Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Orden de Compra.exe

Overview

General Information

Sample Name:Orden de Compra.exe
Analysis ID:383316
MD5:e6dcf6b66b611ffb7d2bc1a8045bf41f
SHA1:7b3871b1b077f764175c6d387e846372128a89ee
SHA256:280e118484090c0a9788dcad52f37995822757f44d230c9ff042c3507d8e20a3
Infos:

Most interesting Screenshot:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Found large amount of non-executed APIs
PE file contains an invalid checksum
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • Orden de Compra.exe (PID: 6532 cmdline: 'C:\Users\user\Desktop\Orden de Compra.exe' MD5: E6DCF6B66B611FFB7D2BC1A8045BF41F)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: Orden de Compra.exeVirustotal: Detection: 48%Perma Link
Source: Orden de Compra.exeReversingLabs: Detection: 10%
Machine Learning detection for sampleShow sources
Source: Orden de Compra.exeJoe Sandbox ML: detected
Source: Orden de Compra.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\Orden de Compra.exeProcess Stats: CPU usage > 98%
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00408F7E1_2_00408F7E
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040904E1_2_0040904E
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040942F1_2_0040942F
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004090D11_2_004090D1
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004091581_2_00409158
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040D5E21_2_0040D5E2
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004095E71_2_004095E7
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040959E1_2_0040959E
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004096721_2_00409672
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004092D31_2_004092D3
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004096FD1_2_004096FD
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040931B1_2_0040931B
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004097961_2_00409796
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_004093A01_2_004093A0
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00408FBB1_2_00408FBB
Source: Orden de Compra.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Orden de Compra.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Orden de Compra.exe, 00000001.00000002.1048423132.0000000002260000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Orden de Compra.exe
Source: Orden de Compra.exe, 00000001.00000000.649686134.0000000000416000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameGulvhoejde9.exe vs Orden de Compra.exe
Source: Orden de Compra.exeBinary or memory string: OriginalFilenameGulvhoejde9.exe vs Orden de Compra.exe
Source: Orden de Compra.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engineClassification label: mal64.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Orden de Compra.exeFile created: C:\Users\user\AppData\Local\Temp\~DF03F3B1BA238AA763.TMPJump to behavior
Source: Orden de Compra.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Orden de Compra.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
Source: C:\Users\user\Desktop\Orden de Compra.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Orden de Compra.exeVirustotal: Detection: 48%
Source: Orden de Compra.exeReversingLabs: Detection: 10%
Source: Orden de Compra.exeStatic PE information: real checksum: 0x267f4 should be: 0x2673a
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00402027 push ss; ret 1_2_0040204C
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00404569 push FFFFFFCDh; ret 1_2_004046DC
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040753C push ebx; ret 1_2_0040753E
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040D5E2 pushfd ; iretd 1_2_0040D812
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00404671 push FFFFFFCDh; ret 1_2_004046DC
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040BA18 push 7600FFCEh; iretd 1_2_0040BA1D
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_0040DAC0 push ss; ret 1_2_0040DAC7
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00407AF1 push FFFFFF85h; ret 1_2_00407AF3
Source: C:\Users\user\Desktop\Orden de Compra.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000465B81 second address: 0000000000465B81 instructions:
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000463395 second address: 0000000000463395 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F2E6436BD88h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cld 0x0000001e pop ecx 0x0000001f add edi, edx 0x00000021 jmp 00007F2E6436BD9Ah 0x00000023 cmp bx, dx 0x00000026 dec ecx 0x00000027 cmp ecx, 00000000h 0x0000002a jne 00007F2E6436BD50h 0x0000002c test al, cl 0x0000002e push ecx 0x0000002f test bl, FFFFFFB4h 0x00000032 call 00007F2E6436BDDDh 0x00000037 call 00007F2E6436BD98h 0x0000003c lfence 0x0000003f mov edx, dword ptr [7FFE0014h] 0x00000045 lfence 0x00000048 ret 0x00000049 mov esi, edx 0x0000004b pushad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000463468 second address: 00000000004635BF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a test ch, dh 0x0000000c xor edi, edi 0x0000000e cmp cl, cl 0x00000010 cld 0x00000011 mov ecx, 000186A0h 0x00000016 push ecx 0x00000017 jmp 00007F2E6436BD9Ah 0x00000019 cmp bx, 495Bh 0x0000001e cmp eax, eax 0x00000020 call 00007F2E6436BE16h 0x00000025 call 00007F2E6436BE06h 0x0000002a lfence 0x0000002d rdtsc
Tries to detect virtualization through RDTSC time measurementsShow sources
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 000000000046054A second address: 0000000000465F85 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b push 2D9CC76Ch 0x00000010 test dl, dl 0x00000012 test bl, cl 0x00000014 test eax, eax 0x00000016 call 00007F2E64371D9Bh 0x0000001b cmp edi, 0DCBE3ACh 0x00000021 cmp ecx, edx 0x00000023 cmp edx, edx 0x00000025 jmp 00007F2E6436C3BAh 0x00000027 pushad 0x00000028 mov ebx, 000000C5h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000465B81 second address: 0000000000465B81 instructions:
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000463395 second address: 0000000000463395 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F2E6436BD88h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cld 0x0000001e pop ecx 0x0000001f add edi, edx 0x00000021 jmp 00007F2E6436BD9Ah 0x00000023 cmp bx, dx 0x00000026 dec ecx 0x00000027 cmp ecx, 00000000h 0x0000002a jne 00007F2E6436BD50h 0x0000002c test al, cl 0x0000002e push ecx 0x0000002f test bl, FFFFFFB4h 0x00000032 call 00007F2E6436BDDDh 0x00000037 call 00007F2E6436BD98h 0x0000003c lfence 0x0000003f mov edx, dword ptr [7FFE0014h] 0x00000045 lfence 0x00000048 ret 0x00000049 mov esi, edx 0x0000004b pushad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000463437 second address: 0000000000463468 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 jmp 00007F2E6439AACAh 0x00000005 test cx, dx 0x00000008 mov dword ptr [ebp+0000009Ch], 00000000h 0x00000012 test esi, 206C76DAh 0x00000018 pushad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 0000000000463468 second address: 00000000004635BF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a test ch, dh 0x0000000c xor edi, edi 0x0000000e cmp cl, cl 0x00000010 cld 0x00000011 mov ecx, 000186A0h 0x00000016 push ecx 0x00000017 jmp 00007F2E6436BD9Ah 0x00000019 cmp bx, 495Bh 0x0000001e cmp eax, eax 0x00000020 call 00007F2E6436BE16h 0x00000025 call 00007F2E6436BE06h 0x0000002a lfence 0x0000002d rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeRDTSC instruction interceptor: First address: 00000000004635BF second address: 00000000004635BF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F2E6439D736h 0x0000001d popad 0x0000001e jmp 00007F2E6439AACAh 0x00000020 cmp bx, ax 0x00000023 call 00007F2E6439AB01h 0x00000028 lfence 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00408F7E rdtsc 1_2_00408F7E
Source: C:\Users\user\Desktop\Orden de Compra.exeAPI coverage: 9.3 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)Show sources
Source: C:\Users\user\Desktop\Orden de Compra.exeProcess Stats: CPU usage > 90% for more than 60s
Source: C:\Users\user\Desktop\Orden de Compra.exeCode function: 1_2_00408F7E rdtsc 1_2_00408F7E
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: Orden de Compra.exe, 00000001.00000002.1048376638.0000000000DC0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: Orden de Compra.exe, 00000001.00000002.1048376638.0000000000DC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: Orden de Compra.exe, 00000001.00000002.1048376638.0000000000DC0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: Orden de Compra.exe, 00000001.00000002.1048376638.0000000000DC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11OS Credential DumpingSecurity Software Discovery31Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery21Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Orden de Compra.exe49%VirustotalBrowse
Orden de Compra.exe10%ReversingLabsWin32.Worm.GenericML
Orden de Compra.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:383316
Start date:07.04.2021
Start time:16:23:43
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 58s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:Orden de Compra.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:Run with higher sleep bypass
Number of analysed new started processes analysed:18
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal64.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 96.1% (good quality ratio 38.6%)
  • Quality average: 20.6%
  • Quality standard deviation: 28.6%
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Sleeps bigger than 120000ms are automatically reduced to 1000ms
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):5.606827135921854
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.15%
  • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Orden de Compra.exe
File size:110592
MD5:e6dcf6b66b611ffb7d2bc1a8045bf41f
SHA1:7b3871b1b077f764175c6d387e846372128a89ee
SHA256:280e118484090c0a9788dcad52f37995822757f44d230c9ff042c3507d8e20a3
SHA512:93f10041774b09d0789c388c1fb1c6643e573efae1a68937c6fdb323d01b535ab6585b64badd43ec095d74573ff8d3ad887788a02d0732b928bfc4318571c10b
SSDEEP:1536:e5+vV32eex7a2I2vL2M/FPVm9vscwkpKcWe7yPVm9vDd2Mf2v:eo932eQk8Vmz/pr17uVmy
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......Y.................0...................@....@................

File Icon

Icon Hash:c0c6f2e0e4fefe3f

Static PE Info

General

Entrypoint:0x4013e8
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:0x59D2AEA6 [Mon Oct 2 21:24:54 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:d1ed0dda3501483d16a7ad09b76f3b08

Entrypoint Preview

Instruction
push 00411024h
call 00007F2E6481AC33h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dh, dl
cmp al, B9h
jnc 00007F2E6481AC8Eh
in al, 4Fh
dec esp
call far B6B4h : 1BC6E520h
add dword ptr [eax], 00000000h
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [ecx+00h], al
push es
push eax
xchg eax, ebx
add al, byte ptr [ebx+41h]
dec esi
dec ecx
inc ebx
dec eax
inc ecx
dec esi
inc ecx
add byte ptr [eax], al
add byte ptr [edx+ebp+000002FFh], ah
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
or ebp, dword ptr [esi-683F24C6h]
adc ebp, edx
inc ebp
mov bh, byte ptr [eax+13h]
retf D69Dh
jl 00007F2E6481AC42h
cmp eax, EBFEFE9Fh
movsd
jnl 00007F2E6481AC8Bh
mov seg?, word ptr [ebx+ecx+00718674h]
aam 3Ah
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov ebx, edi
add byte ptr [eax], al
test al, F9h
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [ecx+edi*2+74h], ch
je 00007F2E6481ACA7h
jc 00007F2E6481ACB0h
add byte ptr [41000B01h], cl
insb
je 00007F2E6481ACAFh
outsd
imul eax, dword ptr fs:[eax], 00000000h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x134e40x28.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x5c42.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
IMAGE_DIRECTORY_ENTRY_IAT0x10000x108.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1298c0x13000False0.421450966283data6.01111486713IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data0x140000x117c0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x160000x5c420x6000False0.360026041667data5.27238648737IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
RT_ICON0x1ad9a0xea8data
RT_ICON0x1a4f20x8a8data
RT_ICON0x19f8a0x568GLS_BINARY_LSB_FIRST
RT_ICON0x179e20x25a8dBase III DBT, version number 0, next free block index 40
RT_ICON0x1693a0x10a8data
RT_ICON0x164d20x468GLS_BINARY_LSB_FIRST
RT_GROUP_ICON0x164780x5adata
RT_VERSION0x161e00x298dataGuaraniParaguay

Imports

DLLImport
MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLineInputStr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaLateMemCall, __vbaVarAdd, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

DescriptionData
Translation0x0474 0x04b0
InternalNameGulvhoejde9
FileVersion1.00
CompanyNamePana-sonic
CommentsPana-sonic
ProductNamePana-sonic
ProductVersion1.00
FileDescriptionPana-sonic
OriginalFilenameGulvhoejde9.exe

Possible Origin

Language of compilation systemCountry where language is spokenMap
GuaraniParaguay

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: Orden de Compra.exe PID: 6532 Parent PID: 6016

General

Start time:16:24:58
Start date:07/04/2021
Path:C:\Users\user\Desktop\Orden de Compra.exe
Wow64 process (32bit):true
Commandline:'C:\Users\user\Desktop\Orden de Compra.exe'
Imagebase:0x400000
File size:110592 bytes
MD5 hash:E6DCF6B66B611FFB7D2BC1A8045BF41F
Has elevated privileges:true
Has administrator privileges:true
Programmed in:Visual Basic
Reputation:low

Chronological Activities

Disassembly

Code Analysis

Reset < >

    Analysis Process: Orden de Compra.exe PID: 6532 Parent PID: 6016 Orden de Compra.exeCOMMON

    Execution Graph

    Execution Coverage:0.6%
    Dynamic/Decrypted Code Coverage:2.6%
    Signature Coverage:2.6%
    Total number of Nodes:117
    Total number of Limit Nodes:3

    Graph

    execution_graph 3102 412744 __vbaChkstk 3103 412784 #648 __vbaFreeVar __vbaStrCmp 3102->3103 3104 4127c4 #645 __vbaStrMove __vbaStrCmp __vbaFreeStr 3103->3104 3105 4127ba __vbaFreeStr __vbaFreeVar 3103->3105 3104->3105 3106 412813 __vbaFileOpen 3104->3106 3108 412824 #571 3106->3108 3109 412833 __vbaLineInputStr __vbaChkstk __vbaObjVar __vbaLateMemCall 3108->3109 3110 412878 __vbaFileClose #598 3108->3110 3109->3108 3110->3105 3014 401217 __vbaExceptHandler 2972 4128dc __vbaChkstk 2973 412930 _CIsin __vbaFpR8 2972->2973 2974 412955 __vbaVarDup #600 __vbaFreeVar 2973->2974 2975 412998 #612 __vbaStrVarMove __vbaStrMove __vbaFreeVar 2973->2975 2974->2975 2976 4129df __vbaStrCopy 2975->2976 2977 412a42 __vbaFreeStr 2976->2977 2978 412a85 2977->2978 2979 412a94 __vbaHresultCheckObj 2978->2979 2980 412ab4 2978->2980 2979->2980 2981 412b69 2980->2981 2982 412b49 __vbaHresultCheckObj 2980->2982 2983 412b70 __vbaOnError 2981->2983 2982->2983 2984 412ba5 2983->2984 2985 412bd6 2984->2985 2986 412bb6 __vbaHresultCheckObj 2984->2986 2987 412c29 2985->2987 2988 412c09 __vbaHresultCheckObj 2985->2988 2986->2985 2989 412c30 __vbaVarMove 2987->2989 2988->2989 2990 412c57 __vbaVarAdd __vbaVarMove __vbaVarTstLt 2989->2990 2991 412cbc 2990->2991 2992 412cbe __vbaFreeVar __vbaFreeVar __vbaFreeStr 2990->2992 2991->2990 3015 413220 __vbaChkstk __vbaR8Str 3016 413262 __vbaFpI4 3015->3016 3017 4132cf #536 __vbaStrMove __vbaFreeVar 3015->3017 3019 4132a6 3016->3019 3018 413309 __vbaFreeStr 3017->3018 3020 4132b1 __vbaHresultCheckObj 3019->3020 3021 4132cb 3019->3021 3020->3017 3021->3017 3147 413325 __vbaChkstk 3148 413365 __vbaR8Str 3147->3148 3149 4133e3 3148->3149 3150 41337a __vbaFpI4 3148->3150 3151 4133f0 __vbaNew2 3149->3151 3154 413408 3149->3154 3152 4133be 3150->3152 3151->3154 3152->3149 3153 4133c9 __vbaHresultCheckObj 3152->3153 3153->3149 3155 413431 __vbaHresultCheckObj 3154->3155 3156 413448 3154->3156 3155->3156 3157 413489 3156->3157 3158 41346f __vbaHresultCheckObj 3156->3158 3159 41348d __vbaFreeObj 3157->3159 3158->3159 3160 4134b4 3159->3160 3076 412ea4 __vbaChkstk __vbaAryConstruct2 3077 412ef1 __vbaGenerateBoundsError 3076->3077 3078 412eeb 3076->3078 3077->3078 3079 412f11 3078->3079 3080 412f17 __vbaGenerateBoundsError 3078->3080 3081 412f1f #684 __vbaFpR8 3079->3081 3080->3081 3082 413020 _CIcos __vbaFpR8 3081->3082 3083 412f58 3081->3083 3084 4130ab __vbaAryDestruct 3082->3084 3085 413037 __vbaChkstk __vbaChkstk 3082->3085 3086 412f61 __vbaNew2 3083->3086 3087 412f79 3083->3087 3089 413083 3085->3089 3086->3087 3091 412fa2 __vbaHresultCheckObj 3087->3091 3092 412fb9 3087->3092 3089->3084 3090 41308e __vbaHresultCheckObj 3089->3090 3090->3084 3093 412fbd __vbaChkstk 3091->3093 3092->3093 3094 412ff2 3093->3094 3095 413014 3094->3095 3096 412ffd __vbaHresultCheckObj 3094->3096 3097 413018 __vbaFreeObj 3095->3097 3096->3097 3097->3082 2970 4013e8 #100 2971 401409 2970->2971 3193 4077ab 3194 412ef8 3193->3194 3195 412f11 3194->3195 3196 412f17 __vbaGenerateBoundsError 3194->3196 3197 412f1f #684 __vbaFpR8 3195->3197 3196->3197 3198 413020 _CIcos __vbaFpR8 3197->3198 3199 412f58 3197->3199 3200 4130ab __vbaAryDestruct 3198->3200 3201 413037 __vbaChkstk __vbaChkstk 3198->3201 3202 412f61 __vbaNew2 3199->3202 3203 412f79 3199->3203 3205 413083 3201->3205 3202->3203 3207 412fa2 __vbaHresultCheckObj 3203->3207 3208 412fb9 3203->3208 3205->3200 3206 41308e __vbaHresultCheckObj 3205->3206 3206->3200 3209 412fbd __vbaChkstk 3207->3209 3208->3209 3210 412ff2 3209->3210 3211 413014 3210->3211 3212 412ffd __vbaHresultCheckObj 3210->3212 3213 413018 __vbaFreeObj 3211->3213 3212->3213 3213->3198 3058 4130f7 __vbaChkstk 3059 413139 __vbaLenBstrB 3058->3059 3060 413148 __vbaVarDup #595 __vbaFreeVarList 3059->3060 3061 4131bc #516 3059->3061 3060->3061 3062 4131cc 3061->3062 2967 40a638 2968 40a61f VirtualAlloc 2967->2968 2969 40a63b 2967->2969 2968->2969 3161 412d3c __vbaChkstk _CIsqrt __vbaFpR8 3162 412dbc 3161->3162 3163 412d84 3161->3163 3164 412e6e 3162->3164 3165 412dd3 __vbaNew2 3162->3165 3166 412deb 3162->3166 3163->3162 3167 412da2 __vbaHresultCheckObj 3163->3167 3165->3166 3168 412e14 __vbaHresultCheckObj 3166->3168 3169 412e2b 3166->3169 3167->3162 3168->3169 3170 412e62 3169->3170 3171 412e4b __vbaHresultCheckObj 3169->3171 3172 412e66 __vbaFreeObj 3170->3172 3171->3172 3172->3164 3127 408f7e 3128 408f83 VirtualAlloc 3127->3128 3130 40a690 3128->3130

    Executed Functions

    Function 00408FBB, Relevance: 53.5, APIs: 1, Strings: 34, Instructions: 1030memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 408fbb-4090b9 3 4090bc-409266 0->3 7 40926c-409b73 3->7 24 409b79-409c2b 7->24 26 409c2d-409ca8 24->26 28 409ca9-409dc8 26->28 28->24 31 409dce-40ad05 VirtualAlloc 28->31 60 40ad0b-40b061 call 40b209 31->60 69 40b067-40b182 60->69
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$:$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$?$A$E$G$I$R$\$a$i$o$r$t$u
    • API String ID: 4275171209-2966295443
    • Opcode ID: ce8acc36ed70dc2d806e87205e687a915ac75bc64f8ed2b6e37d889c84223757
    • Instruction ID: 1650b55689ca0a13c78a3c9555cc28ba18a27b36c8dc1973274ea5b8103b4a98
    • Opcode Fuzzy Hash: ce8acc36ed70dc2d806e87205e687a915ac75bc64f8ed2b6e37d889c84223757
    • Instruction Fuzzy Hash: 4852CB81E2A30689FFB22060C5D076D6641DF16381F318F3BD865F59E2BA2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00408F7E, Relevance: 29.5, APIs: 1, Strings: 18, Instructions: 1026memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 102 408f7e-4090b9 106 4090bc-409266 102->106 110 40926c-409b73 106->110 127 409b79-409c2b 110->127 129 409c2d-409ca8 127->129 131 409ca9-409dc8 129->131 131->127 134 409dce-40ad05 VirtualAlloc 131->134 163 40ad0b-40b061 call 40b209 134->163 172 40b067-40b182 163->172
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$:$?$A$E$G$I$R$\$a$i$o$r$t$t$u
    • API String ID: 4275171209-815383331
    • Opcode ID: 355ba4e2ad0bf1f915cbdfb5ef882db667d6e71a45ece485e863f413dd7aaecf
    • Instruction ID: afe93c4d8a91a3d6f3e3a3ae6f82f471b8f0ecc7bfe02613b3098a1329017235
    • Opcode Fuzzy Hash: 355ba4e2ad0bf1f915cbdfb5ef882db667d6e71a45ece485e863f413dd7aaecf
    • Instruction Fuzzy Hash: DF52CB81E2A30689FFB32060C5D076D6641DF16381F318F3BD865F59E2AA2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040904E, Relevance: 28.0, APIs: 1, Strings: 17, Instructions: 1040memoryCOMMONCrypto
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 175 40904e-4090b9 176 4090bc-409266 175->176 180 40926c-409b73 176->180 197 409b79-409c2b 180->197 199 409c2d-409ca8 197->199 201 409ca9-409dc8 199->201 201->197 204 409dce-40ad05 VirtualAlloc 201->204 233 40ad0b-40b061 call 40b209 204->233 242 40b067-40b182 233->242
    C-Code - Quality: 35%
    			E0040904E(signed int __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, signed long long __fp0) {
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t232;
				intOrPtr _t238;
				void* _t242;
				void* _t246;
				void* _t249;
				signed char _t256;
				signed char _t257;
				signed char _t258;
				signed char _t259;
				signed char _t260;
				signed char _t261;
				signed char _t262;
				signed char _t263;
				signed char _t264;
				signed char _t265;
				signed char _t266;
				signed char _t267;
				signed char _t268;
				signed char _t269;
				signed char _t270;
				signed char _t271;
				signed char _t272;
				signed char _t273;
				signed char _t274;
				signed char _t275;
				signed char _t276;
				signed char _t277;
				signed char _t278;
				signed char _t279;
				signed char _t280;
				signed char _t281;
				signed char _t282;
				signed char _t283;
				signed char _t284;
				signed char _t285;
				signed char _t286;
				signed char _t287;
				signed char _t288;
				signed char _t289;
				signed char _t290;
				signed char _t291;
				signed char _t292;
				signed char _t293;
				signed char _t294;
				signed char _t295;
				void* _t303;
				void* _t305;
				void* _t306;
				void* _t307;
				signed long long _t722;
				void* _t723;
				signed long long _t725;
				void* _t726;
				signed long long _t727;
				signed long long _t729;
				void* _t730;
				void* _t731;

				_t722 = __fp0;
				_t305 = __esi;
				_t303 = __edi;
				_t249 = __ecx;
				_t242 = __ebx;
				_t190 = __eax / __eax;
				_t256 = __eax % __eax;
				_t191 = _t190 / _t256;
				_t257 = _t190 % _t256;
				_t192 = _t191 / _t257;
				_t258 = _t191 % _t257;
				_t193 = _t192 / _t258;
				_t259 = _t192 % _t258;
				_t194 = _t193 / _t259;
				_t260 = _t193 % _t259;
				_t195 = _t194 / _t260;
				_t261 = _t194 % _t260;
				_t196 = _t195 / _t261;
				_t262 = _t195 % _t261;
				_t197 = _t196 / _t262;
				_t263 = _t196 % _t262;
				_t198 = _t197 / _t263;
				_t264 = _t197 % _t263;
				_t199 = _t198 / _t264;
				_t265 = _t198 % _t264;
				_t200 = _t199 / _t265;
				_t266 = _t199 % _t265;
				_t201 = _t200 / _t266;
				_t267 = _t200 % _t266;
				_t202 = _t201 / _t267;
				_t268 = _t201 % _t267;
				_t203 = _t202 / _t268;
				_t269 = _t202 % _t268;
				_t204 = _t203 / _t269;
				_t270 = _t203 % _t269;
				_t205 = _t204 / _t270;
				_t271 = _t204 % _t270;
				_t206 = _t205 / _t271;
				_t272 = _t205 % _t271;
				_t207 = _t206 / _t272;
				_t273 = _t206 % _t272;
				_t208 = _t207 / _t273;
				_t274 = _t207 % _t273;
				_t209 = _t208 / _t274;
				_t275 = _t208 % _t274;
				_t210 = _t209 / _t275;
				_t276 = _t209 % _t275;
				_t211 = _t210 / _t276;
				_t277 = _t210 % _t276;
				_t212 = _t211 / _t277;
				_t278 = _t211 % _t277;
				_t213 = _t212 / _t278;
				_t279 = _t212 % _t278;
				_t214 = _t213 / _t279;
				_t280 = _t213 % _t279;
				_t215 = _t214 / _t280;
				_t281 = _t214 % _t280;
				_t216 = _t215 / _t281;
				_t282 = _t215 % _t281;
				_t217 = _t216 / _t282;
				_t283 = _t216 % _t282;
				_t218 = _t217 / _t283;
				_t284 = _t217 % _t283;
				_t219 = _t218 / _t284;
				_t285 = _t218 % _t284;
				_t220 = _t219 / _t285;
				_t286 = _t219 % _t285;
				_t221 = _t220 / _t286;
				_t287 = _t220 % _t286;
				_t222 = _t221 / _t287;
				_t288 = _t221 % _t287;
				_t223 = _t222 / _t288;
				_t289 = _t222 % _t288;
				_t224 = _t223 / _t289;
				_t290 = _t223 % _t289;
				_t225 = _t224 / _t290;
				_t291 = _t224 % _t290;
				_t226 = _t225 / _t291;
				_t292 = _t225 % _t291;
				_t227 = _t226 / _t292;
				_t293 = _t226 % _t292;
				_t228 = _t227 / _t293;
				_t294 = _t227 % _t293;
				_t229 = _t228 / _t294;
				_t295 = _t228 % _t294;
				_t230 = _t229 / _t295;
				_t232 = _t229 / _t295 / _t229 % _t295 / _t230 % _t229 % _t295;
				do {
					_t303 = _t303 + 1;
					asm("fsincos");
					_t723 = _t722 + st0;
					asm("pause");
					asm("fsqrt");
					asm("paddd mm1, mm5");
					asm("fchs");
					asm("rdtsc");
					asm("fsin");
					asm("faddp st1, st0");
					asm("punpckldq mm6, mm1");
					asm("fcos");
					asm("movd xmm0, edi");
					asm("fdecstp");
					asm("punpckldq xmm1, xmm4");
					_t722 = _t723 + st4;
					asm("fsubp st1, st0");
					asm("fclex");
					asm("paddb mm6, mm2");
					asm("emms");
					asm("pmaddwd xmm4, xmm1");
					asm("fucom st1");
					asm("punpcklwd mm2, mm0");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
				} while (_t303 != 0x2eaff40);
				asm("fdivr st3, st0");
				asm("psrlq xmm0, 0xd6");
				asm("pcmpgtd mm1, mm5");
				asm("paddw mm3, mm1");
				asm("paddd mm3, mm2");
				asm("ftst");
				asm("pcmpgtb xmm5, xmm5");
				asm("punpckhbw xmm0, xmm2");
				 *((intOrPtr*)(_t242 - 0x77ca305)) =  *((intOrPtr*)(_t242 - 0x77ca305)) + _t232;
				asm("fprem");
				asm("paddsb xmm7, xmm7");
				asm("psrlw xmm1, 0xfe");
				asm("pcmpgtb xmm0, xmm4");
				asm("fxtract");
				asm("punpckhwd mm7, mm2");
				asm("fabs");
				_t725 = _t722 / st6 * st0;
				asm("fsincos");
				_t726 = _t725 + st0;
				asm("pause");
				asm("fsqrt");
				asm("paddd mm1, mm5");
				asm("fchs");
				asm("fsin");
				asm("faddp st1, st0");
				asm("punpckldq mm6, mm1");
				asm("fcos");
				asm("movd xmm0, edi");
				asm("fdecstp");
				asm("punpckldq xmm1, xmm4");
				_t727 = _t726 + st4;
				asm("fsubp st1, st0");
				asm("fclex");
				asm("paddb mm6, mm2");
				asm("emms");
				asm("pmaddwd xmm4, xmm1");
				_t306 = _t305;
				asm("fucom st1");
				asm("punpcklwd mm2, mm0");
				asm("fdivr st3, st0");
				asm("psrlq xmm0, 0xd6");
				asm("pcmpgtd mm1, mm5");
				asm("paddw mm3, mm1");
				asm("paddd mm3, mm2");
				asm("ftst");
				asm("pcmpgtb xmm5, xmm5");
				asm("punpckhbw xmm0, xmm2");
				asm("fprem");
				asm("paddsb xmm7, xmm7");
				asm("psrlw xmm1, 0xfe");
				asm("pcmpgtb xmm0, xmm4");
				asm("fxtract");
				asm("punpckhwd mm7, mm2");
				asm("fabs");
				_t729 = _t727 / st6 * st0;
				asm("fsincos");
				_t730 = _t729 + st0;
				asm("pause");
				asm("fsqrt");
				asm("paddd mm1, mm5");
				asm("fchs");
				_t238 =  *0x00401004;
				asm("fsin");
				asm("faddp st1, st0");
				asm("punpckldq mm6, mm1");
				asm("fcos");
				asm("movd xmm0, edi");
				asm("fdecstp");
				asm("punpckldq xmm1, xmm4");
				_t731 = _t730 + st4;
				asm("fsubp st1, st0");
				asm("fclex");
				asm("paddb mm6, mm2");
				asm("emms");
				asm("pmaddwd xmm4, xmm1");
				_t307 = _t306;
				asm("fucom st1");
				asm("punpcklwd mm2, mm0");
				asm("fdivr st5, st0");
				asm("fclex");
				asm("pandn xmm4, xmm0");
				asm("fldl2t");
				asm("fdivp st2, st0");
				asm("packsswb mm2, mm3");
				asm("psrld mm1, 0xd3");
				asm("movq xmm2, xmm5");
				asm("pcmpgtb xmm4, xmm0");
				asm("fldlg2");
				asm("fpatan");
				asm("psrld mm2, 0x54");
				asm("punpcklbw xmm6, xmm4");
				asm("pmaddwd xmm3, xmm4");
				asm("faddp st1, st0");
				asm("paddw mm1, mm5");
				asm("pmaddwd mm1, mm2");
				asm("psubsw xmm6, xmm3");
				_t246 = 0x71fe6a;
			}




































































































    0x0040904e
    0x0040904e
    0x0040904e
    0x0040904e
    0x0040904e
    0x00409051
    0x00409051
    0x00409053
    0x00409053
    0x00409055
    0x00409055
    0x00409057
    0x00409057
    0x00409059
    0x00409059
    0x0040905b
    0x0040905b
    0x0040905d
    0x0040905d
    0x0040905f
    0x0040905f
    0x00409061
    0x00409061
    0x00409063
    0x00409063
    0x00409065
    0x00409065
    0x00409067
    0x00409067
    0x00409069
    0x00409069
    0x0040906b
    0x0040906b
    0x0040906d
    0x0040906d
    0x0040906f
    0x0040906f
    0x00409071
    0x00409071
    0x00409073
    0x00409073
    0x00409075
    0x00409075
    0x00409077
    0x00409077
    0x00409079
    0x00409079
    0x0040907b
    0x0040907b
    0x0040907d
    0x0040907d
    0x0040907f
    0x0040907f
    0x00409081
    0x00409081
    0x00409083
    0x00409083
    0x00409085
    0x00409085
    0x00409087
    0x00409087
    0x00409089
    0x00409089
    0x0040908b
    0x0040908b
    0x0040908d
    0x0040908d
    0x0040908f
    0x0040908f
    0x00409091
    0x00409091
    0x00409093
    0x00409093
    0x00409095
    0x00409095
    0x00409097
    0x00409097
    0x00409099
    0x00409099
    0x0040909b
    0x0040909b
    0x0040909d
    0x0040909d
    0x0040909f
    0x0040909f
    0x004090a1
    0x004090a5
    0x004090bc
    0x004090bc
    0x004090c2
    0x004090c4
    0x004090c6
    0x004090c8
    0x004090ca
    0x004090cd
    0x00409144
    0x00409146
    0x00409148
    0x0040914a
    0x0040914d
    0x0040914f
    0x00409153
    0x004091d5
    0x004091d9
    0x004091db
    0x004091dd
    0x004091df
    0x004091e2
    0x004091e4
    0x004091ea
    0x004091ec
    0x0040925a
    0x0040925d
    0x00409260
    0x00409263
    0x00409263
    0x0040926c
    0x0040926e
    0x00409273
    0x00409276
    0x00409279
    0x0040927c
    0x0040927e
    0x00409282
    0x004092ea
    0x004092fe
    0x00409300
    0x00409304
    0x00409309
    0x0040930d
    0x00409311
    0x00409314
    0x00409316
    0x00409391
    0x00409393
    0x00409395
    0x00409397
    0x00409399
    0x0040939c
    0x0040941d
    0x0040941f
    0x00409421
    0x00409424
    0x00409426
    0x0040942a
    0x004094a9
    0x004094ad
    0x004094af
    0x004094b1
    0x004094b3
    0x004094b6
    0x004094b8
    0x004094bc
    0x004094be
    0x004094c0
    0x00409538
    0x0040953a
    0x0040953f
    0x00409542
    0x00409545
    0x00409548
    0x0040954a
    0x0040954e
    0x004095cb
    0x004095cd
    0x004095d1
    0x004095d6
    0x004095da
    0x004095de
    0x004095e1
    0x004095e3
    0x00409663
    0x00409665
    0x00409667
    0x00409669
    0x0040966b
    0x0040966e
    0x004096ca
    0x004096ec
    0x004096ee
    0x004096f0
    0x004096f3
    0x004096f5
    0x004096f9
    0x0040977a
    0x0040977e
    0x00409780
    0x00409782
    0x00409784
    0x00409787
    0x00409789
    0x0040978d
    0x0040978f
    0x00409791
    0x0040981b
    0x0040981d
    0x0040981f
    0x00409823
    0x00409825
    0x00409827
    0x0040982a
    0x0040982e
    0x004098ae
    0x004098b2
    0x004098b4
    0x004098b6
    0x004098ba
    0x004098be
    0x004098c2
    0x004098c4
    0x004098c7
    0x004098ca
    0x00409933

    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$:$?$A$E$G$I$R$\$a$i$o$r$t$u
    • API String ID: 4275171209-4155523939
    • Opcode ID: ce19b391a0ad7eb07ad0997d183086faec2ddf790874d79e4bebcfa121f0adc8
    • Instruction ID: ad63b898b46adff4be3712946b8af1dcf0ad50fd6b3b8c2db207a66420feb458
    • Opcode Fuzzy Hash: ce19b391a0ad7eb07ad0997d183086faec2ddf790874d79e4bebcfa121f0adc8
    • Instruction Fuzzy Hash: 9052CC81E2A30689FFB32060C5D076D6641DF16381F318F3BD861F59E2AA2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409158, Relevance: 26.6, APIs: 1, Strings: 16, Instructions: 1057memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 245 409158-40915b 246 4091b3-409266 245->246 248 4090bc-409155 246->248 249 40926c-409b73 246->249 248->246 267 409b79-409c2b 249->267 269 409c2d-409ca8 267->269 271 409ca9-409dc8 269->271 271->267 274 409dce-40ad05 VirtualAlloc 271->274 303 40ad0b-40b061 call 40b209 274->303 312 40b067-40b182 303->312
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$:$?$A$E$G$I$R$\$a$i$o$r$t
    • API String ID: 4275171209-2086174317
    • Opcode ID: b363f31ece8f2f3be750b22b60d7cab47b9c1d946d333356b15d29f24f8d4542
    • Instruction ID: 216bf03cc731eaeb3037f1299339867ef9fbd48b6dbf2b11fc664601e98867d1
    • Opcode Fuzzy Hash: b363f31ece8f2f3be750b22b60d7cab47b9c1d946d333356b15d29f24f8d4542
    • Instruction Fuzzy Hash: 8852BC81E2A30689FFB32160C5D076D6641DF16381F318F3BD861F59E2AA2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004090D1, Relevance: 26.5, APIs: 1, Strings: 16, Instructions: 1026memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 315 4090d1-4090d6 316 40912c-409266 315->316 319 4090bc-4090cf 316->319 320 40926c-409b73 316->320 319->316 337 409b79-409c2b 320->337 339 409c2d-409ca8 337->339 341 409ca9-409dc8 339->341 341->337 344 409dce-40ad05 VirtualAlloc 341->344 373 40ad0b-40b061 call 40b209 344->373 382 40b067-40b182 373->382
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$:$?$A$E$G$I$R$\$a$i$o$r$t
    • API String ID: 4275171209-2086174317
    • Opcode ID: 732db7ac9c85f6311d1b53331892bbbe83622573d17da80aefd407b6c8192e49
    • Instruction ID: fa70e9516f2d7b0d0f6e5f0facd4e16a0a516e73d864fa1651a0159eb86b541d
    • Opcode Fuzzy Hash: 732db7ac9c85f6311d1b53331892bbbe83622573d17da80aefd407b6c8192e49
    • Instruction Fuzzy Hash: B652CC81E2A30689FFB32160C5D076D6641DF16381F318F3BD861F59E2AB2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004092D3, Relevance: 23.4, APIs: 1, Strings: 14, Instructions: 930memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 385 4092d3-409b73 401 409b79-409c2b 385->401 403 409c2d-409ca8 401->403 405 409ca9-409dc8 403->405 405->401 408 409dce-40ad05 VirtualAlloc 405->408 437 40ad0b-40b061 call 40b209 408->437 446 40b067-40b182 437->446
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: %$)$8$?$A$E$G$I$R$\$a$o$r$t
    • API String ID: 4275171209-1218697303
    • Opcode ID: b5c94020b031566fac9cfac9e079a20278c571ad5f4789591d6924065bc49513
    • Instruction ID: 23c7f1df6245adc92c0c322ed81a8ff6c50062df2a99953e18f2adeb249061d3
    • Opcode Fuzzy Hash: b5c94020b031566fac9cfac9e079a20278c571ad5f4789591d6924065bc49513
    • Instruction Fuzzy Hash: C442BD81E2A30689FFB22160C5D076D6641DF16381F318F3BD861F59E2BA2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040931B, Relevance: 20.4, APIs: 1, Strings: 12, Instructions: 930COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 449 40931b-40931d 450 4092ea-409318 449->450 451 40931f 449->451 452 40936f-409b73 450->452 451->452 467 409b79-409c2b 452->467 469 409c2d-409ca8 467->469 471 409ca9-409dc8 469->471 471->467 474 409dce-40ad05 VirtualAlloc 471->474 503 40ad0b-40b061 call 40b209 474->503 512 40b067-40b182 503->512
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID: %$)$8$?$A$E$G$R$a$o$r$t
    • API String ID: 0-3765037557
    • Opcode ID: d5bfbacf0a7e28dbd85722463831f1916d01378db18c0e8d028bd4e831e95dca
    • Instruction ID: 05e7cfee1d9551edb60d2e6e8ccb2ad4c24985786aef3e9cd6389eff27320502
    • Opcode Fuzzy Hash: d5bfbacf0a7e28dbd85722463831f1916d01378db18c0e8d028bd4e831e95dca
    • Instruction Fuzzy Hash: D742CD81E2A30689FFB22160C5D076D6641DF16381F318F3BD861F59E2BB2F89CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040942F, Relevance: 19.0, APIs: 1, Strings: 11, Instructions: 972memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 515 40942f-409b73 529 409b79-409c2b 515->529 531 409c2d-409ca8 529->531 533 409ca9-409dc8 531->533 533->529 536 409dce-40ad05 VirtualAlloc 533->536 565 40ad0b-40b061 call 40b209 536->565 574 40b067-40b182 565->574
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: )$8$?$A$E$G$R$a$o$r$t
    • API String ID: 4275171209-2654555686
    • Opcode ID: 476557598fc41f0660dd473df3a4c178250c86acbc0d5d898ceae1514b2df247
    • Instruction ID: 145998a611ec51c0ef7728e6381b17ba53d283cac9364c03b3dff753ad680c57
    • Opcode Fuzzy Hash: 476557598fc41f0660dd473df3a4c178250c86acbc0d5d898ceae1514b2df247
    • Instruction Fuzzy Hash: DC42BC81E2A30689FFB22160C5D076D6641DF16381F318F3BD861F59E2BB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004093A0, Relevance: 18.9, APIs: 1, Strings: 11, Instructions: 939memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 577 4093a0-409b73 591 409b79-409c2b 577->591 593 409c2d-409ca8 591->593 595 409ca9-409dc8 593->595 595->591 598 409dce-40ad05 VirtualAlloc 595->598 627 40ad0b-40b061 call 40b209 598->627 636 40b067-40b182 627->636
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: )$8$?$A$E$G$R$a$o$r$t
    • API String ID: 4275171209-2654555686
    • Opcode ID: 3602dd6a98064a31ed2bea116081100c17eeb3b4f42d0ee27505093fb0b84ac9
    • Instruction ID: 87e6ed5a703b3bef1208a4d3c2ed363241262ae7691f24f273126c1e45e64f23
    • Opcode Fuzzy Hash: 3602dd6a98064a31ed2bea116081100c17eeb3b4f42d0ee27505093fb0b84ac9
    • Instruction Fuzzy Hash: 0342CD81E2A30689FFB22160C5D076D6641DF16381F318F3BD861F59E2BB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040959E, Relevance: 9.8, APIs: 1, Strings: 5, Instructions: 846memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 639 40959e-409b73 650 409b79-409c2b 639->650 652 409c2d-409ca8 650->652 654 409ca9-409dc8 652->654 654->650 657 409dce-40ad05 VirtualAlloc 654->657 686 40ad0b-40b061 call 40b209 657->686 695 40b067-40b182 686->695
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: E$R$a$r$t
    • API String ID: 4275171209-1571819485
    • Opcode ID: c8f65f5111b643fa23741d218062b21a9cbe81834dad554cf297e864b721f9b6
    • Instruction ID: 17c395a7b5e44090a038120e3da3a1256a892b45b3fdf666993213f8ee6ecc4e
    • Opcode Fuzzy Hash: c8f65f5111b643fa23741d218062b21a9cbe81834dad554cf297e864b721f9b6
    • Instruction Fuzzy Hash: E332BD41E2A30689FFB22160C5D076D6641DF26381F318F3BD861F59E2BB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004095E7, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 872memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 698 4095e7-409b73 709 409b79-409c2b 698->709 711 409c2d-409ca8 709->711 713 409ca9-409dc8 711->713 713->709 716 409dce-40ad05 VirtualAlloc 713->716 745 40ad0b-40b061 call 40b209 716->745 754 40b067-40b182 745->754
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: R$a
    • API String ID: 4275171209-1529123748
    • Opcode ID: d855afa946d1a78cf2eac4c0ad2b4fcd2ba0791b10a18afc24d3f9391e714757
    • Instruction ID: c809b3ff47a63733209a37abb2209bba18218dd90c0a4135c47e5b9eb1bca398
    • Opcode Fuzzy Hash: d855afa946d1a78cf2eac4c0ad2b4fcd2ba0791b10a18afc24d3f9391e714757
    • Instruction Fuzzy Hash: 2432CD41E2A30689FFB22160C5D076D6641DF26381F318F3BD861F59E2BB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409672, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 899memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 782 409672-409b73 792 409b79-409c2b 782->792 794 409c2d-409ca8 792->794 796 409ca9-409dc8 794->796 796->792 799 409dce-40ad05 VirtualAlloc 796->799 828 40ad0b-40b061 call 40b209 799->828 837 40b067-40b182 828->837
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID: R
    • API String ID: 4275171209-1466425173
    • Opcode ID: a6154b2a835530be8fd8447205514f47c00216caf2b2258c06b20bfe9979caf1
    • Instruction ID: 4f7fedc0facf18aa744068baef560213d30adb5ba08c4e88ef002a4e905bceac
    • Opcode Fuzzy Hash: a6154b2a835530be8fd8447205514f47c00216caf2b2258c06b20bfe9979caf1
    • Instruction Fuzzy Hash: A832CC41E2A30689FFB22160C5D076D6641DF27381F318F3BD861F59E2AB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409796, Relevance: 2.1, APIs: 1, Instructions: 870memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: b21665592d28add57b1452760f914bc00d23ad6399bc89856c25c5ceaf9de4e5
    • Instruction ID: c823466a52edbf9e390d6ce2cb571041ddad74beb5e593a6f40471626e2c3b13
    • Opcode Fuzzy Hash: b21665592d28add57b1452760f914bc00d23ad6399bc89856c25c5ceaf9de4e5
    • Instruction Fuzzy Hash: 9222CD41E2A30689FFB22160C5D076E6541DF26381F318F3BD861F59E2BB2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004096FD, Relevance: 2.1, APIs: 1, Instructions: 841memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: e1d32f14151de8fc551f900871db4768b5d18b018be6d0fd30c6848974679417
    • Instruction ID: 1904df499b20bd649782b83be8e642a602cbe091a719b8f3493f7ac7a7986d6e
    • Opcode Fuzzy Hash: e1d32f14151de8fc551f900871db4768b5d18b018be6d0fd30c6848974679417
    • Instruction Fuzzy Hash: C232ED41E2A30689FFB22160C5D076D6641DF27381F318F7BD861F58E2AB2F85CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004128DC, Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 254COMMON
    Download Yara Rule

    Control-flow Graph

    C-Code - Quality: 66%
    			E004128DC(void* __ebx, void* __edi, void* __esi, long long __fp0, signed int _a4, intOrPtr _a20) {
				void* _v3;
				char _v8;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v52;
				char _v68;
				short _v72;
				char _v80;
				short _v84;
				void* _v88;
				long long _v96;
				char _v100;
				char _v104;
				char _v120;
				signed int _v124;
				signed int _v128;
				char _v136;
				char _v140;
				void* _v144;
				char _v148;
				char _v156;
				signed int _v160;
				signed int _v164;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _t144;
				signed int _t166;
				signed int _t177;
				signed int _t182;
				signed int _t188;
				char* _t191;
				char* _t193;
				intOrPtr* _t195;
				char* _t212;
				void* _t218;
				void* _t221;
				intOrPtr _t222;

				_t222 = _t221 - 0x18;
				 *[fs:0x0] = _t222;
				L00401260();
				_v28 = _t222;
				_v24 = 0x401118;
				_v20 = _a4 & 0x00000001;
				_t144 = _a4 & 0xfffffffe;
				_a4 = _t144;
				_v16 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x401266, _t218);
				_v8 = 1;
				_v8 = 2;
				asm("fldz");
				L004012D8();
				L0040137A();
				asm("fcomp qword [0x4011a8]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t144 != 0) {
					_v8 = 3;
					_v8 = 4;
					_v128 = L"Rosenstokkesegedesm";
					_v136 = 8;
					L0040136E();
					_push(2);
					_push( &_v120);
					L00401374();
					_v96 = __fp0;
					L004013C2();
				}
				_v8 = 6;
				L00401362();
				L00401368();
				L004013B6();
				L004013C2();
				_v8 = 7;
				 *((intOrPtr*)( *_a4 + 0x708))(_a4,  &_v156,  &_v120,  &_v120);
				_v80 = _v156;
				_v8 = 8;
				_v140 = 0x3fc5;
				L0040135C();
				_v156 =  *0x4011a0;
				_v80 =  *0x401198;
				 *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v156,  &_v104,  &_v104,  &_v140,  &_v148);
				_v100 = _v148;
				L004013AA();
				_v8 = 9;
				_v148 = 0x76e32;
				_t166 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v148, 0x67c7,  &_v140);
				_v160 = _t166;
				if(_v160 >= 0) {
					_v188 = _v188 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x411740);
					_push(_a4);
					_push(_v160);
					L00401356();
					_v188 = _t166;
				}
				_v72 = _v140;
				_v8 = 0xa;
				 *((intOrPtr*)( *_a4 + 0x710))(_a4);
				_v8 = 0xb;
				_v156 =  *0x401190;
				_v148 = 0x3ac53e;
				_v140 = 0x3fc5;
				_t177 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v140,  &_v148, 0x2802,  &_v156, 0x33164f, 0x5bf3,  &_v144);
				_v160 = _t177;
				if(_v160 >= 0) {
					_v192 = _v192 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x411740);
					_push(_a4);
					_push(_v160);
					L00401356();
					_v192 = _t177;
				}
				_v84 = _v144;
				_v8 = 0xc;
				L00401350();
				_v8 = 0xd;
				_t182 =  *((intOrPtr*)( *_a4 + 0x1b8))(_a4,  &_v140, 0xffffffff);
				asm("fclex");
				_v160 = _t182;
				if(_v160 >= 0) {
					_v196 = _v196 & 0x00000000;
				} else {
					_push(0x1b8);
					_push(0x411710);
					_push(_a4);
					_push(_v160);
					L00401356();
					_v196 = _t182;
				}
				_t188 =  *((intOrPtr*)( *_a4 + 0x1bc))(_a4, 0);
				asm("fclex");
				_v164 = _t188;
				if(_v164 >= 0) {
					_v200 = _v200 & 0x00000000;
				} else {
					_push(0x1bc);
					_push(0x411710);
					_push(_a4);
					_push(_v164);
					L00401356();
					_v200 = _t188;
				}
				_v8 = 0xe;
				_v128 = _v128 & 0x00000000;
				_v124 = _v124 & 0x00000000;
				_v136 = 6;
				L0040134A();
				while(1) {
					_v8 = 0x10;
					_v128 = 1;
					_v136 = 2;
					_push( &_v68);
					_push( &_v136);
					_t191 =  &_v120;
					_push(_t191);
					L00401344();
					_t212 = _t191;
					L0040134A();
					_v8 = 0x11;
					_v128 = 0x2ffff;
					_v136 = 0x8003;
					_push( &_v68);
					_t193 =  &_v136;
					_push(_t193);
					L0040133E();
					if(_t193 == 0) {
						break;
					}
				}
				_v8 = 0x14;
				_v128 = 0xff8ac22f;
				do {
					_t212 = _t212 + 1;
				} while (_t212 != 0xffcbeef7);
				_a20 = _t212 + 0x74a08d;
				_t195 = _a20();
				asm("out 0xfe, al");
				asm("lock add [eax], al");
				 *_t195 =  *_t195 + _t195;
				asm("wait");
				_push(0x412d1d);
				L004013C2();
				L004013C2();
				L004013AA();
				return _t195;
			}












































    0x004128df
    0x004128ee
    0x004128fa
    0x00412902
    0x00412905
    0x00412912
    0x00412918
    0x0041291b
    0x0041291e
    0x0041292d
    0x00412930
    0x00412937
    0x0041293e
    0x00412940
    0x00412945
    0x0041294a
    0x00412950
    0x00412952
    0x00412953
    0x00412955
    0x0041295c
    0x00412963
    0x0041296a
    0x0041297d
    0x00412982
    0x00412987
    0x00412988
    0x0041298d
    0x00412993
    0x00412993
    0x00412998
    0x004129a3
    0x004129ac
    0x004129b6
    0x004129be
    0x004129c3
    0x004129d9
    0x004129e5
    0x004129e8
    0x004129ef
    0x00412a00
    0x00412a0b
    0x00412a26
    0x00412a3c
    0x00412a48
    0x00412a4e
    0x00412a53
    0x00412a5a
    0x00412a7f
    0x00412a85
    0x00412a92
    0x00412ab4
    0x00412a94
    0x00412a94
    0x00412a99
    0x00412a9e
    0x00412aa1
    0x00412aa7
    0x00412aac
    0x00412aac
    0x00412ac2
    0x00412ac6
    0x00412ad5
    0x00412adb
    0x00412ae8
    0x00412aee
    0x00412af8
    0x00412b34
    0x00412b3a
    0x00412b47
    0x00412b69
    0x00412b49
    0x00412b49
    0x00412b4e
    0x00412b53
    0x00412b56
    0x00412b5c
    0x00412b61
    0x00412b61
    0x00412b77
    0x00412b7b
    0x00412b84
    0x00412b89
    0x00412b9f
    0x00412ba5
    0x00412ba7
    0x00412bb4
    0x00412bd6
    0x00412bb6
    0x00412bb6
    0x00412bbb
    0x00412bc0
    0x00412bc3
    0x00412bc9
    0x00412bce
    0x00412bce
    0x00412bf2
    0x00412bf8
    0x00412bfa
    0x00412c07
    0x00412c29
    0x00412c09
    0x00412c09
    0x00412c0e
    0x00412c13
    0x00412c16
    0x00412c1c
    0x00412c21
    0x00412c21
    0x00412c30
    0x00412c37
    0x00412c3b
    0x00412c3f
    0x00412c52
    0x00412c57
    0x00412c57
    0x00412c5e
    0x00412c65
    0x00412c72
    0x00412c79
    0x00412c7a
    0x00412c7d
    0x00412c7e
    0x00412c83
    0x00412c88
    0x00412c8d
    0x00412c94
    0x00412c9b
    0x00412ca8
    0x00412ca9
    0x00412caf
    0x00412cb0
    0x00412cba
    0x00000000
    0x00000000
    0x00412cbc
    0x00412cbe
    0x00412cc5
    0x00412ccc
    0x00412ccc
    0x00412ccd
    0x00412cdb
    0x00412cde
    0x00412ce1
    0x00412ce6
    0x00412ce9
    0x00412ceb
    0x00412cec
    0x00412d07
    0x00412d0f
    0x00412d17
    0x00412d1c

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 004128FA
    • _CIsin.MSVBVM60(?,?,?,?,00401266), ref: 00412940
    • __vbaFpR8.MSVBVM60(?,?,?,?,00401266), ref: 00412945
    • __vbaVarDup.MSVBVM60 ref: 0041297D
    • #600.MSVBVM60(?,00000002), ref: 00412988
    • __vbaFreeVar.MSVBVM60(?,00000002), ref: 00412993
    • #612.MSVBVM60(?,?,?,?,?,00401266), ref: 004129A3
    • __vbaStrVarMove.MSVBVM60(?,?,?,?,?,?,00401266), ref: 004129AC
    • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,00401266), ref: 004129B6
    • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,00401266), ref: 004129BE
    • __vbaStrCopy.MSVBVM60 ref: 00412A00
    • __vbaFreeStr.MSVBVM60(?,00003FC5,?), ref: 00412A4E
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411740,000006FC,?,?,?,00003FC5,?), ref: 00412AA7
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411740,00000700,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412B5C
    • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412B84
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411710,000001B8,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412BC9
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411710,000001BC), ref: 00412C1C
    • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412C52
    • __vbaVarAdd.MSVBVM60(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,00003FC5), ref: 00412C7E
    • __vbaVarMove.MSVBVM60(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,00003FC5), ref: 00412C88
    • __vbaVarTstLt.MSVBVM60(00008003,?,?,00000002,?), ref: 00412CB0
    • __vbaFreeVar.MSVBVM60(00412D1D,?,?,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412D07
    • __vbaFreeVar.MSVBVM60(00412D1D,?,?,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412D0F
    • __vbaFreeStr.MSVBVM60(00412D1D,?,?,?,?,?,?,?,?,?,?,?,?,00003FC5,?), ref: 00412D17
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$Free$CheckHresultMove$#600#612ChkstkCopyErrorIsin
    • String ID: Kompetenceomraaders
    • API String ID: 3051467023-3324465476
    • Opcode ID: 2d6bb7247a1ae2f56fc7962067094297a5ee8f8957d157a6be1bc0f9ff2a8bee
    • Instruction ID: 6c5ce7c4093d64874f743da04cdc50018435938ab2230c0a194348915967b6fe
    • Opcode Fuzzy Hash: 2d6bb7247a1ae2f56fc7962067094297a5ee8f8957d157a6be1bc0f9ff2a8bee
    • Instruction Fuzzy Hash: 7BC1F67090021CEFDB10DFA1C949BDDBBB4FF04304F1081AAE549AB2A1DB795A99DF54
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004013E8, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 614COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 757 4013e8-401407 #100 758 401455-40145c 757->758 759 401409-401448 757->759 760 40145e-40149e 758->760 759->758 763 401514-401884 760->763 764 40149f 760->764 765 401886-4018c1 763->765 766 4014a0 764->766 767 401506 764->767 765->765 770 4018c3-4018c5 765->770 771 401511-401513 766->771 772 4014a1 766->772 768 401510 767->768 769 401508-40150e 767->769 768->771 769->768 775 4018c7-4018ce 770->775 776 401918-401934 770->776 771->763 772->771 774 4014a3-4014bb 772->774 774->760 778 4014bd-401505 774->778 778->767
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: #100
    • String ID: VB5!6&*
    • API String ID: 1341478452-3593831657
    • Opcode ID: 6fb4eb09546014d35054aadaeafd0b406f05745be21e57148c36a9ea11c45122
    • Instruction ID: 8a117d19622d5a675495d0fe3608c83619d383957ce3d484533b1070b0742d9a
    • Opcode Fuzzy Hash: 6fb4eb09546014d35054aadaeafd0b406f05745be21e57148c36a9ea11c45122
    • Instruction Fuzzy Hash: EA42683145E3D04FD7239B7888B4A413FF0EE6765970A4ADBC4819F0A7D228A81DE767
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409CDD, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 690COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 840 409cdd-409d33 842 409d34-409dc8 840->842 844 409b79-409c2b 842->844 845 409dce-40ad05 VirtualAlloc 842->845 848 409c2d-409ca8 844->848 878 40ad0b-40b061 call 40b209 845->878 852 409ca9-409cdb 848->852 852->842 887 40b067-40b182 878->887
    C-Code - Quality: 56%
    			E00409CDD(signed int __eax, void* __ebx, void* __ecx, signed char __edx, void* __esi, void* __eflags, signed long long __fp0) {
				signed int _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				void* _t206;
				void* _t208;
				void* _t213;
				signed char _t214;
				signed char _t215;
				signed char _t216;
				signed char _t217;
				signed char _t218;
				signed char _t219;
				signed char _t220;
				signed char _t221;
				signed char _t222;
				signed char _t223;
				signed char _t224;
				signed char _t225;
				signed char _t226;
				signed char _t227;
				signed char _t228;
				signed char _t229;
				signed char _t230;
				signed char _t231;
				signed char _t232;
				signed char _t233;
				signed char _t234;
				signed char _t235;
				signed char _t236;
				signed char _t237;
				signed char _t238;
				signed char _t239;
				signed char _t240;
				void* _t246;
				signed long long _t527;
				signed long long _t528;
				void* _t529;

				_t527 = __fp0;
				_t246 = __esi;
				_t214 = __edx;
				_t208 = __ecx;
				_t206 = __ebx;
				_t177 = __eax;
				asm("int 0x21");
				if(__eflags >= 0) {
					_t6 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t6;
					_t10 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t10;
					_t14 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t14;
					_t18 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t18;
					_t22 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t22;
					_t26 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t26;
					_t30 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t30;
					_t34 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t34;
					_t38 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t38;
					_t42 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t42;
					_t46 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t46;
					_t50 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t50;
					_t54 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t54;
					_t58 = __eax % __dh;
					__eax = __eax / __dh;
					__edx = _t58;
					_t62 = __eax % __dh;
					__eflags = _t62;
					__eax = __eax / __dh;
					__edx = _t62;
				}
				_t178 = _t177 / _t214;
				_t215 = _t177 % _t214;
				_t179 = _t178 / _t215;
				_t216 = _t178 % _t215;
				_t180 = _t179 / _t216;
				_t217 = _t179 % _t216;
				_t181 = _t180 / _t217;
				_t218 = _t180 % _t217;
				_t182 = _t181 / _t218;
				_t219 = _t181 % _t218;
				_t183 = _t182 / _t219;
				_t220 = _t182 % _t219;
				_t184 = _t183 / _t220;
				_t221 = _t183 % _t220;
				_t185 = _t184 / _t221;
				_t222 = _t184 % _t221;
				_t186 = _t185 / _t222;
				_t223 = _t185 % _t222;
				_t187 = _t186 / _t223;
				_t224 = _t186 % _t223;
				_t188 = _t187 / _t224;
				_t225 = _t187 % _t224;
				_t189 = _t188 / _t225;
				_t226 = _t188 % _t225;
				_t190 = _t189 / _t226;
				_t227 = _t189 % _t226;
				_t191 = _t190 / _t227;
				_t228 = _t190 % _t227;
				_t192 = _t191 / _t228;
				_t229 = _t191 % _t228;
				_t193 = _t192 / _t229;
				_t230 = _t192 % _t229;
				_t194 = _t193 / _t230;
				_t231 = _t193 % _t230;
				_t195 = _t194 / _t231;
				_t232 = _t194 % _t231;
				_t196 = _t195 / _t232;
				_t233 = _t195 % _t232;
				_t197 = _t196 / _t233;
				_t234 = _t196 % _t233;
				_t198 = _t197 / _t234;
				_t235 = _t197 % _t234;
				_t199 = _t198 / _t235;
				_t236 = _t198 % _t235;
				_t200 = _t199 / _t236;
				_t237 = _t199 % _t236;
				_t201 = _t200 / _t237;
				_t238 = _t200 % _t237;
				_t202 = _t201 / _t238;
				_t239 = _t201 % _t238;
				_t203 = _t202 / _t239;
				_t240 = _t202 % _t239;
				__eflags = _t203 % _t240;
				_t177 = _t203 / _t240;
				while(1) {
					asm("f2xm1");
					asm("emms");
					asm("fyl2x");
					asm("paddusw xmm6, xmm5");
					asm("paddw xmm1, xmm2");
					asm("wait");
					asm("fninit");
					if(_t206 != _t208) {
						asm("psrld mm2, 0x54");
						asm("punpcklbw xmm6, xmm4");
						asm("pmaddwd xmm3, xmm4");
						asm("faddp st1, st0");
						asm("paddw mm1, mm5");
						asm("pmaddwd mm1, mm2");
						asm("psubsw xmm6, xmm3");
						asm("pmulhw xmm7, xmm0");
						asm("pmullw xmm0, xmm5");
						_t177 = _t177 - 1;
						asm("fxam");
						goto L3;
					}
					asm("movq xmm2, xmm5");
					asm("ftst");
					asm("wait");
					asm("fclex");
					asm("psrlw xmm1, 0x90");
					asm("wait");
					asm("fclex");
					asm("pcmpeqd xmm7, xmm6");
					asm("psrlq mm0, 0x62");
					_t528 = _t527 * st6;
					asm("fclex");
					asm("pmaddwd mm1, mm2");
					asm("psubsw xmm6, xmm3");
					asm("pmulhw xmm7, xmm0");
					asm("pmullw xmm0, xmm5");
					asm("fst st6");
					asm("fdivp st5, st0");
					asm("psllw mm4, 0x33");
					asm("fdecstp");
					asm("fchs");
					asm("packuswb mm3, mm6");
					asm("fyl2x");
					asm("frndint");
					asm("pslld mm4, 0x7c");
					asm("packuswb xmm3, xmm2");
					asm("fxch st0, st1");
					asm("psubusb xmm7, xmm7");
					asm("psrlq mm1, 0x9e");
					asm("pslld xmm2, 0xb8");
					asm("fdivr st1, st0");
					asm("fcos");
					asm("punpckhdq mm4, mm2");
					asm("paddusb mm4, mm6");
					_t529 = _t528 - st0;
					asm("fdivrp st6, st0");
					asm("paddb xmm5, xmm5");
					asm("wait");
					asm("psubw mm6, mm6");
					asm("psubusb xmm2, xmm2");
					asm("pcmpgtb xmm0, xmm0");
					asm("fsubr st2, st0");
					asm("fscale");
					asm("emms");
					asm("paddd xmm3, xmm4");
					asm("fsqrt");
					_t213 = 0x10cc;
					goto L16;
				}
			}
































































    0x00409cdd
    0x00409cdd
    0x00409cdd
    0x00409cdd
    0x00409cdd
    0x00409cdd
    0x00409cdd
    0x00409cdf
    0x00409ce1
    0x00409ce1
    0x00409ce1
    0x00409ce3
    0x00409ce3
    0x00409ce3
    0x00409ce5
    0x00409ce5
    0x00409ce5
    0x00409ce7
    0x00409ce7
    0x00409ce7
    0x00409ce9
    0x00409ce9
    0x00409ce9
    0x00409ceb
    0x00409ceb
    0x00409ceb
    0x00409ced
    0x00409ced
    0x00409ced
    0x00409cef
    0x00409cef
    0x00409cef
    0x00409cf1
    0x00409cf1
    0x00409cf1
    0x00409cf3
    0x00409cf3
    0x00409cf3
    0x00409cf5
    0x00409cf5
    0x00409cf5
    0x00409cf7
    0x00409cf7
    0x00409cf7
    0x00409cf9
    0x00409cf9
    0x00409cf9
    0x00409cfb
    0x00409cfb
    0x00409cfb
    0x00409cfd
    0x00409cfd
    0x00409cfd
    0x00409cfd
    0x00409cfd
    0x00409cfe
    0x00409cfe
    0x00409d00
    0x00409d00
    0x00409d02
    0x00409d02
    0x00409d04
    0x00409d04
    0x00409d06
    0x00409d06
    0x00409d08
    0x00409d08
    0x00409d0a
    0x00409d0a
    0x00409d0c
    0x00409d0c
    0x00409d0e
    0x00409d0e
    0x00409d10
    0x00409d10
    0x00409d12
    0x00409d12
    0x00409d14
    0x00409d14
    0x00409d16
    0x00409d16
    0x00409d18
    0x00409d18
    0x00409d1a
    0x00409d1a
    0x00409d1c
    0x00409d1c
    0x00409d1e
    0x00409d1e
    0x00409d20
    0x00409d20
    0x00409d22
    0x00409d22
    0x00409d24
    0x00409d24
    0x00409d26
    0x00409d26
    0x00409d28
    0x00409d28
    0x00409d2a
    0x00409d2a
    0x00409d2c
    0x00409d2c
    0x00409d2e
    0x00409d2e
    0x00409d30
    0x00409d30
    0x00409d32
    0x00409d32
    0x00409d34
    0x00409d57
    0x00409d59
    0x00409d5b
    0x00409d5d
    0x00409d61
    0x00409d65
    0x00409d66
    0x00409dc8
    0x00409b98
    0x00409b9c
    0x00409ba0
    0x00409ba4
    0x00409ba6
    0x00409ba9
    0x00409bac
    0x00409bb0
    0x00409bb4
    0x00409c21
    0x00409c2b
    0x00409c2b
    0x00409ca9
    0x00409de3
    0x00409de7
    0x00409de9
    0x00409dea
    0x00409dec
    0x00409df1
    0x00409df2
    0x00409df4
    0x00409df8
    0x00409dfc
    0x00409dfe
    0x00409e85
    0x00409e88
    0x00409e8c
    0x00409e90
    0x00409e94
    0x00409e96
    0x00409e98
    0x00409e9c
    0x00409e9e
    0x00409ea0
    0x00409f1b
    0x00409f1d
    0x00409f1f
    0x00409f23
    0x00409f27
    0x00409f29
    0x00409fb6
    0x00409fba
    0x00409fbf
    0x00409fc1
    0x00409fc3
    0x00409fc6
    0x00409fc9
    0x00409fcb
    0x00409fcf
    0x0040a050
    0x0040a051
    0x0040a054
    0x0040a058
    0x0040a05c
    0x0040a05e
    0x0040a060
    0x0040a062
    0x0040a066
    0x0040a0c6
    0x0040a0e5
    0x0040a166

    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID: `
    • API String ID: 0-2679148245
    • Opcode ID: fc49cbb6c26cc94e91722934ef2cd7e1ba66ff94af0d5dafa7a1f8cfb73b435e
    • Instruction ID: bcf8f17379ad910c5398dfbd88ef71e940325c214e41000b04a36e0f65532f31
    • Opcode Fuzzy Hash: fc49cbb6c26cc94e91722934ef2cd7e1ba66ff94af0d5dafa7a1f8cfb73b435e
    • Instruction Fuzzy Hash: B502BC41E2A30689FF722060C5D076E6541DF27381F328F7BD861F59E2AA2FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409965, Relevance: 2.1, APIs: 1, Instructions: 814memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 305a970aa69d344489e854c2ad3fff0f111183fd783a79e96f72fa11bf28bcfc
    • Instruction ID: d63ff71b1f88e24633eb8e2927b6c71fbc56cd76657bffe686f010ff93292827
    • Opcode Fuzzy Hash: 305a970aa69d344489e854c2ad3fff0f111183fd783a79e96f72fa11bf28bcfc
    • Instruction Fuzzy Hash: 1B22CD41E2A31689FF722160C5D076E6641DF27381F318F3BD861F58E2AA2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004098D0, Relevance: 2.1, APIs: 1, Instructions: 801COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 500db43b64972919d9d176eeafd95310a4197b5aadd56e28897c2af84017c5f9
    • Instruction ID: 6ed4cbceae418df46c282ac3361e02eb9a18211dce302412b32193060be6beb9
    • Opcode Fuzzy Hash: 500db43b64972919d9d176eeafd95310a4197b5aadd56e28897c2af84017c5f9
    • Instruction Fuzzy Hash: 4D22CD41E2A30689FF722160C5D076E6640DF27381F318F7BD861F59E2AB2F85CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409A8C, Relevance: 2.0, APIs: 1, Instructions: 773memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: aedac8f832149dc244c194b3df15ba2adf095a7304aa869c1c2a26fbd21d131d
    • Instruction ID: 392ff81b8d3daa95f4ffdc3b5a41bfb90c070a917d4e01f7f07db67d99fb7166
    • Opcode Fuzzy Hash: aedac8f832149dc244c194b3df15ba2adf095a7304aa869c1c2a26fbd21d131d
    • Instruction Fuzzy Hash: E012BC41E2A31689FF722060C5D076E6541DF27381F328F3BD861F59E2BA2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409A02, Relevance: 2.0, APIs: 1, Instructions: 748memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: d95227ffee82b47db70411aa529dc2a44203085f6465c487eb63bef2be8f3688
    • Instruction ID: 738974e5ad3fc8b5e505940662136265eb19b5fe716949185df62adf1e018eee
    • Opcode Fuzzy Hash: d95227ffee82b47db70411aa529dc2a44203085f6465c487eb63bef2be8f3688
    • Instruction Fuzzy Hash: 0312CD41E2A31689FF722060C5D076E6541DF27381F328F3BD861F59E2BA2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409B1C, Relevance: 2.0, APIs: 1, Instructions: 715memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: d95291d8014bc850f4d640d32322d54a4a126028e6ceedddb16d7d742611d109
    • Instruction ID: 3c0b78993b076fba0e61c68507c08b9e55901d7dc217ba98a1afe0c05fe69124
    • Opcode Fuzzy Hash: d95291d8014bc850f4d640d32322d54a4a126028e6ceedddb16d7d742611d109
    • Instruction Fuzzy Hash: 9312DF41E2A30689FF722160C5D076E6A41DF27381F318F7BD861F58E2BA2F85CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409BBA, Relevance: 1.9, APIs: 1, Instructions: 697memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 9ddbb443ee5d410f85274ccd466b19f7524684bd2a9650dd6f0a7ae83ed82ec0
    • Instruction ID: c9e7f85ecf15fb9af0c23020c65c86509c7e7b7365d5e993840f2536819daf78
    • Opcode Fuzzy Hash: 9ddbb443ee5d410f85274ccd466b19f7524684bd2a9650dd6f0a7ae83ed82ec0
    • Instruction Fuzzy Hash: A712BC51E2A30689FF722060C5D076E6541DF26381F328F7BD861F58E2AA2FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409C4A, Relevance: 1.9, APIs: 1, Instructions: 674COMMON
    Download Yara Rule
    C-Code - Quality: 100%
    			E00409C4A(intOrPtr __eax, void* __ecx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t51;
				void* _t56;
				void* _t68;
				void* _t350;

				_t350 = __fp0;
				_t68 = __esi;
				_t56 = __ecx;
				_t1 = __edi - 0x78787879;
				 *_t1 = __eax;
				_t3 = __edi - 0x78787879;
				 *_t3 =  *_t1;
				_t5 = __edi - 0x78787879;
				 *_t5 =  *_t3;
				_t7 = __edi - 0x78787879;
				 *_t7 =  *_t5;
				_t9 = __edi - 0x78787879;
				 *_t9 =  *_t7;
				_t11 = __edi - 0x78787879;
				 *_t11 =  *_t9;
				_t13 = __edi - 0x78787879;
				 *_t13 =  *_t11;
				_t15 = __edi - 0x78787879;
				 *_t15 =  *_t13;
				_t17 = __edi - 0x78787879;
				 *_t17 =  *_t15;
				_t19 = __edi - 0x78787879;
				 *_t19 =  *_t17;
				_t21 = __edi - 0x78787879;
				 *_t21 =  *_t19;
				_t23 = __edi - 0x78787879;
				 *_t23 =  *_t21;
				_t25 = __edi - 0x78787879;
				 *_t25 =  *_t23;
				_t27 = __edi - 0x77c7879;
				_t51 =  *_t27;
				 *_t27 =  *_t25;
				goto L4;
			}







    0x00409c4a
    0x00409c4a
    0x00409c4a
    0x00409c4e
    0x00409c4e
    0x00409c54
    0x00409c54
    0x00409c5a
    0x00409c5a
    0x00409c60
    0x00409c60
    0x00409c66
    0x00409c66
    0x00409c6c
    0x00409c6c
    0x00409c72
    0x00409c72
    0x00409c78
    0x00409c78
    0x00409c7e
    0x00409c7e
    0x00409c84
    0x00409c84
    0x00409c8a
    0x00409c8a
    0x00409c90
    0x00409c90
    0x00409c96
    0x00409c96
    0x00409c9c
    0x00409c9c
    0x00409c9c
    0x00409c9c

    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 68219d97ef7f602cc35c883ea18cc107ed5bb042bc088d6a58e6f85fd677e1b2
    • Instruction ID: 53ea9a5902996e712cc97ac3b1ac1f0c12f37d6b001cb964ee3a673e600917fb
    • Opcode Fuzzy Hash: 68219d97ef7f602cc35c883ea18cc107ed5bb042bc088d6a58e6f85fd677e1b2
    • Instruction Fuzzy Hash: AD12CD41E2A30689FF722060C5D075E6641DF27391F328F7BD861F58E2BA2F86CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409E02, Relevance: 1.9, APIs: 1, Instructions: 670memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: c73da6bf1768dc30a63cd322fc6d6600dbe5371c9c8b3ba5d4b6b52b783d01f5
    • Instruction ID: 5b6e365dd856a979f0d0e5aaec5f3cdeb8c28f02ff6391bf8a7d697942c84e78
    • Opcode Fuzzy Hash: c73da6bf1768dc30a63cd322fc6d6600dbe5371c9c8b3ba5d4b6b52b783d01f5
    • Instruction Fuzzy Hash: C6F1BC41E2A31689FF722060C5D076E6541DF27381F328F7BD861F58E2AA2FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409D6A, Relevance: 1.9, APIs: 1, Instructions: 649COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f205504c0e1faf4614f7baa20141927ed12f958558d03af1ee764e2d805b711b
    • Instruction ID: 5a01884d180913f4f615449a1542ff194daff2b5b6ba659ea358e18e82552a5c
    • Opcode Fuzzy Hash: f205504c0e1faf4614f7baa20141927ed12f958558d03af1ee764e2d805b711b
    • Instruction Fuzzy Hash: 5502BC41E2A31689FF722060C5D076E6541DF26391F328F3BD861F58E2BA2FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00409EA6, Relevance: 1.9, APIs: 1, Instructions: 605memoryCOMMON
    Download Yara Rule
    C-Code - Quality: 57%
    			E00409EA6(void* __eax, void* __ebx, signed int __ecx, void* __esi, void* __fp0) {
				signed int _t8;
				signed int _t14;
				signed int _t15;
				signed int _t16;
				signed int _t17;
				void* _t22;
				signed int _t33;
				void* _t266;

				_t22 = __esi;
				asm("aam 0xbe");
				_t8 = __eax + 0x21212121;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *__ecx =  *__ecx & _t33;
				 *(__ebx - 0xe7ef805) =  *(__ebx - 0xe7ef805) & _t8;
				_t14 = __ecx ^ 0x000008e6;
				asm("fyl2x");
				asm("frndint");
				asm("pslld mm4, 0x7c");
				asm("packuswb xmm3, xmm2");
				asm("fxch st0, st1");
				asm("psubusb xmm7, xmm7");
				_t15 = _t14 - 0x1ad7;
				asm("psrlq mm1, 0x9e");
				asm("pslld xmm2, 0xb8");
				asm("fdivr st1, st0");
				asm("fcos");
				asm("punpckhdq mm4, mm2");
				asm("paddusb mm4, mm6");
				_t266 = __fp0 - st0;
				asm("fdivrp st6, st0");
				asm("paddb xmm5, xmm5");
				_t16 = _t15 ^ 0x00000572;
				asm("wait");
				asm("psubw mm6, mm6");
				asm("psubusb xmm2, xmm2");
				asm("pcmpgtb xmm0, xmm0");
				asm("fsubr st2, st0");
				asm("fscale");
				asm("emms");
				asm("paddd xmm3, xmm4");
				asm("fsqrt");
				_t17 = _t16 ^ 0x0000212a;
				goto L5;
			}











    0x00409ea6
    0x00409ea6
    0x00409ea8
    0x00409ead
    0x00409eaf
    0x00409eb1
    0x00409eb3
    0x00409eb5
    0x00409eb7
    0x00409eb9
    0x00409ebb
    0x00409ebd
    0x00409ebf
    0x00409ec1
    0x00409ec3
    0x00409ec5
    0x00409ec7
    0x00409ec9
    0x00409ecb
    0x00409ecd
    0x00409ecf
    0x00409ed1
    0x00409ed3
    0x00409ed5
    0x00409ed7
    0x00409ed9
    0x00409edb
    0x00409edd
    0x00409edf
    0x00409ee1
    0x00409ee3
    0x00409ee5
    0x00409ee7
    0x00409ee9
    0x00409eeb
    0x00409eed
    0x00409eef
    0x00409ef1
    0x00409ef3
    0x00409ef5
    0x00409ef7
    0x00409ef9
    0x00409efd
    0x00409f1b
    0x00409f1d
    0x00409f1f
    0x00409f23
    0x00409f27
    0x00409f29
    0x00409f95
    0x00409fb6
    0x00409fba
    0x00409fbf
    0x00409fc1
    0x00409fc3
    0x00409fc6
    0x00409fc9
    0x00409fcb
    0x00409fcf
    0x0040a034
    0x0040a050
    0x0040a051
    0x0040a054
    0x0040a058
    0x0040a05c
    0x0040a05e
    0x0040a060
    0x0040a062
    0x0040a066
    0x0040a0c6
    0x0040a0e5

    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: fcf63e133976faccd12b186adbd2d86cab1086e3b38ae13517aef362d1f1e670
    • Instruction ID: e112c1601fdce911cdcdb6731ec75dd9a15161d21eb669a272f34034d2a3b3d1
    • Opcode Fuzzy Hash: fcf63e133976faccd12b186adbd2d86cab1086e3b38ae13517aef362d1f1e670
    • Instruction Fuzzy Hash: 5FF1CD41E2A30689FF722060C5D076E6541DF27391F328F7BE861F58E2AA1FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A238, Relevance: 1.8, APIs: 1, Instructions: 542memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 62a78fd2000e10cc47d7a057785a4a49083148bdb7761309892e241c85714a7b
    • Instruction ID: 5576fa6b1b9e54c69425388eadcf06b524103447000f9eefc17f80bc13d1e83e
    • Opcode Fuzzy Hash: 62a78fd2000e10cc47d7a057785a4a49083148bdb7761309892e241c85714a7b
    • Instruction Fuzzy Hash: 27D1FF41D2A31689FF722061C5C076E6941DF26391F328F37D861F58E2A62FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A024, Relevance: 1.8, APIs: 1, Instructions: 530memoryCOMMON
    Download Yara Rule
    C-Code - Quality: 25%
    			E0040A024(void* __eax, void* __ebx, signed int __ecx, void* __esi, void* __fp0) {
				void* _t4;
				signed int _t10;
				signed int _t11;
				void* _t16;
				void* _t242;

				_t242 = __fp0;
				_t16 = __esi;
				_t4 = __eax;
				_t10 = __ecx ^ 0x00000572;
				asm("wait");
				asm("psubw mm6, mm6");
				asm("psubusb xmm2, xmm2");
				asm("pcmpgtb xmm0, xmm0");
				asm("fsubr st2, st0");
				asm("fscale");
				asm("emms");
				asm("paddd xmm3, xmm4");
				asm("fsqrt");
				_t11 = _t10 ^ 0x0000212a;
				goto L3;
			}








    0x0040a024
    0x0040a024
    0x0040a024
    0x0040a034
    0x0040a050
    0x0040a051
    0x0040a054
    0x0040a058
    0x0040a05c
    0x0040a05e
    0x0040a060
    0x0040a062
    0x0040a066
    0x0040a0c6
    0x0040a0e5

    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: da19ae8a07c0c9622c8b82b9348ee7d4dc64ba47d0cd8fc80890d63ffe39db04
    • Instruction ID: 707637191421bd6b586af25745edfb7d3ee1da27621f46c95c01ccf0ada68bd5
    • Opcode Fuzzy Hash: da19ae8a07c0c9622c8b82b9348ee7d4dc64ba47d0cd8fc80890d63ffe39db04
    • Instruction Fuzzy Hash: 7FE1DE41E2A31689FF722060C5D076E6541DF27391F328F3BE861F58E2AA1FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A10E, Relevance: 1.8, APIs: 1, Instructions: 529COMMON
    Download Yara Rule
    C-Code - Quality: 100%
    			E0040A10E(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __fp0) {
				void* _t5;
				void* _t11;
				void* _t247;

				_t247 = __fp0;
				_t5 = __eax;
				_t11 = __ecx - 1;
				goto L2;
			}






    0x0040a10e
    0x0040a10e
    0x0040a10e
    0x0040a160

    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 88218c9c1d49c13c89f2f3c6aab1b44ebeb0b620e52b69e0ddb1c31672cc5610
    • Instruction ID: 8fd9616ce85d0ae57acec69d9eb37d723d7a60df5ea1a02bcee748060be5f720
    • Opcode Fuzzy Hash: 88218c9c1d49c13c89f2f3c6aab1b44ebeb0b620e52b69e0ddb1c31672cc5610
    • Instruction Fuzzy Hash: 50E1DE41D2A31689FF722060C5D071E6941DF27391F328F3BD861F58E2AA2FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A2C8, Relevance: 1.8, APIs: 1, Instructions: 528memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 58a36ca99207f22ea93c4cfc7c00ff6c29f961574eea9c603a305a5b2bbe0aa1
    • Instruction ID: 5861565f5f3994994ea9b8a596cb905d311826dae4e5473f673c9ed78478b7ad
    • Opcode Fuzzy Hash: 58a36ca99207f22ea93c4cfc7c00ff6c29f961574eea9c603a305a5b2bbe0aa1
    • Instruction Fuzzy Hash: D3C1E041D2A31689FF722061C5D076D6941DB16391F32CF37D861F48E2A62FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A35E, Relevance: 1.8, APIs: 1, Instructions: 503memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 947d0c3ca8bb85f2595a43ffe958c35faadb293d9973d4bc003dfdd7c86951b4
    • Instruction ID: f34df204f51e7000d8177e574fa303d7c976a6465982e4391053e53d855072ee
    • Opcode Fuzzy Hash: 947d0c3ca8bb85f2595a43ffe958c35faadb293d9973d4bc003dfdd7c86951b4
    • Instruction Fuzzy Hash: A8C1EE41D2A31689FF722061C5D076E6941DB26391F32CF3BE821F58E2B61FC6CA1597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A522, Relevance: 1.7, APIs: 1, Instructions: 449memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 0ccfaf87aefe5f14f17c3675f01c29e2f3356c156b2f62808c51176350d25f25
    • Instruction ID: 805cf87ada95a99245775433b58d1106dc28a082b78f6920a1c3e8fcf9bc5779
    • Opcode Fuzzy Hash: 0ccfaf87aefe5f14f17c3675f01c29e2f3356c156b2f62808c51176350d25f25
    • Instruction Fuzzy Hash: F1A1CF41D2A31689FF722061C5D076E6941DB27291F32CF3BE821F58E2B61FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A5B2, Relevance: 1.7, APIs: 1, Instructions: 427memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: a9e03fdc4571c5adbabf95fbbdd8d49dbdb791adef67553353ca6b6a58e3fe5a
    • Instruction ID: 4049460f9699b5871cbacd134bdb6e316b7c1a40b6f67a6a7f9d40d0fa19b79e
    • Opcode Fuzzy Hash: a9e03fdc4571c5adbabf95fbbdd8d49dbdb791adef67553353ca6b6a58e3fe5a
    • Instruction Fuzzy Hash: F6A1DD41D2A31689FF722061C4D072D6941DB27291F72CF3BE821F18E2B61FC6CA2587
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A3F8, Relevance: 1.7, APIs: 1, Instructions: 418memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 0ca24a942d14386593e1867cc11e05ac63f4913297e5f8bdaa1cd9ae545bef7e
    • Instruction ID: 6eed85144fdbe41dae332d7be9294b59a2ac543372e9aaee4aad975773dd38af
    • Opcode Fuzzy Hash: 0ca24a942d14386593e1867cc11e05ac63f4913297e5f8bdaa1cd9ae545bef7e
    • Instruction Fuzzy Hash: E7C1DE41D2A31689FF722061C5D076D6941DF26291F328F3BE821F58E2B61FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A638, Relevance: 1.6, APIs: 1, Instructions: 384memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 6b947f1d10d7e618fc040b28d35d45fe4a0c83055cab6085e6b49385991db291
    • Instruction ID: 2e543cad36d1a0a15734aa2621d0d925062721265bf965e54890e413c662e7e7
    • Opcode Fuzzy Hash: 6b947f1d10d7e618fc040b28d35d45fe4a0c83055cab6085e6b49385991db291
    • Instruction Fuzzy Hash: 56A1BD41D2A31689FF722061C5D076D6941DB23291F72CF3BE821F58E2B61FC6CA2587
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0040A4D9, Relevance: 1.6, APIs: 1, Instructions: 384memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,0000C000,00001000,00000040), ref: 0040A61F
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: c272c5ee628e98968199238e1f5f9b16766cbfed4ab13fcb94e54420f24e4dfd
    • Instruction ID: 28ae923123e0b3eaad485b341b7f7696fa4c0dbef17af6e7be453c6e670a6692
    • Opcode Fuzzy Hash: c272c5ee628e98968199238e1f5f9b16766cbfed4ab13fcb94e54420f24e4dfd
    • Instruction Fuzzy Hash: D3B1DE41D2A31689FF722061C5D076E6941DB22391F32CF3BD821F58E2B61FC6CA2597
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 0040D5E2, Relevance: 1.5, Strings: 1, Instructions: 294COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID:
    • String ID: (3--
    • API String ID: 0-119145886
    • Opcode ID: 2f6af46445cf91adad95f5526817bfb8cad2aa3e1b4c22b9edc1b1cfe97ecb2e
    • Instruction ID: 35c714329288650c292c72ed20c24d2e46ba48d3051e45b32616c49ebd4e5a70
    • Opcode Fuzzy Hash: 2f6af46445cf91adad95f5526817bfb8cad2aa3e1b4c22b9edc1b1cfe97ecb2e
    • Instruction Fuzzy Hash: C6417B7641E7D18FCB035F74C8A96807FB0EF5B204B1A09DAC4C09F4A7D66A6486CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00412EA4, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 174COMMON
    Download Yara Rule
    C-Code - Quality: 48%
    			E00412EA4(void* __ebx, void* __ecx, void* __edi, void* __esi, long long __fp0, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				intOrPtr _v36;
				char _v48;
				void* _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				intOrPtr* _v104;
				signed int _v108;
				signed int _v116;
				signed int _v120;
				char _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _t79;
				signed int _t80;
				char* _t85;
				signed int _t90;
				signed int _t96;
				signed int _t101;
				intOrPtr _t105;
				intOrPtr _t117;
				void* _t119;
				signed int _t122;
				long long _t124;
				char _t125;

				_t124 = __fp0;
				_push(0x401266);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t117;
				_push(0x74);
				L00401260();
				_v12 = _t117;
				_v8 = 0x4011e8;
				_push(5);
				_push(0x41196c);
				_t79 =  &_v48;
				_push(_t79);
				L0040132C();
				_v96 = _v96 & 0x00000000;
				if(_v96 >= 2) {
					L00401326();
					_v116 = _t79;
				} else {
					_v116 = _v116 & 0x00000000;
				}
				_t80 = _v96;
				asm("fld1");
				 *((long long*)(_v36 + _t80 * 8)) = _t124;
				_v96 = 1;
				_t119 = _v96 - 2;
				if(_t119 >= 0) {
					L00401326();
					_v120 = _t80;
				} else {
					_v120 = _v120 & 0x00000000;
				}
				_t105 = _v36;
				_t125 =  *0x4011e0;
				 *((long long*)(_t105 + _v96 * 8)) = _t125;
				_v92 =  &_v48;
				_push( &_v92);
				asm("fld1");
				_push(_t105);
				_push(_t105);
				_v56 = _t125;
				L00401320();
				L0040137A();
				asm("fcomp qword [0x4011d8]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t119 != 0) {
					if( *0x41433c != 0) {
						_v124 = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x411924);
						L00401338();
						_v124 = 0x41433c;
					}
					_t28 =  &_v124; // 0x41433c
					_v96 =  *((intOrPtr*)( *_t28));
					_t96 =  *((intOrPtr*)( *_v96 + 0x1c))(_v96,  &_v56);
					asm("fclex");
					_v100 = _t96;
					if(_v100 >= 0) {
						_v128 = _v128 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x411914);
						_push(_v96);
						_push(_v100);
						L00401356();
						_v128 = _t96;
					}
					_v104 = _v56;
					_v64 = 0x80020004;
					_v72 = 0xa;
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t101 =  *((intOrPtr*)( *_v104 + 0x60))(_v104, L"Magterobringen", 0x10);
					asm("fclex");
					_v108 = _t101;
					_t122 = _v108;
					if(_t122 >= 0) {
						_v132 = _v132 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x411934);
						_push(_v104);
						_push(_v108);
						L00401356();
						_v132 = _t101;
					}
					L00401332();
				}
				asm("fldz");
				L004012C6();
				L0040137A();
				asm("fcomp qword [0x4011d8]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t122 != 0) {
					_v80 = 0x80020004;
					_v88 = 0xa;
					_v64 = 0x80020004;
					_v72 = 0xa;
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t90 =  *((intOrPtr*)( *_a4 + 0x2b0))(_a4, 0x10, 0x10);
					asm("fclex");
					_v96 = _t90;
					if(_v96 >= 0) {
						_v136 = _v136 & 0x00000000;
					} else {
						_push(0x2b0);
						_push(0x411710);
						_push(_a4);
						_push(_v96);
						L00401356();
						_v136 = _t90;
					}
				}
				_v24 = 0x7131b;
				asm("wait");
				_push(0x4130dc);
				_v92 =  &_v48;
				_t85 =  &_v92;
				_push(_t85);
				_push(0);
				L0040131A();
				return _t85;
			}




































    0x00412ea4
    0x00412ea9
    0x00412eb4
    0x00412eb5
    0x00412ebc
    0x00412ebf
    0x00412ec7
    0x00412eca
    0x00412ed1
    0x00412ed3
    0x00412ed8
    0x00412edb
    0x00412edc
    0x00412ee1
    0x00412ee9
    0x00412ef1
    0x00412ef6
    0x00412eeb
    0x00412eeb
    0x00412eeb
    0x00412ef9
    0x00412eff
    0x00412f01
    0x00412f04
    0x00412f0b
    0x00412f0f
    0x00412f17
    0x00412f1c
    0x00412f11
    0x00412f11
    0x00412f11
    0x00412f22
    0x00412f25
    0x00412f2b
    0x00412f31
    0x00412f37
    0x00412f38
    0x00412f3a
    0x00412f3b
    0x00412f3c
    0x00412f3f
    0x00412f44
    0x00412f49
    0x00412f4f
    0x00412f51
    0x00412f52
    0x00412f5f
    0x00412f79
    0x00412f61
    0x00412f61
    0x00412f66
    0x00412f6b
    0x00412f70
    0x00412f70
    0x00412f80
    0x00412f85
    0x00412f94
    0x00412f97
    0x00412f99
    0x00412fa0
    0x00412fb9
    0x00412fa2
    0x00412fa2
    0x00412fa4
    0x00412fa9
    0x00412fac
    0x00412faf
    0x00412fb4
    0x00412fb4
    0x00412fc0
    0x00412fc3
    0x00412fca
    0x00412fd4
    0x00412fde
    0x00412fdf
    0x00412fe0
    0x00412fe1
    0x00412fef
    0x00412ff2
    0x00412ff4
    0x00412ff7
    0x00412ffb
    0x00413014
    0x00412ffd
    0x00412ffd
    0x00412fff
    0x00413004
    0x00413007
    0x0041300a
    0x0041300f
    0x0041300f
    0x0041301b
    0x0041301b
    0x00413020
    0x00413022
    0x00413027
    0x0041302c
    0x00413032
    0x00413034
    0x00413035
    0x00413037
    0x0041303e
    0x00413045
    0x0041304c
    0x00413056
    0x00413060
    0x00413061
    0x00413062
    0x00413063
    0x00413067
    0x00413071
    0x00413072
    0x00413073
    0x00413074
    0x0041307d
    0x00413083
    0x00413085
    0x0041308c
    0x004130ab
    0x0041308e
    0x0041308e
    0x00413093
    0x00413098
    0x0041309b
    0x0041309e
    0x004130a3
    0x004130a3
    0x0041308c
    0x004130b2
    0x004130b9
    0x004130ba
    0x004130cd
    0x004130d0
    0x004130d3
    0x004130d4
    0x004130d6
    0x004130db

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00412EBF
    • __vbaAryConstruct2.MSVBVM60(?,0041196C,00000005,?,?,?,?,00401266), ref: 00412EDC
    • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041196C,00000005), ref: 00412EF1
    • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041196C,00000005), ref: 00412F17
    • #684.MSVBVM60(?,?,?), ref: 00412F3F
    • __vbaFpR8.MSVBVM60(?,?,?), ref: 00412F44
    • __vbaNew2.MSVBVM60(00411924,0041433C,?,?,?), ref: 00412F6B
    • __vbaHresultCheckObj.MSVBVM60(00000000,00000002,00411914,0000001C,?,?,?,?,?,?,?), ref: 00412FAF
    • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?), ref: 00412FD4
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411934,00000060,?,?,?,?,?,?,?), ref: 0041300A
    • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0041301B
    • _CIcos.MSVBVM60(?,?,?), ref: 00413022
    • __vbaFpR8.MSVBVM60(?,?,?), ref: 00413027
    • __vbaChkstk.MSVBVM60(?,?,?), ref: 00413056
    • __vbaChkstk.MSVBVM60(?,?,?), ref: 00413067
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411710,000002B0), ref: 0041309E
    • __vbaAryDestruct.MSVBVM60(00000000,?,004130DC,?,?,?), ref: 004130D6
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$Chkstk$CheckHresult$BoundsErrorGenerate$#684Construct2DestructFreeIcosNew2
    • String ID: <CA$Magterobringen
    • API String ID: 2333708068-3107163244
    • Opcode ID: 3f1772067cbc126901aa60e1a6090e58a86db49d97f6e0c9ba040f6ec65611ae
    • Instruction ID: 4634e05989719be921812c9daed98b6630bb949389dd08702ae8539a72a872c7
    • Opcode Fuzzy Hash: 3f1772067cbc126901aa60e1a6090e58a86db49d97f6e0c9ba040f6ec65611ae
    • Instruction Fuzzy Hash: C1612470D00208EBDB10EFE1C94ABDDBBB5BF08705F20406AE910BB2A1C7B95995DF19
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00412744, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 108COMMON
    Download Yara Rule
    C-Code - Quality: 56%
    			E00412744(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, char* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				signed int _v32;
				char _v48;
				short _v52;
				void* _v56;
				intOrPtr _v64;
				char _v72;
				char* _v80;
				char _v88;
				short _v92;
				short _t45;
				intOrPtr* _t46;
				signed int _t48;
				char* _t52;
				char* _t53;
				void* _t68;
				void* _t70;
				intOrPtr _t71;

				_t71 = _t70 - 0xc;
				 *[fs:0x0] = _t71;
				L00401260();
				_v16 = _t71;
				_v12 = 0x401108;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x4c,  *[fs:0x0], 0x401266, _t68);
				_v64 = 0x80020004;
				_v72 = 0xa;
				_t45 =  &_v72;
				_push(_t45);
				L004013C8();
				_v52 = _t45;
				L004013C2();
				_t46 = _a8;
				_push( *_t46);
				_push(0x4118cc);
				L004013BC();
				if(_t46 != 0) {
					_v80 = _a8;
					_v88 = 0x4008;
					_push(0);
					_t48 =  &_v88;
					_push(_t48);
					L004013B0();
					L004013B6();
					_push(_t48);
					_push(0x4118cc);
					L004013BC();
					asm("sbb eax, eax");
					_v92 =  ~( ~_t48 + 1);
					L004013AA();
					_t52 = _v92;
					if(_t52 == 0) {
						_t53 = _a8;
						_push( *_t53);
						_push(_v52);
						_push(0xffffffff);
						_push(1);
						L004013A4();
						while(1) {
							_push(_v52);
							L0040139E();
							_t52 = _t53;
							if(_t52 != 0) {
								break;
							}
							_push(_v52);
							_push( &_v28);
							L00401398();
							_v80 =  &_v28;
							_v88 = 0x4008;
							_push(0x10);
							L00401260();
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_push(1);
							_push("Add");
							_t53 =  &_v48;
							_push(_t53);
							L0040138C();
							_push(_t53);
							L00401392();
							_t71 = _t71 + 0x1c;
						}
						_push(_v52);
						L00401386();
						L00401380();
						_v32 = _v32 | 0x0000ffff;
					} else {
						_v32 = _v32 & 0x00000000;
					}
				} else {
					_v32 = _v32 & 0x00000000;
				}
				_push(0x4128b3);
				L004013AA();
				L004013C2();
				return _t52;
			}
























    0x00412747
    0x00412756
    0x00412760
    0x00412768
    0x0041276b
    0x00412772
    0x00412781
    0x00412784
    0x0041278b
    0x00412792
    0x00412795
    0x00412796
    0x0041279b
    0x004127a2
    0x004127a7
    0x004127aa
    0x004127ac
    0x004127b1
    0x004127b8
    0x004127c7
    0x004127ca
    0x004127d1
    0x004127d3
    0x004127d6
    0x004127d7
    0x004127e1
    0x004127e6
    0x004127e7
    0x004127ec
    0x004127f3
    0x004127f8
    0x004127ff
    0x00412804
    0x0041280a
    0x00412813
    0x00412816
    0x00412818
    0x0041281b
    0x0041281d
    0x0041281f
    0x00412824
    0x00412824
    0x00412827
    0x0041282c
    0x00412831
    0x00000000
    0x00000000
    0x00412833
    0x00412839
    0x0041283a
    0x00412842
    0x00412845
    0x0041284c
    0x0041284f
    0x00412859
    0x0041285a
    0x0041285b
    0x0041285c
    0x0041285d
    0x0041285f
    0x00412864
    0x00412867
    0x00412868
    0x0041286d
    0x0041286e
    0x00412873
    0x00412873
    0x00412878
    0x0041287b
    0x00412880
    0x00412885
    0x0041280c
    0x0041280c
    0x0041280c
    0x004127ba
    0x004127ba
    0x004127ba
    0x0041288a
    0x004128a5
    0x004128ad
    0x004128b2

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00412760
    • #648.MSVBVM60(0000000A), ref: 00412796
    • __vbaFreeVar.MSVBVM60(0000000A), ref: 004127A2
    • __vbaStrCmp.MSVBVM60(004118CC,?,0000000A), ref: 004127B1
    • #645.MSVBVM60(?,00000000,004118CC,?,0000000A), ref: 004127D7
    • __vbaStrMove.MSVBVM60(?,00000000,004118CC,?,0000000A), ref: 004127E1
    • __vbaStrCmp.MSVBVM60(004118CC,00000000,?,00000000,004118CC,?,0000000A), ref: 004127EC
    • __vbaFreeStr.MSVBVM60(004118CC,00000000,?,00000000,004118CC,?,0000000A), ref: 004127FF
    • __vbaFreeStr.MSVBVM60(004128B3,?,?,00000001,000000FF,?,?,004118CC,00000000,?,00000000,004118CC,?,0000000A), ref: 004128A5
    • __vbaFreeVar.MSVBVM60(004128B3,?,?,00000001,000000FF,?,?,004118CC,00000000,?,00000000,004118CC,?,0000000A), ref: 004128AD
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$Free$#645#648ChkstkMove
    • String ID: Add
    • API String ID: 4182468812-3310826759
    • Opcode ID: 2f858cc6a2fa8dccf69633f190fa57fca6dffd65f051f1008a7760fc6df9338a
    • Instruction ID: dd891be91ec34f30bdd5f6136aa1eed30bfae82f7c625f21c9c034f707da8036
    • Opcode Fuzzy Hash: 2f858cc6a2fa8dccf69633f190fa57fca6dffd65f051f1008a7760fc6df9338a
    • Instruction Fuzzy Hash: C1416D71D10209AAEB10EFE5C942BEEBBB4EF04704F10812AF900FB1E1DB7C95558B59
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004077AB, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 142COMMON
    Download Yara Rule
    C-Code - Quality: 46%
    			E004077AB(long long __fp0) {
				signed int _t68;
				void* _t73;
				signed int _t78;
				signed int _t84;
				signed int _t89;
				intOrPtr _t91;
				void* _t99;
				long long* _t100;
				void* _t101;
				signed int _t104;
				long long _t107;

				_t68 =  *(_t99 - 0x5c);
				asm("fld1");
				 *((long long*)( *((intOrPtr*)(_t99 - 0x20)) + _t68 * 8)) = __fp0;
				 *(_t99 - 0x5c) = 1;
				_t101 =  *(_t99 - 0x5c) - 2;
				if(_t101 >= 0) {
					L00401326();
					 *(_t99 - 0x74) = _t68;
				} else {
					 *(_t99 - 0x74) =  *(_t99 - 0x74) & 0x00000000;
				}
				_t91 =  *((intOrPtr*)(_t99 - 0x20));
				_t107 =  *0x4011e0;
				 *((long long*)(_t91 +  *(_t99 - 0x5c) * 8)) = _t107;
				 *((intOrPtr*)(_t99 - 0x58)) = _t99 - 0x2c;
				_push(_t99 - 0x58);
				asm("fld1");
				_push(_t91);
				_push(_t91);
				 *_t100 = _t107;
				L00401320();
				L0040137A();
				asm("fcomp qword [0x4011d8]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t101 != 0) {
					if( *0x41433c != 0) {
						 *(_t99 - 0x78) = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x411924);
						L00401338();
						 *(_t99 - 0x78) = 0x41433c;
					}
					_t19 = _t99 - 0x78; // 0x41433c
					 *(_t99 - 0x5c) =  *( *_t19);
					_t84 =  *((intOrPtr*)( *( *(_t99 - 0x5c)) + 0x1c))( *(_t99 - 0x5c), _t99 - 0x34);
					asm("fclex");
					 *(_t99 - 0x60) = _t84;
					if( *(_t99 - 0x60) >= 0) {
						 *(_t99 - 0x7c) =  *(_t99 - 0x7c) & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x411914);
						_push( *(_t99 - 0x5c));
						_push( *(_t99 - 0x60));
						L00401356();
						 *(_t99 - 0x7c) = _t84;
					}
					 *((intOrPtr*)(_t99 - 0x64)) =  *((intOrPtr*)(_t99 - 0x34));
					 *((intOrPtr*)(_t99 - 0x3c)) = 0x80020004;
					 *((intOrPtr*)(_t99 - 0x44)) = 0xa;
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t89 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t99 - 0x64)))) + 0x60))( *((intOrPtr*)(_t99 - 0x64)), L"Magterobringen", 0x10);
					asm("fclex");
					 *(_t99 - 0x68) = _t89;
					_t104 =  *(_t99 - 0x68);
					if(_t104 >= 0) {
						 *(_t99 - 0x80) =  *(_t99 - 0x80) & 0x00000000;
					} else {
						_push(0x60);
						_push(0x411934);
						_push( *((intOrPtr*)(_t99 - 0x64)));
						_push( *(_t99 - 0x68));
						L00401356();
						 *(_t99 - 0x80) = _t89;
					}
					L00401332();
				}
				asm("fldz");
				L004012C6();
				L0040137A();
				asm("fcomp qword [0x4011d8]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t104 != 0) {
					 *((intOrPtr*)(_t99 - 0x4c)) = 0x80020004;
					 *((intOrPtr*)(_t99 - 0x54)) = 0xa;
					 *((intOrPtr*)(_t99 - 0x3c)) = 0x80020004;
					 *((intOrPtr*)(_t99 - 0x44)) = 0xa;
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L00401260();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t78 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t99 + 8)))) + 0x2b0))( *((intOrPtr*)(_t99 + 8)), 0x10, 0x10);
					asm("fclex");
					 *(_t99 - 0x5c) = _t78;
					if( *(_t99 - 0x5c) >= 0) {
						 *(_t99 - 0x84) =  *(_t99 - 0x84) & 0x00000000;
					} else {
						_push(0x2b0);
						_push(0x411710);
						_push( *((intOrPtr*)(_t99 + 8)));
						_push( *(_t99 - 0x5c));
						L00401356();
						 *(_t99 - 0x84) = _t78;
					}
				}
				 *((intOrPtr*)(_t99 - 0x14)) = 0x7131b;
				asm("wait");
				_push(0x4130dc);
				 *((intOrPtr*)(_t99 - 0x58)) = _t99 - 0x2c;
				_t73 = _t99 - 0x58;
				_push(_t73);
				_push(0);
				L0040131A();
				return _t73;
			}














    0x00412ef9
    0x00412eff
    0x00412f01
    0x00412f04
    0x00412f0b
    0x00412f0f
    0x00412f17
    0x00412f1c
    0x00412f11
    0x00412f11
    0x00412f11
    0x00412f22
    0x00412f25
    0x00412f2b
    0x00412f31
    0x00412f37
    0x00412f38
    0x00412f3a
    0x00412f3b
    0x00412f3c
    0x00412f3f
    0x00412f44
    0x00412f49
    0x00412f4f
    0x00412f51
    0x00412f52
    0x00412f5f
    0x00412f79
    0x00412f61
    0x00412f61
    0x00412f66
    0x00412f6b
    0x00412f70
    0x00412f70
    0x00412f80
    0x00412f85
    0x00412f94
    0x00412f97
    0x00412f99
    0x00412fa0
    0x00412fb9
    0x00412fa2
    0x00412fa2
    0x00412fa4
    0x00412fa9
    0x00412fac
    0x00412faf
    0x00412fb4
    0x00412fb4
    0x00412fc0
    0x00412fc3
    0x00412fca
    0x00412fd4
    0x00412fde
    0x00412fdf
    0x00412fe0
    0x00412fe1
    0x00412fef
    0x00412ff2
    0x00412ff4
    0x00412ff7
    0x00412ffb
    0x00413014
    0x00412ffd
    0x00412ffd
    0x00412fff
    0x00413004
    0x00413007
    0x0041300a
    0x0041300f
    0x0041300f
    0x0041301b
    0x0041301b
    0x00413020
    0x00413022
    0x00413027
    0x0041302c
    0x00413032
    0x00413034
    0x00413035
    0x00413037
    0x0041303e
    0x00413045
    0x0041304c
    0x00413056
    0x00413060
    0x00413061
    0x00413062
    0x00413063
    0x00413067
    0x00413071
    0x00413072
    0x00413073
    0x00413074
    0x0041307d
    0x00413083
    0x00413085
    0x0041308c
    0x004130ab
    0x0041308e
    0x0041308e
    0x00413093
    0x00413098
    0x0041309b
    0x0041309e
    0x004130a3
    0x004130a3
    0x0041308c
    0x004130b2
    0x004130b9
    0x004130ba
    0x004130cd
    0x004130d0
    0x004130d3
    0x004130d4
    0x004130d6
    0x004130db

    APIs
    • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041196C,00000005), ref: 00412F17
    • #684.MSVBVM60(?,?,?), ref: 00412F3F
    • __vbaFpR8.MSVBVM60(?,?,?), ref: 00412F44
    • __vbaNew2.MSVBVM60(00411924,0041433C,?,?,?), ref: 00412F6B
    • __vbaHresultCheckObj.MSVBVM60(00000000,00000002,00411914,0000001C,?,?,?,?,?,?,?), ref: 00412FAF
    • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?), ref: 00412FD4
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411934,00000060,?,?,?,?,?,?,?), ref: 0041300A
    • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0041301B
    • _CIcos.MSVBVM60(?,?,?), ref: 00413022
    • __vbaFpR8.MSVBVM60(?,?,?), ref: 00413027
    • __vbaChkstk.MSVBVM60(?,?,?), ref: 00413056
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$CheckChkstkHresult$#684BoundsErrorFreeGenerateIcosNew2
    • String ID: <CA$Magterobringen
    • API String ID: 3675492368-3107163244
    • Opcode ID: a2a906dd7d5c5a19ca434e4ae96cb237499aa614778520e5c24c8353c73377e9
    • Instruction ID: 525bdb6530c3665c60cd114f0523bedf55c686b7870062949df2954ae7619b02
    • Opcode Fuzzy Hash: a2a906dd7d5c5a19ca434e4ae96cb237499aa614778520e5c24c8353c73377e9
    • Instruction Fuzzy Hash: CF510270D00608EFDB01EFE5C945ADDBBB1BF08304F20406AE915BB2A5C7B95A96DF49
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00413325, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116COMMON
    Download Yara Rule
    C-Code - Quality: 60%
    			E00413325(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				short _v28;
				short _v32;
				char _v36;
				void* _v40;
				signed int _v44;
				signed int _v48;
				void* _v52;
				signed int _v56;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				void* _t53;
				signed int _t59;
				signed int _t64;
				short _t65;
				signed int _t68;
				void* _t74;
				void* _t76;
				intOrPtr* _t77;

				_t77 = _t76 - 0xc;
				 *[fs:0x0] = _t77;
				L00401260();
				_v16 = _t77;
				_v12 = 0x401248;
				_v8 = 0;
				_t53 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x38,  *[fs:0x0], 0x401266, _t74);
				_push(0x4119b8);
				L004012FC();
				asm("fcomp qword [0x4011e0]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					L004012F6();
					_v52 =  *0x40123c;
					_v56 =  *0x401238;
					 *_t77 =  *0x401234;
					 *_t77 =  *0x401230;
					_t68 =  *((intOrPtr*)( *_a4 + 0x2c8))(_a4, 6, __ecx, __ecx, __ecx, __ecx, _t53);
					asm("fclex");
					_v44 = _t68;
					if(_v44 >= 0) {
						_t15 =  &_v68;
						 *_t15 = _v68 & 0x00000000;
						__eflags =  *_t15;
					} else {
						_push(0x2c8);
						_push(0x411710);
						_push(_a4);
						_push(_v44);
						L00401356();
						_v68 = _t68;
					}
				}
				if( *0x41433c != 0) {
					_v72 = 0x41433c;
				} else {
					_push(0x41433c);
					_push(0x411924);
					L00401338();
					_v72 = 0x41433c;
				}
				_t19 =  &_v72; // 0x41433c
				_v44 =  *((intOrPtr*)( *_t19));
				_t59 =  *((intOrPtr*)( *_v44 + 0x14))(_v44,  &_v36);
				asm("fclex");
				_v48 = _t59;
				if(_v48 >= 0) {
					_t30 =  &_v76;
					 *_t30 = _v76 & 0x00000000;
					__eflags =  *_t30;
				} else {
					_push(0x14);
					_push(0x411914);
					_push(_v44);
					_push(_v48);
					L00401356();
					_v76 = _t59;
				}
				_v52 = _v36;
				_t64 =  *((intOrPtr*)( *_v52 + 0x120))(_v52,  &_v40);
				asm("fclex");
				_v56 = _t64;
				if(_v56 >= 0) {
					_t43 =  &_v80;
					 *_t43 = _v80 & 0x00000000;
					__eflags =  *_t43;
				} else {
					_push(0x120);
					_push(0x4119bc);
					_push(_v52);
					_push(_v56);
					L00401356();
					_v80 = _t64;
				}
				_t65 = _v40;
				_v32 = _t65;
				L00401332();
				_v28 = 0xf6;
				asm("wait");
				_push(0x4134b5);
				return _t65;
			}


























    0x00413328
    0x00413337
    0x00413341
    0x00413349
    0x0041334c
    0x00413353
    0x00413362
    0x00413365
    0x0041336a
    0x0041336f
    0x00413375
    0x00413377
    0x00413378
    0x00413380
    0x0041338d
    0x00413397
    0x004133a1
    0x004133ab
    0x004133b8
    0x004133be
    0x004133c0
    0x004133c7
    0x004133e3
    0x004133e3
    0x004133e3
    0x004133c9
    0x004133c9
    0x004133ce
    0x004133d3
    0x004133d6
    0x004133d9
    0x004133de
    0x004133de
    0x004133c7
    0x004133ee
    0x00413408
    0x004133f0
    0x004133f0
    0x004133f5
    0x004133fa
    0x004133ff
    0x004133ff
    0x0041340f
    0x00413414
    0x00413423
    0x00413426
    0x00413428
    0x0041342f
    0x00413448
    0x00413448
    0x00413448
    0x00413431
    0x00413431
    0x00413433
    0x00413438
    0x0041343b
    0x0041343e
    0x00413443
    0x00413443
    0x0041344f
    0x0041345e
    0x00413464
    0x00413466
    0x0041346d
    0x00413489
    0x00413489
    0x00413489
    0x0041346f
    0x0041346f
    0x00413474
    0x00413479
    0x0041347c
    0x0041347f
    0x00413484
    0x00413484
    0x0041348d
    0x00413491
    0x00413498
    0x0041349d
    0x004134a3
    0x004134a4
    0x00000000

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00413341
    • __vbaR8Str.MSVBVM60(004119B8,?,?,?,?,00401266), ref: 0041336A
    • __vbaFpI4.MSVBVM60(004119B8,?,?,?,?,00401266), ref: 00413380
    • __vbaHresultCheckObj.MSVBVM60(00000000,00401248,00411710,000002C8), ref: 004133D9
    • __vbaNew2.MSVBVM60(00411924,0041433C,004119B8,?,?,?,?,00401266), ref: 004133FA
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411914,00000014), ref: 0041343E
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,004119BC,00000120), ref: 0041347F
    • __vbaFreeObj.MSVBVM60 ref: 00413498
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$CheckHresult$ChkstkFreeNew2
    • String ID: <CA
    • API String ID: 1616694062-146778150
    • Opcode ID: d9a59db3aedea48ea2d3895841f7be0770218376334a20a09cccb8dfba4acfba
    • Instruction ID: b507a32febf6c15306d540ad58e6aeb47483f4a271ecd4b8e4a39414605d02e5
    • Opcode Fuzzy Hash: d9a59db3aedea48ea2d3895841f7be0770218376334a20a09cccb8dfba4acfba
    • Instruction Fuzzy Hash: 16411271A00208EFDB01AF95CA49BDDBFB4FF08705F1080AAF501B62A1C7785A95DF69
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00412D3C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 98COMMON
    Download Yara Rule
    C-Code - Quality: 33%
    			E00412D3C(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long _v28;
				void* _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				signed int _v48;
				signed int _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _t44;
				signed int _t50;
				signed int _t56;
				intOrPtr _t64;

				_push(0x401266);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t64;
				_push(0x30);
				L00401260();
				_v12 = _t64;
				_v8 = 0x4011c8;
				L004012DE();
				L0040137A();
				asm("fcomp qword [0x4011b8]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					_t56 =  *((intOrPtr*)( *_a4 + 0x254))(_a4, 0x30ef);
					asm("fclex");
					_v36 = _t56;
					if(_v36 >= 0) {
						_t11 =  &_v56;
						 *_t11 = _v56 & 0x00000000;
						__eflags =  *_t11;
					} else {
						_push(0x254);
						_push(0x411710);
						_push(_a4);
						_push(_v36);
						L00401356();
						_v56 = _t56;
					}
				}
				_t44 = 0;
				if(0 != 0) {
					if( *0x41433c != 0) {
						_v60 = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x411924);
						L00401338();
						_v60 = 0x41433c;
					}
					_t15 =  &_v60; // 0x41433c
					_v36 =  *((intOrPtr*)( *_t15));
					_t50 =  *((intOrPtr*)( *_v36 + 0x1c))(_v36,  &_v32);
					asm("fclex");
					_v40 = _t50;
					if(_v40 >= 0) {
						_t26 =  &_v64;
						 *_t26 = _v64 & 0x00000000;
						__eflags =  *_t26;
					} else {
						_push(0x1c);
						_push(0x411914);
						_push(_v36);
						_push(_v40);
						L00401356();
						_v64 = _t50;
					}
					_v44 = _v32;
					_t44 =  *((intOrPtr*)( *_v44 + 0x50))(_v44);
					asm("fclex");
					_v48 = _t44;
					if(_v48 >= 0) {
						_t38 =  &_v68;
						 *_t38 = _v68 & 0x00000000;
						__eflags =  *_t38;
					} else {
						_push(0x50);
						_push(0x411934);
						_push(_v44);
						_push(_v48);
						L00401356();
						_v68 = _t44;
					}
					L00401332();
				}
				_v28 =  *0x4011b0;
				asm("wait");
				_push(0x412e89);
				return _t44;
			}



















    0x00412d41
    0x00412d4c
    0x00412d4d
    0x00412d54
    0x00412d57
    0x00412d5f
    0x00412d62
    0x00412d6f
    0x00412d74
    0x00412d79
    0x00412d7f
    0x00412d81
    0x00412d82
    0x00412d91
    0x00412d97
    0x00412d99
    0x00412da0
    0x00412dbc
    0x00412dbc
    0x00412dbc
    0x00412da2
    0x00412da2
    0x00412da7
    0x00412dac
    0x00412daf
    0x00412db2
    0x00412db7
    0x00412db7
    0x00412da0
    0x00412dc0
    0x00412dc4
    0x00412dd1
    0x00412deb
    0x00412dd3
    0x00412dd3
    0x00412dd8
    0x00412ddd
    0x00412de2
    0x00412de2
    0x00412df2
    0x00412df7
    0x00412e06
    0x00412e09
    0x00412e0b
    0x00412e12
    0x00412e2b
    0x00412e2b
    0x00412e2b
    0x00412e14
    0x00412e14
    0x00412e16
    0x00412e1b
    0x00412e1e
    0x00412e21
    0x00412e26
    0x00412e26
    0x00412e32
    0x00412e3d
    0x00412e40
    0x00412e42
    0x00412e49
    0x00412e62
    0x00412e62
    0x00412e62
    0x00412e4b
    0x00412e4b
    0x00412e4d
    0x00412e52
    0x00412e55
    0x00412e58
    0x00412e5d
    0x00412e5d
    0x00412e69
    0x00412e69
    0x00412e74
    0x00412e77
    0x00412e78
    0x00000000

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00412D57
    • _CIsqrt.MSVBVM60(?,?,?,?,00401266), ref: 00412D6F
    • __vbaFpR8.MSVBVM60(?,?,?,?,00401266), ref: 00412D74
    • __vbaHresultCheckObj.MSVBVM60(?,?,00411710,00000254,?,?,?,?,00401266), ref: 00412DB2
    • __vbaNew2.MSVBVM60(00411924,0041433C,?,?,?,?,00401266), ref: 00412DDD
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411914,0000001C,?,?,?,?,?,?,?,?,?,?,?,00401266), ref: 00412E21
    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411934,00000050,?,?,?,?,?,?,?,?,?,?,?,00401266), ref: 00412E58
    • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401266), ref: 00412E69
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$CheckHresult$ChkstkFreeIsqrtNew2
    • String ID: <CA
    • API String ID: 987039556-146778150
    • Opcode ID: 2953ef1947a48af8088256e75183ac905db6f919dfd52294314112659d2734c5
    • Instruction ID: 8592095bb9006046a63b1e8a83fac97a1ba0381722b093ff33aad11ffb296712
    • Opcode Fuzzy Hash: 2953ef1947a48af8088256e75183ac905db6f919dfd52294314112659d2734c5
    • Instruction Fuzzy Hash: 11413571A10608EFDF00AFA5DA49BDDBBB4FB08714F10406AF501B62A0D7B85890DF28
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004130F7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
    Download Yara Rule
    C-Code - Quality: 55%
    			E004130F7(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v28;
				char _v44;
				intOrPtr _v52;
				char _v60;
				intOrPtr _v68;
				char _v76;
				intOrPtr _v84;
				char _v92;
				char* _v100;
				intOrPtr _v108;
				char* _t30;
				void* _t43;
				void* _t45;
				intOrPtr _t46;

				asm("in al, dx");
				_t46 = _t45 - 0xc;
				 *[fs:0x0] = _t46;
				L00401260();
				_v16 = _t46;
				_v12 = 0x4011f8;
				_v8 = 0;
				_t30 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x401266, _t43);
				_push(0x411988);
				L00401314();
				if(_t30 != 2) {
					_v84 = 0x80020004;
					_v92 = 0xa;
					_v68 = 0x80020004;
					_v76 = 0xa;
					_v52 = 0x80020004;
					_v60 = 0xa;
					_v100 = L"HEPATATROPHY";
					_v108 = 8;
					L0040136E();
					_push( &_v92);
					_push( &_v76);
					_push( &_v60);
					_push(0);
					_push( &_v44);
					L0040130E();
					_push( &_v92);
					_push( &_v76);
					_push( &_v60);
					_t30 =  &_v44;
					_push(_t30);
					_push(4);
					L00401308();
				}
				_push(0x4119b0);
				L00401302();
				if(_t30 == 0x61) {
					_v28 = 0x32bb;
				}
				_push(0x4131f7);
				return _t30;
			}




















    0x004130f9
    0x004130fa
    0x00413109
    0x00413115
    0x0041311d
    0x00413120
    0x00413127
    0x00413136
    0x00413139
    0x0041313e
    0x00413146
    0x00413148
    0x0041314f
    0x00413156
    0x0041315d
    0x00413164
    0x0041316b
    0x00413172
    0x00413179
    0x00413186
    0x0041318e
    0x00413192
    0x00413196
    0x00413197
    0x0041319c
    0x0041319d
    0x004131a5
    0x004131a9
    0x004131ad
    0x004131ae
    0x004131b1
    0x004131b2
    0x004131b4
    0x004131b9
    0x004131bc
    0x004131c1
    0x004131ca
    0x004131ce
    0x004131ce
    0x004131d4
    0x00000000

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00413115
    • __vbaLenBstrB.MSVBVM60(00411988,?,?,?,?,00401266), ref: 0041313E
    • __vbaVarDup.MSVBVM60 ref: 00413186
    • #595.MSVBVM60(?,00000000,0000000A,0000000A,0000000A), ref: 0041319D
    • __vbaFreeVarList.MSVBVM60(00000004,?,0000000A,0000000A,0000000A,?,00000000,0000000A,0000000A,0000000A), ref: 004131B4
    • #516.MSVBVM60(004119B0,00411988,?,?,?,?,00401266), ref: 004131C1
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$#516#595BstrChkstkFreeList
    • String ID: HEPATATROPHY
    • API String ID: 3121728414-4183309565
    • Opcode ID: 431c4a0a859949d8de2dc821ac5c61e5d0d3abaf25b24ab74cda3f40c6a11a89
    • Instruction ID: db42428a220ed778dc2b5309cd45c225f451560ebccae3ac57770938b3bf322e
    • Opcode Fuzzy Hash: 431c4a0a859949d8de2dc821ac5c61e5d0d3abaf25b24ab74cda3f40c6a11a89
    • Instruction Fuzzy Hash: 16210CB194024CABDB01DFD4C895FDEBBB8FF04704F54402AF501BA191D7789589CBA9
    Uniqueness

    Uniqueness Score: -1.00%

    Function 004130F9, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
    Download Yara Rule
    C-Code - Quality: 55%
    			E004130F9(void* __ebx, void* __edi, void* __esi) {
				void* _t30;
				void* _t43;
				void* _t44;
				intOrPtr _t45;

				asm("in al, dx");
				_t45 = _t44 - 0xc;
				 *[fs:0x0] = _t45;
				L00401260();
				 *((intOrPtr*)(_t43 - 0xc)) = _t45;
				 *((intOrPtr*)(_t43 - 8)) = 0x4011f8;
				 *((intOrPtr*)(_t43 - 4)) = 0;
				_t30 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t43 + 8)))) + 4))( *((intOrPtr*)(_t43 + 8)), __edi, __esi, __ebx,  *[fs:0x0], 0x401266);
				_push(0x411988);
				L00401314();
				if(_t30 != 2) {
					 *((intOrPtr*)(_t43 - 0x50)) = 0x80020004;
					 *((intOrPtr*)(_t43 - 0x58)) = 0xa;
					 *((intOrPtr*)(_t43 - 0x40)) = 0x80020004;
					 *((intOrPtr*)(_t43 - 0x48)) = 0xa;
					 *((intOrPtr*)(_t43 - 0x30)) = 0x80020004;
					 *((intOrPtr*)(_t43 - 0x38)) = 0xa;
					 *(_t43 - 0x60) = L"HEPATATROPHY";
					 *((intOrPtr*)(_t43 - 0x68)) = 8;
					L0040136E();
					_push(_t43 - 0x58);
					_push(_t43 - 0x48);
					_push(_t43 - 0x38);
					_push(0);
					_push(_t43 - 0x28);
					L0040130E();
					_push(_t43 - 0x58);
					_push(_t43 - 0x48);
					_push(_t43 - 0x38);
					_t30 = _t43 - 0x28;
					_push(_t30);
					_push(4);
					L00401308();
				}
				_push(0x4119b0);
				L00401302();
				if(_t30 == 0x61) {
					 *((short*)(_t43 - 0x18)) = 0x32bb;
				}
				_push(0x4131f7);
				return _t30;
			}







    0x004130f9
    0x004130fa
    0x00413109
    0x00413115
    0x0041311d
    0x00413120
    0x00413127
    0x00413136
    0x00413139
    0x0041313e
    0x00413146
    0x00413148
    0x0041314f
    0x00413156
    0x0041315d
    0x00413164
    0x0041316b
    0x00413172
    0x00413179
    0x00413186
    0x0041318e
    0x00413192
    0x00413196
    0x00413197
    0x0041319c
    0x0041319d
    0x004131a5
    0x004131a9
    0x004131ad
    0x004131ae
    0x004131b1
    0x004131b2
    0x004131b4
    0x004131b9
    0x004131bc
    0x004131c1
    0x004131ca
    0x004131ce
    0x004131ce
    0x004131d4
    0x00000000

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 00413115
    • __vbaLenBstrB.MSVBVM60(00411988,?,?,?,?,00401266), ref: 0041313E
    • __vbaVarDup.MSVBVM60 ref: 00413186
    • #595.MSVBVM60(?,00000000,0000000A,0000000A,0000000A), ref: 0041319D
    • __vbaFreeVarList.MSVBVM60(00000004,?,0000000A,0000000A,0000000A,?,00000000,0000000A,0000000A,0000000A), ref: 004131B4
    • #516.MSVBVM60(004119B0,00411988,?,?,?,?,00401266), ref: 004131C1
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$#516#595BstrChkstkFreeList
    • String ID: HEPATATROPHY
    • API String ID: 3121728414-4183309565
    • Opcode ID: 49a369bd357817802bb02a7221dfa0243ed4f9f4ee2cce0f897570e18e2922fd
    • Instruction ID: 7eadaeade0193f60bd56c2a49af1727505c78a3f2d197e62f1cb393bc7874e4e
    • Opcode Fuzzy Hash: 49a369bd357817802bb02a7221dfa0243ed4f9f4ee2cce0f897570e18e2922fd
    • Instruction Fuzzy Hash: 6F21F9B1940248EBDB01DFD4C885FCEBFB8FB04704F54412AF601BA191D7789689CB69
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00413220, Relevance: 12.1, APIs: 8, Instructions: 70COMMON
    Download Yara Rule
    C-Code - Quality: 54%
    			E00413220(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _v24;
				char _v32;
				char _v40;
				signed int _v60;
				signed int _v68;
				void* _t20;
				char* _t21;
				signed int _t24;
				intOrPtr* _t35;

				_push(__ecx);
				_push(__ecx);
				_push(0x401266);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t35;
				_t20 = 0x30;
				L00401260();
				_v12 = _t35;
				_v8 = 0x401220;
				_push(0x4119b8);
				L004012FC();
				asm("fcomp qword [0x4011e0]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					L004012F6();
					 *_t35 =  *0x401214;
					 *_t35 =  *0x401210;
					 *_t35 =  *0x40120c;
					 *_t35 =  *0x401208;
					_t24 =  *((intOrPtr*)( *_a4 + 0x2c8))(_a4, 6, __ecx, __ecx, __ecx, __ecx, _t20);
					asm("fclex");
					_v60 = _t24;
					if(_v60 >= 0) {
						_t11 =  &_v68;
						 *_t11 = _v68 & 0x00000000;
						__eflags =  *_t11;
					} else {
						_push(0x2c8);
						_push(0x411710);
						_push(_a4);
						_push(_v60);
						L00401356();
						_v68 = _t24;
					}
				}
				_v32 = 2;
				_v40 = 2;
				_t21 =  &_v40;
				_push(_t21);
				L004012F0();
				L004013B6();
				L004013C2();
				asm("wait");
				_push(0x413312);
				L004013AA();
				return _t21;
			}














    0x00413223
    0x00413224
    0x00413225
    0x00413230
    0x00413231
    0x0041323a
    0x0041323b
    0x00413243
    0x00413246
    0x0041324d
    0x00413252
    0x00413257
    0x0041325d
    0x0041325f
    0x00413260
    0x00413268
    0x00413275
    0x0041327f
    0x00413289
    0x00413293
    0x004132a0
    0x004132a6
    0x004132a8
    0x004132af
    0x004132cb
    0x004132cb
    0x004132cb
    0x004132b1
    0x004132b1
    0x004132b6
    0x004132bb
    0x004132be
    0x004132c1
    0x004132c6
    0x004132c6
    0x004132af
    0x004132cf
    0x004132d6
    0x004132dd
    0x004132e0
    0x004132e1
    0x004132eb
    0x004132f3
    0x004132f8
    0x004132f9
    0x0041330c
    0x00413311

    APIs
    • __vbaChkstk.MSVBVM60(?,00401266), ref: 0041323B
    • __vbaR8Str.MSVBVM60(004119B8,?,?,?,?,00401266), ref: 00413252
    • __vbaFpI4.MSVBVM60(004119B8,?,?,?,?,00401266), ref: 00413268
    • __vbaHresultCheckObj.MSVBVM60(?,?,00411710,000002C8,?,?,?,?,00000000,004119B8,?,?,?,?,00401266), ref: 004132C1
    • #536.MSVBVM60(?,004119B8,?,?,?,?,00401266), ref: 004132E1
    • __vbaStrMove.MSVBVM60(?,004119B8,?,?,?,?,00401266), ref: 004132EB
    • __vbaFreeVar.MSVBVM60(?,004119B8,?,?,?,?,00401266), ref: 004132F3
    • __vbaFreeStr.MSVBVM60(00413312,?,004119B8,?,?,?,?,00401266), ref: 0041330C
    Memory Dump Source
    • Source File: 00000001.00000002.1048135153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.1048127172.0000000000400000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048162689.0000000000414000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.1048172175.0000000000416000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_Orden de Compra.jbxd
    Similarity
    • API ID: __vba$Free$#536CheckChkstkHresultMove
    • String ID:
    • API String ID: 2640481455-0
    • Opcode ID: d4cb482d82209849e466df2697f95f3a94060f56b0fc37ea9336410b8aa3de78
    • Instruction ID: 72c2c09aa0438d7caf52b85fe711c5eba0541bd13cb1828b95037591469e623e
    • Opcode Fuzzy Hash: d4cb482d82209849e466df2697f95f3a94060f56b0fc37ea9336410b8aa3de78
    • Instruction Fuzzy Hash: D02139B0901108EFDB00AF91C94ABAEBBB4FB04B45F1045AEF141B61B1DB785A50DB5D
    Uniqueness

    Uniqueness Score: -1.00%