,?,004010F6), ref: 00411381

Strings

3, xrefs: 0041134B

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$BoundsErrorGenerate$ChkstkConstruct2Destruct
String ID: 3
API String ID: 1280986024-1842515611
Opcode ID: d9d98b157bd203e29d72767e3319b002a6991285590c5292cbc6bf64966e77dd
Instruction ID: 846ed5efaffce865e627d780c031fba481eca58f0491e89a03e43c5981cef85e
Opcode Fuzzy Hash: d9d98b157bd203e29d72767e3319b002a6991285590c5292cbc6bf64966e77dd
Instruction Fuzzy Hash: 6AA1EA74C03249EFDF04EBE5D6517EDBBB1AF1A309F20402EE6066A292C7781945CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00410B24, Relevance: 37.8, APIs: 25, Instructions: 267
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00410B24(signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v44;
				signed int _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v92;
				intOrPtr _v100;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr* _v124;
				signed int _v128;
				signed int _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				intOrPtr* _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr* _v168;
				signed int _v172;
				intOrPtr* _v176;
				signed int _v180;
				void* _t138;
				signed int _t142;
				signed int _t146;
				char* _t150;
				signed int _t154;
				signed int _t164;
				signed int _t171;
				signed int _t175;
				char* _t179;
				signed int _t183;
				char* _t192;
				void* _t194;
				void* _t216;
				void* _t217;
				intOrPtr _t218;
				void* _t219;

				 *[fs:0x0] = _t218;
				L004010F0();
				_v16 = _t218;
				_v12 = E004010D0;
				_v8 = _a4 & 0x00000001;
				_a4 = _a4 & 0xfffffffe;
				_t138 =  *((intOrPtr*)( *_a4 + 4))(_a4, _t216, _t217, _t194,  *[fs:0x0], 0x4010f6);
				_push(0x4025c4);
				_push(0x4025c4);
				L004011FE();
				if(_t138 != 0) {
					L004011F8();
				}
				if( *0x412010 != 0) {
					_v148 = 0x412010;
				} else {
					_push(0x412010);
					_push(0x402868);
					L004011EC();
					_v148 = 0x412010;
				}
				_t142 =  &_v72;
				L004011F2();
				_v116 = _t142;
				_t146 =  *((intOrPtr*)( *_v116 + 0xd8))(_v116,  &_v112, _t142,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x2fc))( *_v148));
				asm("fclex");
				_v120 = _t146;
				if(_v120 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0xd8);
					_push(0x4025c8);
					_push(_v116);
					_push(_v120);
					L004011E6();
					_v152 = _t146;
				}
				if( *0x412010 != 0) {
					_v156 = 0x412010;
				} else {
					_push(0x412010);
					_push(0x402868);
					L004011EC();
					_v156 = 0x412010;
				}
				_t150 =  &_v76;
				L004011F2();
				_v124 = _t150;
				_t154 =  *((intOrPtr*)( *_v124 + 0x48))(_v124,  &_v64, _t150,  *((intOrPtr*)( *((intOrPtr*)( *_v156)) + 0x2fc))( *_v156));
				asm("fclex");
				_v128 = _t154;
				if(_v128 >= 0) {
					_v160 = _v160 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x4025c8);
					_push(_v124);
					_push(_v128);
					L004011E6();
					_v160 = _t154;
				}
				_v140 = _v64;
				_v64 = _v64 & 0x00000000;
				L004011E0();
				 *((intOrPtr*)( *_a4 + 0x6fc))(_a4, _v112,  &_v68);
				L004011DA();
				L004011D4();
				_t219 = _t218 + 0xc;
				_t164 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 2,  &_v72,  &_v76);
				asm("fclex");
				_v116 = _t164;
				if(_v116 >= 0) {
					_v164 = _v164 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x402318);
					_push(_a4);
					_push(_v116);
					L004011E6();
					_v164 = _t164;
				}
				while(1) {
					_v100 = 1;
					_v108 = 2;
					_push( &_v44);
					_push( &_v108);
					_push( &_v92);
					L004011C8();
					L004011CE();
					if( *0x412010 != 0) {
						_v168 = 0x412010;
					} else {
						_push(0x412010);
						_push(0x402868);
						L004011EC();
						_v168 = 0x412010;
					}
					_t171 =  &_v72;
					L004011F2();
					_v116 = _t171;
					_t175 =  *((intOrPtr*)( *_v116 + 0xd8))(_v116,  &_v112, _t171,  *((intOrPtr*)( *((intOrPtr*)( *_v168)) + 0x2fc))( *_v168));
					asm("fclex");
					_v120 = _t175;
					if(_v120 >= 0) {
						_v172 = _v172 & 0x00000000;
					} else {
						_push(0xd8);
						_push(0x4025c8);
						_push(_v116);
						_push(_v120);
						L004011E6();
						_v172 = _t175;
					}
					if( *0x412010 != 0) {
						_v176 = 0x412010;
					} else {
						_push(0x412010);
						_push(0x402868);
						L004011EC();
						_v176 = 0x412010;
					}
					_t179 =  &_v76;
					L004011F2();
					_v124 = _t179;
					_t183 =  *((intOrPtr*)( *_v124 + 0x48))(_v124,  &_v64, _t179,  *((intOrPtr*)( *((intOrPtr*)( *_v176)) + 0x2fc))( *_v176));
					asm("fclex");
					_v128 = _t183;
					if(_v128 >= 0) {
						_v180 = _v180 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x4025c8);
						_push(_v124);
						_push(_v128);
						L004011E6();
						_v180 = _t183;
					}
					_v144 = _v64;
					_v64 = _v64 & 0x00000000;
					L004011E0();
					 *((intOrPtr*)( *_a4 + 0x6fc))(_a4, _v112,  &_v68);
					L004011DA();
					_push( &_v76);
					_push( &_v72);
					_push(2);
					L004011D4();
					_t219 = _t219 + 0xc;
					_v100 = 0x9ffff;
					_v108 = 0x8003;
					_push( &_v44);
					_t192 =  &_v108;
					_push(_t192);
					L004011C2();
					if(_t192 == 0) {
						break;
					}
				}
				goto __ebx;
			}

0x00410b36
0x00410b42
0x00410b4a
0x00410b4d
0x00410b5a
0x00410b63
0x00410b6e
0x00410b71
0x00410b76
0x00410b7b
0x00410b82
0x00410b84
0x00410b84
0x00410b90
0x00410bad
0x00410b92
0x00410b92
0x00410b97
0x00410b9c
0x00410ba1
0x00410ba1
0x00410bd1
0x00410bd5
0x00410bda
0x00410be9
0x00410bef
0x00410bf1
0x00410bf8
0x00410c17
0x00410bfa
0x00410bfa
0x00410bff
0x00410c04
0x00410c07
0x00410c0a
0x00410c0f
0x00410c0f
0x00410c25
0x00410c42
0x00410c27
0x00410c27
0x00410c2c
0x00410c31
0x00410c36
0x00410c36
0x00410c66
0x00410c6a
0x00410c6f
0x00410c7e
0x00410c81
0x00410c83
0x00410c8a
0x00410ca6
0x00410c8c
0x00410c8c
0x00410c8e
0x00410c93
0x00410c96
0x00410c99
0x00410c9e
0x00410c9e
0x00410cb0
0x00410cb6
0x00410cc3
0x00410cd7
0x00410ce0
0x00410cef
0x00410cf4
0x00410cff
0x00410d05
0x00410d07
0x00410d0e
0x00410d2d
0x00410d10
0x00410d10
0x00410d15
0x00410d1a
0x00410d1d
0x00410d20
0x00410d25
0x00410d25
0x00410d34
0x00410d34
0x00410d3b
0x00410d45
0x00410d49
0x00410d4d
0x00410d4e
0x00410d58
0x00410d64
0x00410d81
0x00410d66
0x00410d66
0x00410d6b
0x00410d70
0x00410d75
0x00410d75
0x00410da5
0x00410da9
0x00410dae
0x00410dbd
0x00410dc3
0x00410dc5
0x00410dcc
0x00410deb
0x00410dce
0x00410dce
0x00410dd3
0x00410dd8
0x00410ddb
0x00410dde
0x00410de3
0x00410de3
0x00410df9
0x00410e16
0x00410dfb
0x00410dfb
0x00410e00
0x00410e05
0x00410e0a
0x00410e0a
0x00410e3a
0x00410e3e
0x00410e43
0x00410e52
0x00410e55
0x00410e57
0x00410e5e
0x00410e7a
0x00410e60
0x00410e60
0x00410e62
0x00410e67
0x00410e6a
0x00410e6d
0x00410e72
0x00410e72
0x00410e84
0x00410e8a
0x00410e97
0x00410eab
0x00410eb4
0x00410ebc
0x00410ec0
0x00410ec1
0x00410ec3
0x00410ec8
0x00410ecb
0x00410ed2
0x00410edc
0x00410edd
0x00410ee0
0x00410ee1
0x00410eeb
0x00000000
0x00000000
0x00410eed
0x00410ef7

APIs

__vbaChkstk.MSVBVM60(?,004010F6), ref: 00410B42
__vbaStrCmp.MSVBVM60(004025C4,004025C4,?,?,?,?,004010F6), ref: 00410B7B
__vbaEnd.MSVBVM60(004025C4,004025C4,?,?,?,?,004010F6), ref: 00410B84
__vbaNew2.MSVBVM60(00402868,00412010,004025C4,004025C4,?,?,?,?,004010F6), ref: 00410B9C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00410BD5
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025C8,000000D8), ref: 00410C0A
__vbaNew2.MSVBVM60(00402868,00412010), ref: 00410C31
__vbaObjSet.MSVBVM60(?,00000000), ref: 00410C6A
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025C8,00000048), ref: 00410C99
__vbaStrMove.MSVBVM60(00000000,?,004025C8,00000048), ref: 00410CC3
__vbaFreeStr.MSVBVM60 ref: 00410CE0
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00410CEF
__vbaHresultCheckObj.MSVBVM60(00000000,004010D0,00402318,000002B4), ref: 00410D20
__vbaVarAdd.MSVBVM60(?,00000002,?), ref: 00410D4E
__vbaVarMove.MSVBVM60(?,00000002,?), ref: 00410D58
__vbaNew2.MSVBVM60(00402868,00412010,?,00000002,?,00008003,?), ref: 00410D70
__vbaObjSet.MSVBVM60(?,00000000), ref: 00410DA9
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025C8,000000D8,?,?,?,?,?,?,?,?,00402868,00412010,?,00000002), ref: 00410DDE
__vbaNew2.MSVBVM60(00402868,00412010,00000000,?,004025C8,000000D8,?,?,?,?,?,?,?,?,00402868,00412010), ref: 00410E05
__vbaObjSet.MSVBVM60(?,00000000), ref: 00410E3E
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025C8,00000048,?,?,?,?,?,?,?,?,00402868,00412010,?,00000002), ref: 00410E6D
__vbaStrMove.MSVBVM60(00000000,?,004025C8,00000048,?,?,?,?,?,?,?,?,00402868,00412010,?,00000002), ref: 00410E97
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00402868,00412010,?,00000002,?,00008003,?), ref: 00410EB4
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00410EC3
__vbaVarTstLt.MSVBVM60(00008003,?), ref: 00410EE1

Memory Dump Source

Source File: 00000000.00000002.1275987121.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1275956633.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1276096124.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1276125706.0000000000414000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$Move$List$Chkstk
String ID:
API String ID: 3120471521-0
Opcode ID: 3922f4ff56a653af7c1479233bf25b33eb26b351b8f17ccebb8779fcb78dc54e
Instruction ID: f9dad895ab582cd2081d67aafe8355bbf4183493707c2b1fa5a4b712c2ed9b50
Opcode Fuzzy Hash: 3922f4ff56a653af7c1479233bf25b33eb26b351b8f17ccebb8779fcb78dc54e
Instruction Fuzzy Hash: BEC14D71A00218EFCB10DFA5CD49BDDBBB5BF08304F20416AE509BB2A1DBB99985DF54

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report file

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Sigma Overview

Signature Overview

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: file.exe PID: 6492 Parent PID: 5744

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: file.exe PID: 6492 Parent PID: 5744 file.exeCOMMON

Executed Functions

Function 0040121C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON

Function 004067A8, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 294memoryCOMMON

Function 00406C58, Relevance: 1.7, APIs: 1, Instructions: 408memoryCOMMON

Function 004065A6, Relevance: 1.6, APIs: 1, Instructions: 359memoryCOMMON

Function 0040121C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39
COMMON

Function 00406C09, Relevance: 1.5, APIs: 1, Instructions: 254
memoryCOMMON